AWS RDS Aurora MySQL auth error when using caching_sha2_password

[mkl262]

Before creating a ticket, please consider if this should fit the discussion forum better.

Environment

• ejabberd version: 24.12
• Erlang version: Erlang (SMP,ASYNC_THREADS) (BEAM) emulator version 14.2.1
• OS: Alpine Linux v3.19
• Installed from: official docker image

Configuration (only if needed): grep -Ev '^$|^\s*#' ejabberd.yml

loglevel: 4
sql_type: mysql
sql_server: "ejabberd.cluster-123456.eu-west-1.rds.amazonaws.com"
sql_database: "ejabberd"
sql_username: "ejabberd"
sql_password: 'password'
sql_port: 3306
sql_pool_size: 20
sql_keepalive_interval: 1
sql_start_interval: 5
sql_ssl: true
sql_ssl_verify: false
sql_ssl_cafile: "/tmp/ssl/mysql/eu-west-1-bundle.pem"
new_sql_schema: false
update_sql_schema: false
default_db: sql
...

Errors from error.log/crash.log

2026-02-15 19:49:23.203 [error] p1_mysql_conn: init error 1251: ~c"#08004Client does not support authentication protocol requested by server; consider upgrading MySQL client"

2026-02-15 19:49:23.203 [error] p1_mysql_conn: init error 1251: ~c"#08004Client does not support authentication protocol requested by server; consider upgrading MySQL client"

2026-02-15 19:49:23.203 [warning] :mysql connection failed:
** Reason: :normal
** Retry after: 5 seconds
2026-02-15 19:49:23.203 [warning] :mysql connection failed:
** Reason: :normal
** Retry after: 5 seconds
2026-02-15 19:49:23.203 [error] Keep alive query failed, closing connection: {:error, "SQL connection failed"}
2026-02-15 19:49:23.204 [error] Keep alive query failed, closing connection: {:error, "SQL connection failed"}
2026-02-15 19:49:23.204 [warning] Unexpected call :force_timeout from #PID<0.34206.0> in 'connecting'
2026-02-15 19:49:23.204 [warning] Unexpected call :force_timeout from #PID<0.34202.0> in 'connecting'

Bug description

EjabberD does not connect to AWS RDS Aurora MySQL server (version 3.11.0, mysql 8.0.43) when user is configured to use caching_sha2_password authentication
Issue does not reproduce on regular mysql:8.0.43 docker image.

[prefiks]

Was a bit tricky to track what caused it, but it should be fixed by processone/p1_mysql@b0447a7.

It is also possible to reproduce on regular mysql server, as long as it's configured to have default auth set to 'mysql_native_password', but real user user password stored in different format.

[mkl262]

Thanks!
Which version is expected to have this fix?

[prefiks]

I believe master from this: https://github.com/processone/ejabberd/pkgs/container/ejabberd should have this change