Uploaded image for project: 'MariaDB Connector/J'
  1. MariaDB Connector/J
  2. CONJ-1285

RSA public key is not available client side

    XMLWordPrintable

Details

    • Bug
    • Status: Open (View Workflow)
    • Blocker
    • Resolution: Unresolved
    • 3.4.0, 3.5.6
    • None
    • MySQL compatibility
    • None

    Description

      Hello,

      I am encountering an issue when using the MariaDB Java connector with a MySQL database. Here are the details:

      Context:
      I am using a MySQL database with the MariaDB Java connector. When attempting to establish a connection, I encounter the following error: 

        [ERROR] [com.zaxxer.hikari.pool.HikariPool] [main] : Exception during pool initialization.
      		 
        java.sql.SQLException: RSA public key is not available client side (option serverRsaPublicKeyFile not set)
      		 
                at org.mariadb.jdbc.plugin.authentication.standard.CachingSha2PasswordPlugin.process(CachingSha2PasswordPlugin.java:221)
      		 
                at org.mariadb.jdbc.client.impl.StandardClient.authenticationHandler(StandardClient.java:295)

      Error Description:
      The error indicates that the MariaDB JDBC driver is attempting to use the `caching_sha2_password` authentication plugin, but it cannot find the RSA public key required for secure password exchange. This is likely due to a misconfiguration in the database connection settings.

      With the deprecated `native_password` authentication plugin, this error did not occur. However, since `native_password` is deprecated, the driver defaults to `caching_sha2_password`, which introduces this issue.

      Expected Behavior:
      With the MySQL connector, this error does not occur, and no specific configuration is required to establish the connection. I expected similar behavior with the MariaDB connector.

      Observed Behavior:
      With the MariaDB connector, it seems that the `serverRsaPublicKeyFile` option is required to establish the connection, which results in an error if it is not configured.

      Workaround Attempted:
      I have read that it is possible to use the following parameters in the connection URL to bypass this issue: 

        useSSL=false&allowPublicKeyRetrieval=true

      However, this solution is discouraged for security reasons, as it may introduce potential vulnerabilities. I am therefore looking for a secure alternative to resolve this issue.

      Additional Constraints:
      Setting up certificates is technically possible, but is not realistic for all of our existing users without a cumbersome process. Therefore, I need to provide a solution that works out of the box without requiring additional configuration or manual setup.

      Questions:

      • Is this a bug or expected behavior of the MariaDB connector?
      • Is there a configuration or option that allows for behavior similar to the MySQL connector, where this setup is not required?
      • If this behavior is expected, could you provide recommendations for securely configuring the MariaDB connector in this use case?

      Additional Information:

      • MariaDB Connector Version: mariadb-java-client 3.4.0
      • Java Version: openjdk version "17.0.16" 2025-07-15 LTS
      • MySQL Version: mysql Ver 8.0.43 for Linux on x86_64 (Source distribution)

      Thank you in advance for your assistance and clarification.

      Best regards,

      Attachments

        Activity

          People

            diego dupin Diego Dupin
            Centreon Greg
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:

              Git Integration

                Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.