At first glance, the drop of the internal ssl implementation in favor of the system wide openssl library seems like a big change.
Can you also check if you have apparmor errors in the dmesg output? The 5.7.28 package seems to have accounted for that, with new rules for openssl, but maybe some were missed, or maybe the new profile wasn't applied. For example, this was added to the apparmor profile: +# Allow read access to OpenSSL config + /etc/ssl/openssl.cnf r, -- You received this bug notification because you are a member of Ubuntu Server, which is subscribed to mysql-5.7 in Ubuntu. Matching subscriptions: main https://bugs.launchpad.net/bugs/1853636 Title: Client SSL connection errors in 5.7.28 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/mysql-5.7/+bug/1853636/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
