Error when loading/dumping database schema "ERROR 2026 (HY000): TLS/SSL error: SSL is required, but the server does not support it". No option for "--skip-ssl" for mariadb

[omergy]

Laravel Version

11

PHP Version

8.3

Database Driver & Version

Mariadb

Description

mariadb-client versions 11+ sets the --ssl option to true per default.
This causes the following error whenever you load or dump a schema:

ERROR 2026 (HY000): TLS/SSL error: SSL is required, but the server does not support it

This can be avoided by using the --skip-ssl command, but Laravel has no option to enter/configure it.

Steps To Reproduce

Example with dumping:

• install mariadb-client 11 or higher
• php artisan schema:dump
• error

Example with loading:

• install mariadb-client 11 or higher
• add a dump to database/schema
• in tests/TestCase.php add use RefreshDatabase trait

namespace Tests;

use Illuminate\Foundation\Testing\RefreshDatabase;
use Illuminate\Foundation\Testing\TestCase as BaseTestCase;

abstract class TestCase extends BaseTestCase
{
  use RefreshDatabase;
}

• php artisan test
• error

[github-actions]

Thank you for reporting this issue!

As Laravel is an open source project, we rely on the community to help us diagnose and fix issues as it is not possible to research and fix every issue reported to us via GitHub.

If possible, please make a pull request fixing the issue you have described, along with corresponding tests. All pull requests are promptly reviewed by the Laravel team.

Thank you!

[Raitch]

It's relevant to this file vendor/laravel/framework/src/Illuminate/Database/Schema/MySqlSchemaState.php however everything there is currently based on database.php config settings. Would be nice if there was a passable argument that appended --skip-ssl to the string. As a temporary solution, one can just add $value .= ' --skip-ssl'; at the end of the connectionString method.

[Raitch]

Another solution is to add a my.cnf file to /etc/my.cnf containing:

[mysql]
skip-ssl

Personally I needed to solve this issue locally so I had my docker-composer.yml solve it with voluming the file there.

https://mariadb.com/kb/en/configuring-mariadb-with-option-files/

[monkeyphysics]

@Raitch thanks, this helped me fix it.

For other visitors, please note that you need to add the custom MySQL/MariaDB-config file to the client service, which in my case was php (and not mysql) because the artisan command is running there:

php:
    ...
    volumes:
      - ./docker/mysql.cnf:/etc/my.cnf.d/custom.cnf
    ...

[wadakatu]

In my case, I’m using mysqldump from mariadb-client v11.4.4:

mysqldump from 11.4.4-MariaDB, client 10.19 for Linux (aarch64)

To address the SSL issue, I added the disable-ssl-verify-server-cert parameter to the my.cnf file:

[client-mariadb]
disable-ssl-verify-server-cert

Reference

You can find more details here:

Securing Connections for Client and Server

Warning

Please note that this setting disables server certificate verification, which increases the risk of a man-in-the-middle attack. This means your connection could be intercepted or tampered with, even if it is encrypted. Be cautious and fully understand the risks before using this option.