|
Using mysql server with tls versions 1,1.1,and 1.2 enabled,
mariadb can't negotiate a TLSv1.2 connection, (getting Unsupported record version Unknown-0.0)
but it can negotiate a TLSv1.1 connection.
Here is a sample program that shows all relevant information from the server and client:
import java.sql.Connection;
|
import java.sql.DriverManager;
|
import java.sql.ResultSet;
|
import java.sql.SQLException;
|
|
public class TestTLS {
|
public static void main(String[] args) throws ClassNotFoundException, SQLException {
|
String enabledSslProtocolSuites = args[0];
|
Class.forName("org.mariadb.jdbc.Driver");
|
try(Connection c = DriverManager.getConnection("jdbc:mariadb://mysql:3306/ach?useSSL=true&enabledSslProtocolSuites="+enabledSslProtocolSuites+"&trustStore=ssl/truststore&trustStorePassword=mypassword","ach","ach")) {
|
ResultSet rs = c.createStatement().executeQuery("select @@tls_version");
|
String ts = null;
|
while(rs.next()) {
|
ts = rs.getString(1);
|
}
|
System.out.println("tls_version="+ts);
|
rs = c.createStatement().executeQuery("show variables like '%ssl%'");
|
while(rs.next()) {
|
System.out.println(rs.getString(1)+"\t"+rs.getString(2));
|
}
|
rs = c.createStatement().executeQuery("SHOW SESSION STATUS LIKE '%ssl%'");
|
while(rs.next()) {
|
System.out.println(rs.getString(1)+"\t"+rs.getString(2));
|
}
|
rs = c.createStatement().executeQuery("SHOW SESSION STATUS LIKE '%tls%'");
|
while(rs.next()) {
|
System.out.println(rs.getString(1)+"\t"+rs.getString(2));
|
}
|
}
|
}
|
}
|
Yielding:
tls_version=TLSv1,TLSv1.1,TLSv1.2
have_openssl YES
have_ssl YES
ssl_ca /ssl/ca.pem
ssl_capath
ssl_cert /ssl/server-cert.pem
ssl_cipher
ssl_crl
ssl_crlpath
ssl_key /ssl/server-key.pem
Com_show_processlist 0
Ssl_accept_renegotiates 0
Ssl_accepts 0
Ssl_callback_cache_hits 0
Ssl_cipher DHE-RSA-AES256-SHA
Ssl_cipher_list DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:AES128-RMD:DES-CBC3-RMD:DHE-RSA-AES256-RMD:DHE-RSA-AES128-RMD:DHE-RSA-DES-CBC3-RMD:AES256-SHA:RC4-SHA:RC4-MD5:DES-CBC3-SHA:DES-CBC-SHA:EDH-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC-SHA:AES128-SHA:AES256-RMD
Ssl_client_connects 0
Ssl_connect_renegotiates 0
Ssl_ctx_verify_depth 0
Ssl_ctx_verify_mode 0
Ssl_default_timeout 500
Ssl_finished_accepts 0
Ssl_finished_connects 0
Ssl_server_not_after Jan 21 19:40:39 2030 GMT
Ssl_server_not_before Mar 14 19:40:39 2020 GMT
Ssl_session_cache_hits 0
Ssl_session_cache_misses 0
Ssl_session_cache_mode Unknown
Ssl_session_cache_overflows 0
Ssl_session_cache_size 0
Ssl_session_cache_timeouts 0
Ssl_sessions_reused 0
Ssl_used_session_cache_entries 0
Ssl_verify_depth 0
Ssl_verify_mode 0
Ssl_version TLSv1.1
with TLSv1.1
and
Exception in thread "main" java.sql.SQLNonTransientConnectionException: Could not connect to mysql:3306 : Unsupported record version Unknown-0.0
at org.mariadb.jdbc.internal.util.exceptions.ExceptionMapper.get(ExceptionMapper.java:234)
at org.mariadb.jdbc.internal.util.exceptions.ExceptionMapper.getException(ExceptionMapper.java:165)
at org.mariadb.jdbc.internal.protocol.AbstractConnectProtocol.connectWithoutProxy(AbstractConnectProtocol.java:1199)
at org.mariadb.jdbc.internal.util.Utils.retrieveProxy(Utils.java:560)
at org.mariadb.jdbc.MariaDbConnection.newConnection(MariaDbConnection.java:174)
at org.mariadb.jdbc.Driver.connect(Driver.java:92)
at java.sql.DriverManager.getConnection(DriverManager.java:664)
at java.sql.DriverManager.getConnection(DriverManager.java:247)
at TestTLS.main(TestTLS.java:10)
with TLSv1.2
|