1) Download any source distribution from 5.0.23 onwards (5.0.22 and below is - contrary to my earlier posting - not affected) to both machines. 2) Compile and install on both machines with the following commands: "./configure --prefix=/usr/local/mysql --with-pthread --with-unix-socket-path=/var/run/mysql/mysql.sock --with-mysqld-user=mysql --with-openssl --with-openssl-includes=/usr/local/include --with-openssl-libs=/usr/local/lib --without-bench --without-debug" "make" "make install" (Obviously the paths depend on your file system layout. BTW: The bug appears independently of the pthread setting) 3) On designated master: Add the following lines to my.cnf: server-id=1 log-bin ssl=1 ssl-ca = /usr/local/ssl/ca.crt ssl-cert = /usr/local/ssl/master.crt ssl-key = /usr/local/ssl/master.key (The paths, again, depend on where your CA trust chain, server certificate and private key reside.) 4) Start the master server. Configure it, create a database with some data. Then create the replica user and grant him the required privileges: "grant replication slave, replication client on *.* to 'replssl'@'' require ssl;" run "flush privileges"; run "flush tables with read lock"; (don't log out of the console) log onto the master server on a second console, copy (eg. with tar/scp) the contents of the mysql data_dir into the data_dir on the slave server. run "show master status" and record the values for "File" and "Position"; run "unlock tables"; 5) On the designated slave: Add the following lines to my.cnf: [mysqld] skip-slave-start server-id=2 ssl=1 ssl-ca = /usr/local/ssl/ca.crt ssl-cert = /usr/local/ssl/slave.crt ssl-key = /usr/local/ssl/slave.key master-ssl=1 master-ssl-ca = /usr/local/ssl/ca.crt master-ssl-cert = /usr/local/ssl/slave.crt master-ssl-key = /usr/local/ssl/slave.key Start the slave server (will use the databases copied over from the master). Connect to the slave server and start the replication thread: "change master to master_host=, master_user='replssl', master_password='', master_log_file='', master_log_pos=;" start slave; Now, the slave's error log should report a successful connection along the lines: "061230 7:27:20 [Note] Slave SQL thread initialized, starting replication in log 'master- bin.000009' at position 56925, relay log './slave-relay-bin.000001' position: 4 061230 7:27:20 [Note] Slave I/O thread: connected to master 'replssl@master:3306', replication started in log 'master-bin.000009' at position 56925" You can see the connection parameters on the slave by running "show slave status". When modifying any record on the master, the change will show immediately on the slave. 6) On the slave: run "stop slave"; The I/O thread will hang. A "show processlist" on the master will still show the slave thread connected: "| 20146 | replssl | slave:40925 | NULL | Binlog Dump | 412 | Has sent all binlog to slave; waiting for binlog to be updated | NULL". The slave will hang until a write operation on the master occurs, e.g. "flush logs".