Details
-
Bug
-
Status: Closed (View Workflow)
-
Major
-
Resolution: Not a Bug
-
2.5.4
-
None
-
linux connecting to linux running mysql 5.7.14
Description
Using mysql server with tls versions 1,1.1,and 1.2 enabled,
mariadb can't negotiate a TLSv1.2 connection, (getting Unsupported record version Unknown-0.0)
but it can negotiate a TLSv1.1 connection.
Here is a sample program that shows all relevant information from the server and client:
import java.sql.Connection; |
import java.sql.DriverManager; |
import java.sql.ResultSet; |
import java.sql.SQLException; |
 |
public class TestTLS { |
public static void main(String[] args) throws ClassNotFoundException, SQLException { |
String enabledSslProtocolSuites = args[0]; |
Class.forName("org.mariadb.jdbc.Driver"); |
try(Connection c = DriverManager.getConnection("jdbc:mariadb://mysql:3306/ach?useSSL=true&enabledSslProtocolSuites="+enabledSslProtocolSuites+"&trustStore=ssl/truststore&trustStorePassword=mypassword","ach","ach")) { |
ResultSet rs = c.createStatement().executeQuery("select @@tls_version"); |
String ts = null; |
while(rs.next()) { |
ts = rs.getString(1); |
}
|
System.out.println("tls_version="+ts); |
rs = c.createStatement().executeQuery("show variables like '%ssl%'"); |
while(rs.next()) { |
System.out.println(rs.getString(1)+"\t"+rs.getString(2)); |
}
|
rs = c.createStatement().executeQuery("SHOW SESSION STATUS LIKE '%ssl%'"); |
while(rs.next()) { |
System.out.println(rs.getString(1)+"\t"+rs.getString(2)); |
}
|
rs = c.createStatement().executeQuery("SHOW SESSION STATUS LIKE '%tls%'"); |
while(rs.next()) { |
System.out.println(rs.getString(1)+"\t"+rs.getString(2)); |
}
|
}
|
}
|
}
|
Yielding:
tls_version=TLSv1,TLSv1.1,TLSv1.2
have_openssl YES
have_ssl YES
ssl_ca /ssl/ca.pem
ssl_capath
ssl_cert /ssl/server-cert.pem
ssl_cipher
ssl_crl
ssl_crlpath
ssl_key /ssl/server-key.pem
Com_show_processlist 0
Ssl_accept_renegotiates 0
Ssl_accepts 0
Ssl_callback_cache_hits 0
Ssl_cipher DHE-RSA-AES256-SHA
Ssl_cipher_list DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:AES128-RMD:DES-CBC3-RMD:DHE-RSA-AES256-RMD:DHE-RSA-AES128-RMD:DHE-RSA-DES-CBC3-RMD:AES256-SHA:RC4-SHA:RC4-MD5:DES-CBC3-SHA:DES-CBC-SHA:EDH-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC-SHA:AES128-SHA:AES256-RMD
Ssl_client_connects 0
Ssl_connect_renegotiates 0
Ssl_ctx_verify_depth 0
Ssl_ctx_verify_mode 0
Ssl_default_timeout 500
Ssl_finished_accepts 0
Ssl_finished_connects 0
Ssl_server_not_after Jan 21 19:40:39 2030 GMT
Ssl_server_not_before Mar 14 19:40:39 2020 GMT
Ssl_session_cache_hits 0
Ssl_session_cache_misses 0
Ssl_session_cache_mode Unknown
Ssl_session_cache_overflows 0
Ssl_session_cache_size 0
Ssl_session_cache_timeouts 0
Ssl_sessions_reused 0
Ssl_used_session_cache_entries 0
Ssl_verify_depth 0
Ssl_verify_mode 0
Ssl_version TLSv1.1
with TLSv1.1
and
Exception in thread "main" java.sql.SQLNonTransientConnectionException: Could not connect to mysql:3306 : Unsupported record version Unknown-0.0
at org.mariadb.jdbc.internal.util.exceptions.ExceptionMapper.get(ExceptionMapper.java:234)
at org.mariadb.jdbc.internal.util.exceptions.ExceptionMapper.getException(ExceptionMapper.java:165)
at org.mariadb.jdbc.internal.protocol.AbstractConnectProtocol.connectWithoutProxy(AbstractConnectProtocol.java:1199)
at org.mariadb.jdbc.internal.util.Utils.retrieveProxy(Utils.java:560)
at org.mariadb.jdbc.MariaDbConnection.newConnection(MariaDbConnection.java:174)
at org.mariadb.jdbc.Driver.connect(Driver.java:92)
at java.sql.DriverManager.getConnection(DriverManager.java:664)
at java.sql.DriverManager.getConnection(DriverManager.java:247)
at TestTLS.main(TestTLS.java:10)
with TLSv1.2