Why can Java not connect to MySQL 5.7 after the latest JDK update and how should it be fixed? (ssl.SSLHandshakeException: No appropriate protocol)

by

As @skelwa already commented you will need to add the enabledTLSProtocols=TLSv1.2 configuration property in the connection string to resolve your issue.

A complete connection string for Connector/J could look like this:

jdbc:mysql://<host>:<port>/<dbname>?enabledTLSProtocols=TLSv1.2

For r2dbc you will need to use tlsVersion=TLSv1.2 instead.

For Connector/J v8.0.28 enabledTLSProtocols was renamed to tlsVersions (see note). However, the original name remains as an alias.

The question that remains is:

Why don’t the JDK and MySQL just agree on using TLSv1.2?

Although both parties do actually support TLSv1.2, the problem you were experiencing is introduced by the default behavior of Connector/J. For compatibility reasons Connector/J does not enable TLSv1.2 and higher by default. Therefore, one has to enable it explicitly.

See the following note:

For Connector/J 8.0.18 and earlier when connecting to MySQL Community
Server 5.6 and 5.7 using the JDBC API: Due to compatibility issues
with MySQL Server compiled with yaSSL, Connector/J does not enable
connections with TLSv1.2 and higher by default. When connecting to
servers that restrict connections to use those higher TLS versions,
enable them explicitly by setting the Connector/J connection property
enabledTLSProtocols (e.g., set
enabledTLSProtocols=TLSv1,TLSv1.1,TLSv1.2).

WARNING: please be aware that solutions suggesting editing jdk.tls.disabledAlgorithms inside of jre/lib/security pose a security risk to your application and changing anything there might have severe implications!
There are reasons why those protocols were disabled and one should not simply remove everything or even just parts from that list.

Note: if you want to get more low level insights from the JDK to debug your problem you can enable ssl debug logs by passing the following configuration to the java comand:

-Djavax.net.debug=ssl,handshake
or even
-Djavax.net.debug=all

In your case you will see something like:

...(HANDSHAKE_FAILURE): Couldn't kickstart handshaking (
"throwable" : {
  javax.net.ssl.SSLHandshakeException: No appropriate protocol (protocol is disabled or cipher suites are inappropriate)
    at java.base/sun.security.ssl.HandshakeContext.<init>(HandshakeContext.java:170)
    at java.base/sun.security.ssl.ClientHandshakeContext.<init>(ClientHandshakeContext.java:98)
    ...

More Related Contents:

  1. mysql insert values not updating after some hours?
  2. com.mysql.jdbc.exceptions.jdbc4.CommunicationsException: Communications link failure
  3. Solving a “communications link failure” with JDBC and MySQL [duplicate]
  4. Using env variable in Spring Boot’s application.properties
  5. Cannot issue data manipulation statements with executeQuery()
  6. Handling MySQL datetimes and timestamps in Java
  7. How can I protect MySQL username and password from decompiling?
  8. Using Hibernate’s ScrollableResults to slowly read 90 million records
  9. Java JDBC Access denied for user [closed]
  10. No Dialect mapping for JDBC type: 1111
  11. preparedStatement syntax error
  12. Can Hibernate work with MySQL’s “ON DUPLICATE KEY UPDATE” syntax?
  13. Connection Java – MySQL : Public Key Retrieval is not allowed
  14. Spring, Hibernate, Blob lazy loading
  15. MySQL select coordinates within range
  16. runtime error: java.lang.ClassNotFoundException: com.mysql.jdbc.Driver
  17. JDBC returning MySQLSyntaxError Exception with correct statement
  18. Java + Mysql UTF8 Problem
  19. Problems reading/writing UTF-8 data in MySQL from Java using JDBC connector 5.1
  20. Hibernate Criteria Query to get specific columns
  21. com.mysql.jdbc.exceptions.jdbc4.MySQLNonTransientConnectionException: No operations allowed after connection closed
  22. MySQL connector error “The server time zone value Central European Time” [duplicate]
  23. com.mysql.jdbc.PacketTooBigException
  24. Create MySQL database from Java
  25. com.mysql.jdbc.exceptions.jdbc4.MySQLNonTransientConnectionException: Could not create connection to database server [duplicate]
  26. Hibernate: Create Mysql InnoDB tables instead of MyISAM
  27. Should a database connection stay open all the time or only be opened when needed?
  28. How to connect to a remote MySQL database with Java?
  29. Hibernate Criteria API: get n random rows
  30. Embedding mysql in java desktop application

Leave a Comment