"TLS/SSL error: SSL is required, but the server does not support it" on mariadb 10.6 #8119
Description
Preliminary checklist
- I am using the latest stable version of DDEV (see upgrade guide)
- I have searched existing issues
- I have checked the troubleshooting guide
- I have run
ddev utility testor at leastddev utility diagnoseto include output below
Output of ddev utility test or ddev utility diagnose
It looks like the web container includes a recent version of the mariadb client, these seem to default to requiring ssl connection to the server. For various drush commands that directly run the client such as sql-cli, this fails.
Expand `ddev utility test` diagnostic information
DDEV Diagnostic Report
======================
Environment
===========
ℹ DDEV version: v1.25.0
ℹ OS: Linux x86_64
ℹ Distro: Ubuntu 24.04.3 LTS
ℹ Shell: /bin/bash
ℹ Docker provider: linux-docker
ℹ Docker version: 28.1.1
Docker Environment
==================
✓ Docker is running
⚠ Docker disk usage is 93%
→ Run: docker system prune to free up space
→ Or: ddev clean --all
✓ Can run containers with volume mounts
✓ Internet access from containers
✓ Docker buildx working
✓ Docker authentication configured
Network Connectivity
====================
✓ Internet accessible from host
✓ DNS resolves *.ddev.site
HTTPS/mkcert
============
✓ mkcert is installed: v1.4.6
✓ mkcert CA certificates exist
Current Project
===============
ℹ Name: primer
ℹ Type: drupal10
ℹ Status: stopped
⚠ Found 2 customized configuration file(s):
ℹ - .ddev/docker-compose.chromephpunit.yaml
ℹ - .ddev/docker-compose.chrome.yaml
→ Customizations can cause issues. Try temporarily removing them for testing.
ℹ Installed add-ons (1):
ℹ - redis
ℹ Project is stopped (run 'ddev start' to start it)
Summary
=======
⚠ 2 warning(s) found. DDEV should work but check warnings above.
Expected Behavior
A working connection to the database
Actual Behavior
ERROR 2026 (HY000): TLS/SSL error: SSL is required, but the server does not support it
Steps To Reproduce
$ ddev drush sql-cli
ERROR 2026 (HY000): TLS/SSL error: SSL is required, but the server does not support it
Anything else?
The workaround is using --skip-ssl, but it's a bit tedious to provide that for every command:
$ ddev drush sql-cli --extra="--skip-ssl"
not all commands provide this option, for example this causes drush si to fail with an existing database error because the sql-drop fails.