diff --git a/server/modules/include/mysql_client_server_protocol.h b/server/modules/include/mysql_client_server_protocol.h
index e5fd954a4..f72416491 100644
--- a/server/modules/include/mysql_client_server_protocol.h
+++ b/server/modules/include/mysql_client_server_protocol.h
@@ -91,6 +91,10 @@
 #define COM_QUIT_PACKET_SIZE (4+1)
 struct dcb;
 
+#define MYSQL_FAILED_AUTH 1
+#define MYSQL_FAILED_AUTH_DB 2
+#define MYSQL_FAILED_AUTH_SSL 3
+
 typedef enum {
         MYSQL_ALLOC,
         MYSQL_PENDING_CONNECT,
diff --git a/server/modules/protocol/mysql_backend.c b/server/modules/protocol/mysql_backend.c
index ba5786851..d000474ab 100644
--- a/server/modules/protocol/mysql_backend.c
+++ b/server/modules/protocol/mysql_backend.c
@@ -72,7 +72,7 @@ static void backend_set_delayqueue(DCB *dcb, GWBUF *queue);
 static int gw_change_user(DCB *backend_dcb, SERVER *server, SESSION *in_session, GWBUF *queue);
 static GWBUF* process_response_data (DCB* dcb, GWBUF* readbuf, int nbytes_to_process); 
 extern char* create_auth_failed_msg( GWBUF* readbuf, char*  hostaddr, uint8_t*  sha1);
-extern char* create_auth_fail_str(char *username, char *hostaddr, char *sha1, char *db);
+extern char* create_auth_fail_str(char *username, char *hostaddr, char *sha1, char *db,int);
 static bool sescmd_response_complete(DCB* dcb);
 
 
@@ -1433,7 +1433,7 @@ static int gw_change_user(
 		message = create_auth_fail_str(username,
 						backend->session->client->remote,
 						password_set,
-						"");
+						"",auth_ret);
 		if (message == NULL)
 		{
 			LOGIF(LE, (skygw_log_write_flush(
diff --git a/server/modules/protocol/mysql_client.c b/server/modules/protocol/mysql_client.c
index b930d8c77..6aeadd180 100644
--- a/server/modules/protocol/mysql_client.c
+++ b/server/modules/protocol/mysql_client.c
@@ -78,7 +78,7 @@ static int gw_mysql_do_authentication(DCB *dcb, GWBUF *queue);
 static int route_by_statement(SESSION *, GWBUF **);
 extern char* get_username_from_auth(char* ptr, uint8_t* data);
 extern int check_db_name_after_auth(DCB *, char *, int);
-extern char* create_auth_fail_str(char *username, char *hostaddr, char *sha1, char *db);
+extern char* create_auth_fail_str(char *username, char *hostaddr, char *sha1, char *db,int);
 
 int do_ssl_accept(MySQLProtocol* protocol);
 
@@ -450,7 +450,7 @@ static int gw_mysql_do_authentication(DCB *dcb, GWBUF *queue) {
 	/* Detect now if there are enough bytes to continue */
 	if (client_auth_packet_size < (4 + 4 + 4 + 1 + 23)) 
 	{
-		return 1;
+		return MYSQL_FAILED_AUTH;
 	}
 
 	memcpy(&protocol->client_capabilities, client_auth_packet + 4, 4);
@@ -476,7 +476,7 @@ static int gw_mysql_do_authentication(DCB *dcb, GWBUF *queue) {
 		    protocol->owner_dcb->user,
 	            protocol->owner_dcb->remote,
 		    protocol->owner_dcb->service->name)));
-	    return 1;
+	    return MYSQL_FAILED_AUTH_SSL;
 	}
 
 	if(LOG_IS_ENABLED(LT) && ssl)
@@ -495,7 +495,7 @@ static int gw_mysql_do_authentication(DCB *dcb, GWBUF *queue) {
 
