10

I have a LXC CentOS 7 host running WildFly 21.0.2. The application server connects to a MariaDB 10.4.18 database using a two-way TLS connection (mutual authentication) and the MySQL Connector/J 5.1.47 JDBC driver. It worked fine until the upgrade from Java 8u282 to Java 8u292 that happened yesterday. The connection now fails with these errors:

IJ000604: Throwable while attempting to get a new connection: null: javax.resource.ResourceException: IJ031084: Unable to create connection
Caused by: com.mysql.jdbc.exceptions.jdbc4.CommunicationsException: Communications link failure
Caused by: javax.net.ssl.SSLHandshakeException: No appropriate protocol (protocol is disabled or cipher suites are inappropriate)

My first thought is that Java 8u292 deprecated the protocol or the cipher suite that was used to establish the connection by MySQL Connector/J 5.1.47 JDBC driver.

David Le Borgne
  • 801
  • 2
  • 9
  • 23

1 Answers1

13

The Consolidated Release Notes for JDK 8 and JDK 8 Update Releases, indicates that TLS 1.0 and TLS 1.1 have been disabled in Java 8u292 and my goal was since to force the connection to use TLS 1.2.

I tried upgrading the JDBC drivers to MySQL Connector/J 5.1.49, which is the latest version at this time, but nothing improved.

Finally, the enabledTLSProtocols seemed the best option and connection was successfully established by the application server after adding enabledTLSProtocols=TLSv1.2 in the connection URL.

David Le Borgne
  • 801
  • 2
  • 9
  • 23