From cbbfc5ea8fe4482484868807625d59e8a547f3fd Mon Sep 17 00:00:00 2001
From: Rostislav Dugin <rostislav.dugin@outlook.com>
Date: Wed, 14 Jan 2026 18:11:49 +0300
Subject: [PATCH] FIX (mysql): Enable allowCleartextPasswords over SSL

---
 backend/internal/features/databases/databases/mysql/model.go | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/backend/internal/features/databases/databases/mysql/model.go b/backend/internal/features/databases/databases/mysql/model.go
index 7594531..d76e0b0 100644
--- a/backend/internal/features/databases/databases/mysql/model.go
+++ b/backend/internal/features/databases/databases/mysql/model.go
@@ -400,6 +400,7 @@ func HasPrivilege(privileges, priv string) bool {
 
 func (m *MysqlDatabase) buildDSN(password string, database string) string {
 	tlsConfig := "false"
+	allowCleartext := ""
 
 	if m.IsHttps {
 		err := mysql.RegisterTLSConfig("mysql-skip-verify", &tls.Config{
@@ -411,16 +412,18 @@ func (m *MysqlDatabase) buildDSN(password string, database string) string {
 		}
 
 		tlsConfig = "mysql-skip-verify"
+		allowCleartext = "&allowCleartextPasswords=1"
 	}
 
 	return fmt.Sprintf(
-		"%s:%s@tcp(%s:%d)/%s?parseTime=true&timeout=15s&tls=%s&charset=utf8mb4",
+		"%s:%s@tcp(%s:%d)/%s?parseTime=true&timeout=15s&tls=%s&charset=utf8mb4%s",
 		m.Username,
 		password,
 		m.Host,
 		m.Port,
 		database,
 		tlsConfig,
+		allowCleartext,
 	)
 }