Connection Pool permanently falls back to TLS 1.1

[bgrainger]

Software versions
MySqlConnector version: 2.2.6
Server type (MySQL, MariaDB, Aurora, etc.) and version: Azure Database for MySQL Flexible Server 5.7
.NET version: .NET Framework 4.7.2

Describe the bug

Infrequently, a website running in an IIS App Pool gets "stuck" in a state where it can no longer make any connections to a backend server. The workaround is to recycle the app pool and restart the website. Other app pools running the same code on a different server are not affected when this happens.

Exception

Session1.10676 couldn't initialize TLS connection
System.Security.Authentication.AuthenticationException: A call to SSPI failed, see inner exception. ---> System.ComponentModel.Win32Exception: The message received was unexpected or badly formatted
   --- End of inner exception stack trace ---
   at System.Net.Security.SslState.StartSendAuthResetSignal(ProtocolToken message, AsyncProtocolRequest asyncRequest, Exception exception)
   at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.ForceAuthentication(Boolean receiveFirst, Byte[] buffer, AsyncProtocolRequest asyncRequest, Boolean renegotiation)
   at System.Net.Security.SslState.ProcessAuthentication(LazyAsyncResult lazyResult)
   at MySqlConnector.Core.ServerSession.<InitSslAsync>d__102.MoveNext() in /_/src/MySqlConnector/Core/ServerSession.cs:line 1547

Additional context

A packet capture indicates that MySqlConnector is sending a TLS 1.1 "Client Hello". The server requires TLS 1.2 and above, so it's not surprising that the connection attempt fails.

It is a little unexpected to receive an SSPI exception, instead of an exception message like the one from #1132:

MySqlConnector.MySqlException (0x80004005): The server doesn't support the client's specified TLS versions.
---> System.ComponentModel.Win32Exception (0x80090331): The client and server cannot communicate, because they do not possess a common algorithm.

However, it seems very probable that a wrong TLS version is the cause of the problem, even though the exception message doesn't clearly state that.

[bgrainger]

The yaSSL fallback code is probably only necessary for MySQL <= 5.7.28, which is now almost four years old. However, there do seem to be a lot of very old MySQL versions still out there in the wild (based on bug reports) so it probably should be kept around for now.

[bgrainger]

Fixed in 2.2.7.