Join Log in
Score:2
avatar Server

'--ssl=off' Error in Mysql 8.0.26 service startup

ph flag
oucil

I'm seeing an odd error in the mysqld.service status notes...

The syntax '--ssl=off' is deprecated and will be removed in a future release. Please use --tls-version=invalid instead.

The thing is I've disabled SSL using skip_ssl in the /etc/my.cnf and I don't see any vars relating to SSL defined in /etc/my.cnf.d/*. I've also checked in /etc/systemd/system/mysqld.service.d/override.conf and the only thing I've set is LimitNOFILE.

The --ssl=off setting is a command line start up variable, so where could this error be coming from? Is there a new way to disable SSL other than skip_ssl?

I'm on Rockly Linux 8, and MySQL 8.0.26.

The pertaining documentation, including the deprecation note can be found here: https://dev.mysql.com/doc/refman/8.0/en/server-options.html

521
0 + 0
Score:2
avatar Server
ph flag
oucil

I found in the docs finally that the skip_ssl is actually the same variable in cnf format that --ssl is in command line, so it was the error message ambiguity that led to my confusion.

The fix for this is to replace skip_ssl with tls_version='' as the former is now deprecated as of MySQL 8.0.26.

This has led to a number of new ssl related errors in the status so I'll post any notes I can after I solve them, hopefully this helps alleviate any confusion and saves you some time.

With regard to the new errors when using tls_version=''...

[Warning] ... [Server] Failed to initialize TLS for channel: mysql_main. See below for the description of exact issue.
[Warning] ... [Server] Failed to set up SSL because of the following SSL library error: TLS version is invalid
[Warning] ... [Server] Plugin mysqlx reported: 'Failed at SSL configuration: "SSL context is not usable without certificate and private key"'

There is an open bug report at oracle outlining this behaviour, which I've added my voice to.

0 + 0
de flag
Ned64
According to your original error message, your solution `--tls-version=''` should be replaced by `--tls-version=invalid`. Perhaps that will avoid running into another deprecated parameter message in the future.
0
Reply
ph flag
oucil
@Ned64 thanks for the suggestion, but that's the command line option, the documentation indicates `tls_version=''` be used in the `my.cnf` format. https://dev.mysql.com/doc/refman/8.0/en/server-options.html
0
Reply
de flag
Ned64
OK, thanks, I didn't know. Perhaps link the documentation in your Answer.
0
Reply
Bachsau avatar
ae flag
Bachsau
I doesn't matter if you're using underscores or dashes, and it also doesn't make a difference if the value is empty or "invalid". It always results in the server not starting with a log message of "Option --tls-version or --admin-tls-version is set to an invalid value", so I would stay with `skip-ssl` for the time being. I guess it's a bug or some MySQL developer is a real idiot. They also consider "default_authentication_plugin" deprecated, yet it's still the only way to set a default, if the first method in "authentication_policy" is "*" while deprecated things should in fact be dispensable.
0
Reply
Score:1
PBobbenB avatar Server
sn flag
PBobbenB

The function of the option --tls-version='' has now been fixed in MySQL 8.0.31:

https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-31.html

The alternative for the deprecated --ssl=off server option to disable the use of encrypted connections was not working as documented, or as presented in the deprecation warning. Setting the tls_version system variable to the empty value (tls_version='') now works correctly for this purpose. (Bug #106459, Bug #33858646)

+ 0
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.