Problem Description:

On the test server, Java program started, log appear javax.net.ssl.SSLHandshakeException inside, the error is not find what the causes of the great probability is someone to upgrade the mysql or JDK version. The protocol supported by JDK8 and mysql is inconsistent.

Mysql version: 5.7.34

JDK version: 1.8.0_292

Problem analysis:

1. TLS1.3 is supported in JDK8u261. By default, protocols prior to TLS1.2 are disabled in security, so only TLS1.2 and 1.3 are enabled by default from JDK8u261. The JDK jsse link

The JSSE API supports the following security protocols: TLS: Version 1.0, 1.1, 1.2, and 1.3 (since JDK 8U261) SSL: Version 3.0Copy the code

Mysql supports SSL.

TLS versions: The allowable versions of TLS protocol can be restricted using the connection properties enabledTLSProtocols and, For X DevAPI connections and for release 8.0.19 and later, xdevapi.tls-versions (when xdevapi.tls-versions is not specified, it takes up the value of enabledTLSProtocols). If no such restrictions have been specified, Connector/J attempts to connect to the server with the following TLS versions: TLSv1 TLSv1.1, TLSv1.2, TLSv1.3 for MySQL Community Servers, 8.0 5.7.28 and later, and 5.6.46 and later, And for all commercial versions of MySQL servers. TLSv1,TLSv1.1 for all other versions of MySQL servers.notes for The Connector/J 8.0.26 and later: The TLSv1 and TLSv1.1 protocols have been deprecated. While connections to The server using those TLS versions can still be removed  be made with the same negotiation process as described above, for any connections established using those TLS versions, Connector/J writes to its logger the message "This connection is using TLSv1[.1] which is now deprecated and will be Removed in a future release of Connector/J." For Connector/J 8.0.18 and earlier when connecting to the MySQL Community Server 5.6 and 5.7 using the JDBC API: Due to compatibility issues with MySQL Server compiled with yaSSL, Connector/J does not enable connections with TLSv1.2 and higher by default. When connecting to servers that restrict connections to use those higher TLS versions, enable them explicitly by setting the Connector/J connection property enabledTLSProtocols (e.g., Set enabledTLSProtocols = TLSv1, TLSv1.1 TLSv1.2).Copy the code

It is clearly stated here that TLS1.0 and TLS1.1 have been deprecated in 8.0.26 and later versions if no protocol is specified, but can be used as a handshake protocol, the mysql logger will indicate that these protocols will be removed in the future. For 8.0.18 and earlier versions, including 5.6 and 5.7,TLS 1.2 and later will not be enabled for compatibility reasons, so mysql5.7 is TLS1.0 by default and TLS1.1 is used. The JDK uses TLS1.2 and TLS1.3 by default. So the protocol is completely incorrect and SSLHandshakeException is reported while shaking hands.

Solution:

There are three ways to resolve this problem: the first way is to remove the JDK default security protocol (or only remove TLS1.0 and TLS1.1 can also be removed). It is not recommended to use the JDK default protocol. Mysql does not use TLS1.2 for compatibility issues, so you can specify a protocol that is supported by both parties.

Solution a:

On the server, enter the command: which is Java Return: /usr/bin/java enter: ls -l /usr/bin/java Return: /usr/bin/java -> /etc/alternatives/ Java enter: Ls -l /etc/alternatives/ Java /etc/alternatives/ Java -> /usr/lib/jvm/java-8-openJDK-amd64 /jre/bin/java Enter /usr/lib/jvm/java-8-openJDK-amd64 /jre/lib/security CD /usr/lib/jvm/java-8-openJDk-amd64 /jre/lib/security Edit java.sercurity sudo vim java.security and search for SSLv3. Find the JDK. TLS. DisabledAlgorithms = SSLv3, TLSv1, TLSv1.1, DES, RC4, MD5withRSA, similar lines Then put these lines to comment out # Example: # JDK. TLS. DisabledAlgorithms = MD5, SSLv3, DSA and RSA keySize < 2048 # JDK. TLS. DisabledAlgorithms = SSLv3, TLSv1, TLSv1.1, RC4, DES, MD5withRSA, \ # DH keySize < 1024, EC keySize < 224, 3DES_EDE_CBC, anon, NULL, # include JDK.disabled. NamedCurves Save and exit, then restart the Java serviceCopy the code

Scheme 2:

Set SSL not to be used where the database is connected with useSSL=false

Spring. The datasource. Url = JDBC: mysql: / / 127.0.0.1:3306 / database? useSSL=falseCopy the code

Solution 3:

Specify the protocol TLSv1.2 after the connection

Spring. The datasource. Url = JDBC: mysql: / / 127.0.0.1:3306 / database? EnabledTLSProtocols = TLSv1.2Copy the code

References:

1. Stackoverflow problem 2. Mysql connection SSL 3

mo4tech.com (Moment For Technology) is a global community with thousands techies from across the global hang out!Passionate technologists, be it gadget freaks, tech enthusiasts, coders, technopreneurs, or CIOs, you would find them all here.

Connect to the database SSLHandshakeException problem

Problem Description:

Problem analysis:

Solution:

Solution a:

Scheme 2:

Solution 3:

References:

Connect to the database SSLHandshakeException problem

Problem Description:

Problem analysis:

Solution:

Solution a:

Scheme 2:

Solution 3:

References:

Related Posts

Under the environment of inner volume, how to resolve the sprout new programmer?

Several common and serious MySQL problems are analyzed

Resolved an issue where Zuul could not forward Multipart and JSON requests at the same time