SSLException on connection close #1268
Comments
|
What about the situations where SSL disabling is not an option and you have to verify server certificate? Is there any sort of workaround? |
|
I also tried disabling TLS v1.3 according to JSSE documentation with providing the following JAVA_OPTION: |
|
I use SSL in the link between the client's browser and Tomcat-based application. That is unrelated, so I haven't tried altering the SSL settings in Java. The question here pertains to the Connector/J links between the application and the database, which are controlled by the HikariCP connection pool. Those connectors in mySQL 8.0.13 are subject to a new parameter, "sslMode". Without SSL along the link between application and database results in: sslMode = PREFERRED -> errors thrown each time a connector is disconnected by HikariCP I haven't tested using SSL as my database and application are in the same machine. |
|
This looks like a bug in the driver, not HikariCP. HikariCP is simply calling |
|
It looks like this is known to Oracle, I'm also having this issue and came here from this stack overflow: https://bugs.mysql.com/bug.php?id=93590 |
|
just add this to your database url. I did it when I was connection to mysql database and it solved the issue |
|
@phyntom that's all very well ( e.g. assume a user called |
|
Did this actually get fixed, or did the issue just get closed? I would love to get rid of these from our error logs. |
|
yes buy using the is |
|
@phyntom does this mean that SSL will be completely disabled for communication with MySQL? If so - I think it's very dangerous 'solution'. |
|
That is why I suggested you to find another driver and test it.I have remove also useSSL=false after the upgrade and all errors disappeared. So try another version |
|
For reference: https://bugs.mysql.com/bug.php?id=93590 & https://bugs.openjdk.java.net/browse/JDK-8215102 There is an interesting answer here: https://bugs.openjdk.java.net/browse/JDK-8215102?focusedCommentId=14240050&page=com.atlassian.jira.plugin.system.issuetabpanels%3Acomment-tabpanel#comment-14240050 With a JDK code test here: http://cr.openjdk.java.net/~sgehwolf/webrevs/JDK-8215102-jtreg-test/01/webrev/openjdk-head-2.patch that can reproduce it regardless of the JDBC connector in the JDK11. |
|
Netty has a commit to "swallow"/suppress this Java11 exception/bug, is it worth adding to HikariCP? https://github.com/netty/netty/blob/41b02368153af86b1ddb19020ebf5e4f7c69aecd/handler/src/main/java/io/netty/handler/ssl/SslHandler.java#L1779 |
|
Never mind, it looks like Hikari already attempts to track the exception, it's getting logged lower down in the dependencies |
|
I added: mysql/mysql-connector-j#32 |
An exception is thrown when a connector is closed every time a max lifetime expires. The issue is new with OpenJDK 11.0.1 (vs Oracle Java 10) and is easily solved if not using SSL.
With these connector properties defined (new with mySQL 8.0.13):
hikariDataSource.addDataSourceProperty("sslMode", "PREFERRED");
hikariDataSource.addDataSourceProperty("allowPublicKeyRetrieval", "true");
a lifetime expiry results in:
From the Connector/J documentation: "PREFERRED" - (default) Establish encrypted connections if the server enabled them, otherwise fall back to unencrypted connections;
It is an easy fix:
hikariDataSource.addDataSourceProperty("sslMode", "DISABLED");
hikariDataSource.addDataSourceProperty("allowPublicKeyRetrieval", "false");
Possibly related discussion on StackOverflow pointing to an OpenJDK problem: https://stackoverflow.com/questions/52016415/jdk-11-ssl-error-on-valid-certificate-working-in-previous-versions
FYI, in case the connection close mechanism needs tweaking.
Environment
The text was updated successfully, but these errors were encountered: