You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@airflow.apache.org by GitBox <gi...@apache.org> on 2022/01/22 11:26:56 UTC

[GitHub] [airflow] ruben-ortiz-buybay commented on pull request #20912: Switch to new MySQL public key

ruben-ortiz-buybay commented on pull request #20912:
URL: https://github.com/apache/airflow/pull/20912#issuecomment-1019197277


   One of the side effects of this change, for the previous images, is that some packages versions for MySQL change, from 8.0.27-1debian10 to 8.0.28-1debian10 (mysql-client and libmysqlclient21) In my case, this change on versions ends in an error, connecting to AWS RDS Mysql:
   
   MySQLdb._exceptions.OperationalError: (2026, 'SSL connection error: error:1425F102:SSL routines:ssl_choose_client_version:unsupported protocol')
   
   Checking the changelog for version 8.0.28 ( https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-28.html ) includes an important change that can affect legacy systems:
   
   > Support for the TLSv1 and TLSv1.1 connection protocols is removed as of MySQL 8.0.28. The protocols were deprecated from MySQL 8.0.26. For background, refer to the IETF memo Deprecating TLSv1.0 and TLSv1.1. Make connections using the more-secure TLSv1.2 and TLSv1.3 protocols. TLSv1.3 requires that both the MySQL Server software and the client application were compiled with OpenSSL 1.1.1 or higher. 
   
   A workaround the issue is using docker images by SHA and not by version (and adding the new key if package updates are needed)
   
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@airflow.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org