The server accepted a client connection that negotiated a deprecated TLS protocol version, logging ER_DEPRECATED_TLS_VERSION_SESSION as a warning.
ER_DEPRECATED_TLS_VERSION_SESSION means your MySQL server allowed a handshake using outdated TLSv1.0 or TLSv1.1. Upgrade client libraries and set tls_version to TLSv1.2 or higher on the server to clear the warning.
ER_DEPRECATED_TLS_VERSION_SESSION
ER_DEPRECATED_TLS_VERSION_SESSION is a MySQL warning raised when the server accepts a client connection that negotiates an SSL or TLS protocol version lower than the minimum configured on the server.
The message appears in the error log and INFORMATION_SCHEMA.SESSION_STATUS table beginning with MySQL 5.7.35. It does not abort the connection but flags a potential security risk that should be resolved promptly.
The warning is triggered when a client library, driver, or proxy only supports TLSv1.0 or TLSv1.1 while the server expects TLSv1.2 or higher. Out-of-date operating systems, JDBC drivers, or load balancers often force legacy protocols that MySQL now marks as deprecated.
Server configuration parameters such as tls_version or require_secure_transport can also surface the warning when they still allow deprecated versions for backward compatibility.
The safest fix is to upgrade every client and driver to support TLSv1.2 or TLSv1.3 and disable older protocols on both client and server.
After upgrades, set tls_version in my.cnf to enforce modern protocols and restart MySQL. Then change user accounts to REQUIRE SSL or REQUIRE X509 to guarantee encrypted connections.
Legacy application servers running Java 7 often negotiate TLSv1.0. Upgrading to Java 8uSSL or adding -Djdk.tls.client.protocols=TLSv1.2 eliminates the warning.
Older MySQL client binaries on Linux distributions use OpenSSL libraries compiled without TLSv1.2. Replace the client package or recompile against a current OpenSSL release.
Standardize on a single TLS policy across infrastructure, monitor the error log for ER_DEPRECATED_TLS_VERSION_SESSION entries, and automate client library updates.
In Galaxy, session warnings surface immediately in the results panel, allowing engineers to catch and fix outdated clients before deploying code.
ER_UNSUPPORTED_TLS_VERSION states that the server rejected the handshake entirely when tls_version rejects the client's protocol; fix by matching protocol lists. WARN_DEPRECATED_TLS_VERSION indicates the same issue at server startup when ssl_fips_mode is enabled.
ER_SECURE_TRANSPORT_REQUIRED occurs when an account has REQUIRE SSL but the client connects in plain text. Enabling SSL on the connector resolves it.
Clients compiled against OpenSSL or wolfSSL versions predating TLSv1.2 force the server to fall back to deprecated protocols, triggering the warning.
Connectors earlier than MySQL Connector/J 5.1.46 default to TLSv1.0. Updating the connector removes the warning.
Older Linux distributions and Windows Server 2008 lack modern cipher suites and negotiate TLSv1.0 by default.
Edge proxies that terminate SSL may re-establish a downgraded TLS session with MySQL, causing the server to log the warning.
The server refuses connection because the client proposes a TLS version not allowed by tls_version. Update client or server settings.
Server startup warning that configured tls_version includes deprecated protocols. Remove old versions from configuration.
Connection rejected because account requires SSL and client did not use it.
No, the session continues, but you should upgrade clients quickly to avoid future failures when deprecated protocols are removed.
MySQL 5.7.35 and 8.0.26 introduced the ER_DEPRECATED_TLS_VERSION_SESSION warning for sessions that negotiate TLSv1.0 or 1.1.
You can remove TLSv1.0 and TLSv1.1 from tls_version. The server will then reject such connections instead of logging a warning.
Galaxy surfaces session warnings in the editor output and highlights them, enabling engineers to detect outdated connections during development.
.avif)
.avif){kind=logo}
