https://stackoverflow.com/questions/23401435
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russian
HTTPS is a protocol that relies on the SSL/TLS connection being established from the start of the TCP connection ("implicit" SSL/TLS). All the HTTP traffic is exchanged over SSL/TLS, and it's done on a distinct port, so Wireshark knows that it's expected to decode it as SSL/TLS first.
The MySQL protocol isn't (it's "explicit" SSL/TLS): the communication starts in plain text and is then upgraded to SSL/TLS. (More details about these two modes in general here and here.)
If you look at the MySQL network protocol documentation, the server still sends its initial handshake message first in both plain and SSL/TLS connections ("Server Greeting" that you see in your capture). There is also a more detailed example in the SSL section of the MySQL internals documentation.
In some cases, Wireshark might not be able to guess that SSL/TLS has been used, when it's part of another protocol's communication on the same port. You can try to force it to decode the traffic as SSL/TLS by right-clicking on the packet and choosing "Decode As..." (then SSL).
This should at least explain the different behaviour between HTTPS and MySQL, regarding what you see with Wireshark.
Considering your specific example in this screenshot, it's hard to say which one is the client and which one is the server, since you're communicating from localhost to localhost (it would be more visible if you chose to display the source and destination ports).
I haven't tried myself, but it seems reasonable to assume that "Login Request user=" comes from the client and isn't done over SSL/TLS, which would seem to indicate that this particular connection doesn't use SSL/TLS. (I'm not familiar with the details of the MySQL network protocol, so you could to try to decode the traffic as SSL in Wireshark to see what happens. It's also difficult to answer any further without more details about your settings, both on client and server.)