 	    if(do_ssl_accept(protocol) < 0)
 	    {
-		return 1;
+		return MYSQL_FAILED_AUTH;
 	    }
 	    else
 	    {
@@ -509,7 +509,7 @@ static int gw_mysql_do_authentication(DCB *dcb, GWBUF *queue) {
 	
 	if (username == NULL)
 	{
-		return 1;
+		return MYSQL_FAILED_AUTH;
 	}
 
 	/* get charset */
@@ -902,7 +902,7 @@ int gw_read_client_event(
 				fail_str = create_auth_fail_str((char *)((MYSQL_session *)dcb->data)->user, 
 							dcb->remote, 
 							(char*)((MYSQL_session *)dcb->data)->client_sha1,
-							(char*)((MYSQL_session *)dcb->data)->db);
+							(char*)((MYSQL_session *)dcb->data)->db,auth_val);
 				modutil_send_mysql_err_packet(dcb, 2, 0, 1045, "28000", fail_str);
 			}
 			if (fail_str)
@@ -996,14 +996,21 @@ int gw_read_client_event(
 		    snprintf(fail_str, message_len, "Unknown database '%s'",
 			     (char*)((MYSQL_session *)dcb->data)->db);
 
-		    modutil_send_mysql_err_packet(dcb, 2, 0, 1049, "42000", fail_str);
-		} else {
+		    modutil_send_mysql_err_packet(dcb, 3, 0, 1049, "42000", fail_str);
+		}else if(auth_val == 3){
 		    /** Send error 1045 to client */
 		    fail_str = create_auth_fail_str((char *)((MYSQL_session *)dcb->data)->user,
 					     dcb->remote,
 					     (char*)((MYSQL_session *)dcb->data)->client_sha1,
-					     (char*)((MYSQL_session *)dcb->data)->db);
-		    modutil_send_mysql_err_packet(dcb, 2, 0, 1045, "28000", fail_str);
+					     (char*)((MYSQL_session *)dcb->data)->db,auth_val);
+		    modutil_send_mysql_err_packet(dcb, 3, 0, 1045, "28000", fail_str);
+		}else {
+		    /** Send error 1045 to client */
+		    fail_str = create_auth_fail_str((char *)((MYSQL_session *)dcb->data)->user,
+					     dcb->remote,
+					     (char*)((MYSQL_session *)dcb->data)->client_sha1,
+					     (char*)((MYSQL_session *)dcb->data)->db,auth_val);
+		    modutil_send_mysql_err_packet(dcb, 3, 0, 1045, "28000", fail_str);
 		}
 		if (fail_str)
 		    free(fail_str);
diff --git a/server/modules/protocol/mysql_common.c b/server/modules/protocol/mysql_common.c
index 56988dc9a..0a1d2195b 100644
--- a/server/modules/protocol/mysql_common.c
+++ b/server/modules/protocol/mysql_common.c
@@ -2199,7 +2199,8 @@ char *create_auth_fail_str(
 	char	*username,
 	char	*hostaddr,
 	char	*sha1,
-	char	*db)
+	char	*db,
+	int errcode)
 {
 	char* errstr;
 	const char* ferrstr;
@@ -2214,6 +2215,10 @@ char *create_auth_fail_str(
 	{
 		ferrstr = "Access denied for user '%s'@'%s' (using password: %s) to database '%s'";
 	}
+	else if(errcode == MYSQL_FAILED_AUTH_SSL)
+	{
+	    ferrstr = "Access without SSL denied";
+	}
 	else
 	{
 		ferrstr = "Access denied for user '%s'@'%s' (using password: %s)";
@@ -2233,6 +2238,10 @@ char *create_auth_fail_str(
 	{
 		sprintf(errstr, ferrstr, username, hostaddr, (*sha1 == '\0' ? "NO" : "YES"), db); 
 	}
+	else if(errcode == MYSQL_FAILED_AUTH_SSL)
+	{
+	    sprintf(errstr, ferrstr);
+	}
 	else
 	{
 		sprintf(errstr, ferrstr, username, hostaddr, (*sha1 == '\0' ? "NO" : "YES"));