Unable to connect over SSL when upgrading OTP from 19.3 to 20+ (with workaround)

[mdwaud]

Problem

I'm connecting to a Amazon MySQL RDS instance. My config is:

config :my_app MyApp.Repo,
  # username, password, etc
  ssl: true,
  ssl_opts: [
    cacertfile: "config/amazon-rds-ca-cert.pem"
  ]

This works with OTP 19.3, however upgrading to 20+ gives me:
Mariaex.Protocol (#PID<0.1066.0>) failed to connect: ** (Mariaex.Error) failed to upgraded socket: :closed

Workaround

Explicitly set the protocol to TLS version 1.1 using the versions option:

ssl_opts: [
  cacertfile: "config/amazon-rds-ca-cert.pem",
  versions: [:'tlsv1.1']
]

Not sure the right way to handle this long term. I can make a PR and put the above instructions in the README if you'd like. I wanted to be sure to document it somewhere to save anyone else the time I spent chasing it down.

[jessiahr]

I ran into this issue as well, workaround solved my problem for now.

[klynton]

In case anyone else comes across this: I ran into this issue and tried using versions: [:'tlsv1.2'] but it didn't work. Using 1.1 only does work.