Uploaded image for project: 'MariaDB Connector/J'
  1. MariaDB Connector/J
  2. CONJ-773

Can't create TLSv.1.2 connection to mysql 5.7.14

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed (View Workflow)
    • Priority: Major
    • Resolution: Not a Bug
    • Affects Version/s: 2.5.4
    • Fix Version/s: N/A
    • Component/s: MySQL compatibility
    • Labels:
      None
    • Environment:
      linux connecting to linux running mysql 5.7.14

      Description

      Using mysql server with tls versions 1,1.1,and 1.2 enabled,
      mariadb can't negotiate a TLSv1.2 connection, (getting Unsupported record version Unknown-0.0)
      but it can negotiate a TLSv1.1 connection.
      Here is a sample program that shows all relevant information from the server and client:

      import java.sql.Connection;
      import java.sql.DriverManager;
      import java.sql.ResultSet;
      import java.sql.SQLException;
       
      public class TestTLS {
          public static void main(String[] args) throws ClassNotFoundException, SQLException {
              String enabledSslProtocolSuites = args[0];
              Class.forName("org.mariadb.jdbc.Driver");
              try(Connection c = DriverManager.getConnection("jdbc:mariadb://mysql:3306/ach?useSSL=true&enabledSslProtocolSuites="+enabledSslProtocolSuites+"&trustStore=ssl/truststore&trustStorePassword=mypassword","ach","ach")) {
                  ResultSet rs = c.createStatement().executeQuery("select @@tls_version");
                  String ts = null;
                  while(rs.next()) {
                      ts = rs.getString(1);
                  }
                  System.out.println("tls_version="+ts);
                  rs = c.createStatement().executeQuery("show variables like '%ssl%'");
                  while(rs.next()) {
                      System.out.println(rs.getString(1)+"\t"+rs.getString(2));
                  }
                  rs = c.createStatement().executeQuery("SHOW SESSION STATUS LIKE '%ssl%'");
                  while(rs.next()) {
                      System.out.println(rs.getString(1)+"\t"+rs.getString(2));
                  }
                  rs = c.createStatement().executeQuery("SHOW SESSION STATUS LIKE '%tls%'");
                  while(rs.next()) {
                      System.out.println(rs.getString(1)+"\t"+rs.getString(2));
                  }
              }
          }
      }
      

      Yielding:
      tls_version=TLSv1,TLSv1.1,TLSv1.2
      have_openssl YES
      have_ssl YES
      ssl_ca /ssl/ca.pem
      ssl_capath
      ssl_cert /ssl/server-cert.pem
      ssl_cipher
      ssl_crl
      ssl_crlpath
      ssl_key /ssl/server-key.pem
      Com_show_processlist 0
      Ssl_accept_renegotiates 0
      Ssl_accepts 0
      Ssl_callback_cache_hits 0
      Ssl_cipher DHE-RSA-AES256-SHA
      Ssl_cipher_list DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:AES128-RMD:DES-CBC3-RMD:DHE-RSA-AES256-RMD:DHE-RSA-AES128-RMD:DHE-RSA-DES-CBC3-RMD:AES256-SHA:RC4-SHA:RC4-MD5:DES-CBC3-SHA:DES-CBC-SHA:EDH-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC-SHA:AES128-SHA:AES256-RMD
      Ssl_client_connects 0
      Ssl_connect_renegotiates 0
      Ssl_ctx_verify_depth 0
      Ssl_ctx_verify_mode 0
      Ssl_default_timeout 500
      Ssl_finished_accepts 0
      Ssl_finished_connects 0
      Ssl_server_not_after Jan 21 19:40:39 2030 GMT
      Ssl_server_not_before Mar 14 19:40:39 2020 GMT
      Ssl_session_cache_hits 0
      Ssl_session_cache_misses 0
      Ssl_session_cache_mode Unknown
      Ssl_session_cache_overflows 0
      Ssl_session_cache_size 0
      Ssl_session_cache_timeouts 0
      Ssl_sessions_reused 0
      Ssl_used_session_cache_entries 0
      Ssl_verify_depth 0
      Ssl_verify_mode 0
      Ssl_version TLSv1.1
      with TLSv1.1

      and
      Exception in thread "main" java.sql.SQLNonTransientConnectionException: Could not connect to mysql:3306 : Unsupported record version Unknown-0.0
      at org.mariadb.jdbc.internal.util.exceptions.ExceptionMapper.get(ExceptionMapper.java:234)
      at org.mariadb.jdbc.internal.util.exceptions.ExceptionMapper.getException(ExceptionMapper.java:165)
      at org.mariadb.jdbc.internal.protocol.AbstractConnectProtocol.connectWithoutProxy(AbstractConnectProtocol.java:1199)
      at org.mariadb.jdbc.internal.util.Utils.retrieveProxy(Utils.java:560)
      at org.mariadb.jdbc.MariaDbConnection.newConnection(MariaDbConnection.java:174)
      at org.mariadb.jdbc.Driver.connect(Driver.java:92)
      at java.sql.DriverManager.getConnection(DriverManager.java:664)
      at java.sql.DriverManager.getConnection(DriverManager.java:247)
      at TestTLS.main(TestTLS.java:10)

      with TLSv1.2

        Attachments

          Activity

            People

            Assignee:
            diego dupin Diego Dupin
            Reporter:
            goffster Eric Goff
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:

                Git Integration

                Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.