This is a compatibility issue between Java and the MySQL JDBC driverĬhoose the most appropriate solution from below for your situation : No appropriate protocol (protocol is disabled or cipher suites are inappropriate)Īt java.base/.(HandshakeContext.java:170)Īt java.base/.(ClientHandshakeContext.java:98) (HANDSHAKE_FAILURE): Couldn't kickstart handshaking ( In your case you will see something like. Note: if you want to get more low level insights from the JDK to debug your problem you can enable ssl debug logs by passing the following configuration to the java comand: There are reasons why those protocols were disabled and one should not simply remove everything or even just parts from that list.
WARNING: please be aware that solutions suggesting editing inside of jre/lib/security pose a security risk to your application and changing anything there might have severe implications! Servers that restrict connections to use those higher TLS versions,Įnable them explicitly by setting the Connector/J connection propertyĮnabledTLSProtocols=TLSv1,TLSv1.1,TLSv1.2). With MySQL Server compiled with yaSSL, Connector/J does not enableĬonnections with TLSv1.2 and higher by default. Server 5.6 and 5.7 using the JDBC API: Due to compatibility issues Therefore, one has to enable it explicitly.įor Connector/J 8.0.18 and earlier when connecting to MySQL Community For compatibility reasons Connector/J does not enable TLSv1.2 and higher by default. Why don't the JDK and MySQL just agree on using TLSv1.2?Īlthough both parties do actually support TLSv1.2, the problem you were experiencing is introduced by the default behavior of Connector/J. However, the original name remains as an alias. Note: I don't think changing the curity file as suggested in the other thread is a good long term solution to this problem!Īs already commented you will need to add the enabledTLSProtocols=TLSv1.2 configuration property in the connection string to resolve your issue.Ī complete connection string for Connector/J could look like this: jdbc:mysql://:/?enabledTLSProtocols=TLSv1.2įor r2dbc you will need to use tlsVersion=TLSv1.2 instead.įor Connector/J v8.0.28 enabledTLSProtocols was renamed to tlsVersions (see note). So then the question is, why don't the JDK and MySQL just agree on using TLSv1.2 and what can we do about it, to make them communicate with TLSv1.2? Also when running SHOW VARIABLES LIKE 'tls_version' we get TLSv1,TLSv1.1,TLSv1.2 which suggest that TLSv1.2 is supported. Now in my understanding as described here, MySQL 5.7 supports TLSv1.2.
! : No appropriate protocol (protocol is disabled or cipher suites are inappropriate)
Download mysql server 5.6.46 for mac update#
In that thread there are also more answers popping up the last few days since the updated JDK version.Īfter this update of the JDK, we received the error : An attempt by a client to checkout a Connection has timed out.Īfter switching to hikari we got a more meaningful error: ERROR .HikariPool: HikariPool-1 - Exception during pool initialization. Which is also discussed in this SO post: SSLHandShakeException No Appropriate Protocol. This is evident by the diff in the curity file:īefore: =SSLv3, RC4, DES, MD5withRSA, DH keySize < 1024, \ĮC keySize < 224, 3DES_EDE_CBC, anon, NULL, \Īfter: =SSLv3, TLSv1, TLSv1.1, RC4, DES, MD5withRSA, \ĭH keySize < 1024, EC keySize < 224, 3DES_EDE_CBC, anon, NULL, \ In the latest update to the JDK in April 2021 ( 11.0.11+9-0ubuntu2~18.04) support for TLSv1 and TLSv1.1 was dropped, presumably because since March 2021 those versions are no longer supported.
0 kommentar(er)
