[#CONJ-639] enabledSslProtocolSuites does not include TLSv1.2 by default

[CONJ-639] enabledSslProtocolSuites does not include TLSv1.2 by default Created: 2018-08-28 Updated: 2020-12-10 Resolved: 2018-09-03
Status:	Closed
Project:	MariaDB Connector/J
Component/s:	configuration
Affects Version/s:	2.2.1
Fix Version/s:	2.3.0, 1.7.6

Type:

Bug

Priority:

Minor

Reporter:

Art O Cathain

Assignee:

Diego Dupin

Resolution:

Fixed

Votes:

Labels:

None

Issue Links:

Relates
relates to	~~CONJ-848~~	Pool correction for java 7 connection...	Closed

Description

It is strange and inconvenient that enabledSslProtocolSuites is set to "TLSv1, TLSv1.1" by default. These versions of TLS are being deprecated in favour of TLSv1.2.

If you're not familiar with the driver's configuration options it can take a while to figure out why you can't connect to a database that is enforcing v1.2

Ideally the default value would be "TLSv1, TLSv1.1, TLSv1.2"

Comments

Comment by Diego Dupin [ 2018-08-28 ]

This is initially due because of ~~MDEV-12190~~ : server build with yassl didn't handle well when version in hello packet when using TLSv1.2 (no problem when using OpenSSL).
This is now corrected MariaDB server side for all version.

I agree that this limitation now must now be removed from connector.

Generated at Thu Feb 08 03:17:14 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.

[CONJ-639] enabledSslProtocolSuites does not include TLSv1.2 by default Created: 2018-08-28 Updated: 2020-12-10 Resolved: 2018-09-03