0

While connecting to Cloudsql DB via auth proxy from java application I am getting below error. Caused by: java.sql.SQLException: SSL connection required for plugin "mysql_clear_password". Check if 'sslMode' is enabled.

Not able to get through mysql docs the correct value to be set.

Has anyone faced similar issue ?

Below is the code for reference:

        String jdbcURL = String.format("jdbc:mysql://127.0.0.1:3306/%s", DB_NAME);
        Properties connProps = new Properties();
        connProps.setProperty("user", DB_USER);
        connProps.setProperty("password", DB_PASSWORD);
        connProps.setProperty("cloudSqlInstance", CONNECTION_NAME);
        connProps.setProperty("authenticationPlugins ", "com.mysql.jdbc.authentication.MysqlClearPasswordPlugin");
        HikariConfig config = new HikariConfig();
        config.setJdbcUrl(jdbcURL);
mayank agarwal
  • 33
  • 6
  • Is there a reason why you're not using the Java connector directly? It provides all the benefits of the proxy, but is in-process. See https://github.com/GoogleCloudPlatform/cloud-sql-jdbc-socket-factory/blob/main/docs/jdbc-mysql.md. – enocom Feb 01 '22 at 17:18

2 Answers2

0

Try adding below to JDBC connection string

?allowPublicKeyRetrieval=true&useSSL=true&verifyServerCertificate=false&clientCertificateKeyStoreUrl=file:/path/to/keystore&clientCertificateKeyStorePassword=<pwd>
jmoerdyk
  • 5,544
  • 7
  • 38
  • 49
Shubham Nigam
  • 1
  • As it’s currently written, your answer is unclear. Please [edit] to add additional details that will help others understand how this addresses the question asked. You can find more information on how to write good answers [in the help center](/help/how-to-answer). – Community Sep 26 '22 at 11:35
-2

In this documentation, you can find how to modify MySQL accounts. You can use an ALTER USER statement to enable authentication, SSL/TLS, resource-limit, and password-management properties for existing accounts.

EDIT:

Additionally, since you cannot change anything on the DB/server side, you could try to pass sslMode="REQUIRED" flag along with JDBC connection.

Mabel A.
  • 1,775
  • 4
  • 14
  • I have already followed above steps & documents :/ @Mabel A. – mayank agarwal Feb 01 '22 at 03:46
  • @mayankagarwal have you checked this [documentation](https://dev.mysql.com/doc/refman/5.7/en/alter-user.html)? Most likely, if server isn't configured to use `mysql_clear_password` as a default, the user you're trying to connect with is created using `IDENTIFIED WITH` `mysql_clear_password` clause. Please check and alter user using appropriate plugin. – Mabel A. Feb 01 '22 at 03:59
  • Yes I saw the doc. I can not change anything on the DB/server side. Is there a way to override the plugin settings on the client-side ? I am trying to override the defaultAuthNPlugin as shown here https://dev.mysql.com/doc/connector-j/8.0/en/connector-j-connp-props-authentication.html#cj-conn-prop_authenticationPlugins but seems not working. @Mabel A. – mayank agarwal Feb 01 '22 at 11:56
  • @mayankagarwal have you tried to pass [sslMode](https://dev.mysql.com/doc/connector-j/8.0/en/connector-j-connp-props-security.html)="REQUIRED" flag along with JDBC connection? – Mabel A. Feb 02 '22 at 05:59