I have a remote MySQL Server that requires me to use SSL for connections. I can connect to it using my terminal. But when I try to connect to it using PHP, I get the following error:
SSL3_GET_RECORD:wrong version number
It seems like the OPENSSL Handshake fails and the reason could be that my PHP is trying to connect to it using SSL3. The MySQL Server supports only TLSv1.2. Is there a way to force PHP to connect using TLSv1.2 ?
Here is my code used to connect:
<?php
ini_set ('error_reporting', E_ALL);
ini_set ('display_errors', '1');
error_reporting (E_ALL|E_STRICT);
$db = mysqli_init();
mysqli_options ($db, MYSQLI_OPT_SSL_VERIFY_SERVER_CERT, true);
$db->ssl_set(NULL, NULL, '/path/to/ca-cert.pem' , NULL, NULL);
$link = mysqli_real_connect ($db, 'hostname', 'user', 'password', 'dbname', 3306, NULL, MYSQLI_CLIENT_SSL);
if (!$link)
{
die ('Connect error (' . mysqli_connect_errno() . '): ' . mysqli_connect_error() . "\n");
} else {
$res = $db->query('SHOW TABLES;');
print_r ($res);
$db->close();
}
?>
Things I have tried and possible problems:
- Seems like openssl version mismatch. I can connect using my terminal and not PHP, so I checked my openssl version in the terminal with the one I get using phpinfo(), they were the same
- PHP is possibly using SSL3 to connect, and the server only supports TLSv1.2, I wasn't able to find a way to force PHP connections to MySQL using TLSv1.2
- I tried to observe the handshake using tcpdump/Wireshark, but I don't think the process even starts since there is a version mismatch.
- I confirmed using "openssl s_client -debug" that the server doesn't support SSL3 which makes me think this is an issue on my computer, but not sure.
- The reason I say my client might be using SSL3 is because of SSL3_GET_RECORD, I don't know for sure if I'm right in that too.
So, in short, Help!
Environment:
PHP 7.0.18
MySQL Server Enterprise version 5.7.18
OpenSSL 1.0.2g
OS: Windows 7, Ubuntu 16.04. Tried on both
