MySQL客户端和服务器无法通信,因为它们不具有通用算法 [英] MySQL The client and server cannot communicate, because they do not possess a common algorithm
问题描述
我正在AWS服务器上运行以下代码,试图连接到AWS提供的mysql服务:
I'm running the following code on a AWS server, trying to connect to a mysql service provided by AWS:
String conn = buildConnString(dc);
MySqlConnection connection = new MySqlConnection(conn);
connection.Open();
我收到以下异常消息和堆栈跟踪:
I'm getting the following exception message and stack trace:
Exception: The client and server cannot communicate, because they do not possess a common algorithm
StackTrace: at System.Net.SSPIWrapper.AcquireCredentialsHandle(SSPIInterface SecModule, String package, CredentialUse intent, SecureCredential scc)
at System.Net.Security.SecureChannel.AcquireCredentialsHandle(CredentialUse credUsage, SecureCredential& secureCredential)
at System.Net.Security.SecureChannel.AcquireClientCredentials(Byte[]& thumbPrint)
at System.Net.Security.SecureChannel.GenerateToken(Byte[] input, Int32 offset, Int32 count, Byte[]& output)
at System.Net.Security.SecureChannel.NextMessage(Byte[] incoming, Int32 offset, Int32 count)
at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ForceAuthentication(Boolean receiveFirst, Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessAuthentication(LazyAsyncResult lazyResult)
at System.Net.Security.SslStream.AuthenticateAsClient(String targetHost, X509CertificateCollection clientCertificates, SslProtocols enabledSslProtocols, Boolean checkCertificateRevocation)
at MySql.Data.MySqlClient.NativeDriver.StartSSL()
at MySql.Data.MySqlClient.NativeDriver.Open()
at MySql.Data.MySqlClient.Driver.Open()
at MySql.Data.MySqlClient.Driver.Create(MySqlConnectionStringBuilder settings)
at MySql.Data.MySqlClient.MySqlPool..ctor(MySqlConnectionStringBuilder settings)
at MySql.Data.MySqlClient.MySqlPoolManager.GetPool(MySqlConnectionStringBuilder settings)
at MySql.Data.MySqlClient.MySqlConnection.Open()
我正在运行.Net 4.6.2,并且在服务器Windows Server 2008 R2 Datacenter上启用了TLS 1.2,该如何解决这个问题?
I'm running .Net 4.6.2 and TLS 1.2 is enabled on the server: OS Windows Server 2008 R2 Datacenter, what can I try to overcome this issue?
我终于通过在连接字符串中添加SslMode=None来解决了这个问题
I finally solved the issue by adding SslMode=None in the connection string
推荐答案
来自
与新数据库实例的连接失败的两个常见原因是:
Two common causes of connection failures to a new DB instance are: 数据库实例是使用不具有安全性的组创建的
授权来自设备或Amazon EC2实例的连接,其中
MySQL应用程序或实用程序正在运行.如果数据库实例是
在VPC中创建,它必须具有授权的VPC安全组
连接.如果数据库实例是在VPC外部创建的,则它将
必须具有授权连接的数据库安全组. The DB instance was created using a security group that does not
authorize connections from the device or Amazon EC2 instance where the
MySQL application or utility is running. If the DB instance was
created in a VPC, it must have a VPC security group that authorizes
the connections. If the DB instance was created outside of a VPC, it
must have a DB security group that authorizes the connections. 数据库
实例是使用默认端口3306创建的,并且您的公司
有防火墙规则阻止从中的设备到该端口的连接
您的公司网络.要解决此故障,请使用以下命令重新创建实例
一个不同的端口. The DB
instance was created using the default port of 3306, and your company
has firewall rules blocking connections to that port from devices in
your company network. To fix this failure, recreate the instance with
a different port. 您可以在与
Amazon RDS MySQL数据库实例.有关信息,请参阅将SSL与MySQL DB结合使用实例. You can use SSL encryption on connections to an
Amazon RDS MySQL DB instance. For information, see Using SSL with a MySQL DB Instance. 虽然在继续操作之前,我将确认选项1和2不是这种情况,但是一旦您删除了显而易见的选项,请直接访问MySQL服务器并输入以下命令来检查您的权限: While I would confirm that option 1 and 2 are not the case before proceeding, once you've discounted the obvious, check you permissions by accessing the MySQL server directly, and typing: 如果出现与SSL相关的内容,则说明发生了以下两种情况之一: If something relating to SSL shows up, then one of two things are happening: 您未在代码中正确包含SSL证书 You are not properly including an SSL certificate in your code 您未在代码中包含SSL证书的正确部分. You are not including the correct part of the SSL certificate in your code. 关注本教程并确保您运行正确的SSL证书.您应该能够重建证书并成功运行. Follow this tutorial and ensure you are running the right SSL certificate. You should be able to rebuild your certificate and run successfully. 在上面的链接中,如果您使用SSL加密,则您的最终代码应如下所示: From the link above, if you have SSL encryption, your end code should look something like this: 如果未显示任何内容,或者您收到注释 If nothing shows up or you receive the error explained in the comments 在MySQL shell上: On the MySQL shell: 如果在主机中看到通配符,则表示用户可以从任何地方登录.虽然非常不安全,但这可能正是您要寻找的.然后,您可以返回并使用 If you see a wildcard in the host, it means that a user can log in from anywhere. While horribly insecure, this may be what you're looking for. You can then go back and use 请注意,您可能会看到以下内容: Please note that you may see something like this: 如果您的域是 If your domain is
您将完全无法连接到MySQL实例.您将需要创建一个与您的主机匹配的用户.
You will be unable to connect to your MySQL instance at all. You will need to create a user that matches your host. 如果您想要SSL: 这篇关于MySQL客户端和服务器无法通信,因为它们不具有通用算法的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
SHOW GRANTS FOR 'myuser'@'localhost'
using (MySqlConnection connection = new MySqlConnection(
"database=test;user=sslclient;" +
"CertificateFile=H:\\bzr\\mysql-trunk\\mysql-test\\std_data\\client.pfx" +
"CertificatePassword=pass;" +
"SSL Mode=Required "))
{
connection.Open();
}
\path\to\client.pfx是.pfx文件的路径.Error Code: 1141 There is no such grant defined for user '***' on host '***.***.***'中所述的错误,则可以另一种方式检查用户权限.Error Code: 1141 There is no such grant defined for user '***' on host '***.***.***', you can check your user permissions another way.select * from mysql.user where User='<myuser>';
SHOW GRANTS完全镜像您的返回查询中显示的主机名.SHOW GRANTS mirroring the host name exactly as it shows up in your return query.Host
-----
%.myhostname.tld
subdomain.myhostname.tld,则此通配符匹配,您将使用:subdomain.myhostname.tld then this wildcard matches, and you would use:SHOW GRANTS FOR 'myuser'@'%.myhostname.tld';
如果您没有具有任何匹配权限的用户
If you don't have a user with any matching permissions
CREATE USER 'myuser'@'myhost' IDENTIFIED BY '<password>';
GRANT ALL ON <database>.* TO 'myuser'@'myhost';
GRANT ALL ON <database>.* TO 'myuser'@'myhost' REQUIRE SSL;
