OpenJDK 11在JDBC连接字符串中使用TLS 1.2

huangapple
go评论120阅读模式
英文:

OpenJDK 11 use TLS 1.2 in JDBC connection string

问题

远程MySQL服务器仅接受通过TLS 1.2的连接。如何在JDBC(OpenJDK 11)中选择协议版本?

  1. SQL状态:28000
  2. java.sql.SQLException:使用的TLS版本不满足此服务器的最低要求。请使用更高的TLS版本重试。
  1. <dependency>
  2.   <groupId>mysql</groupId>
  3.   <artifactId>mysql-connector-java</artifactId>
  4.   <version>8.0.21</version>
  5. </dependency>

我尝试将 enabledSslProtocolSuites 添加到我的连接字符串中,但无济于事。

  1. jdbc:mysql://{server}.mysql.database.azure.com:3306/{database_name}?
  2.   serverTimezone=Australia/Melbourne&useSSL=true&requireSSL=true&enabledSslProtocolSuites=TLSv1.2

在启动 mvn exec:java 时添加 -Djdk.tls.client.protocols="TLSv1.2" -Djavax.net.debug=all,显示尝试使用TLS 1.1 进行Client Hello。

  1. javax.net.ssl|DEBUG|0C|azuremysqltest.App.main()|
  2. 2020-08-31 09:16:34.400 UTC|ClientHello.java:653|
  3. 生成的ClientHello握手消息 (
  4. "ClientHello": {
  5.   "client version"      : "TLSv1.1",
  6.   "random"              : "0D 94 D2 90 A7 C0 ...",
  7.   "session id"          : "",
  8.   "cipher suites"       : ...
英文:

My remote MySQL server only accepts connections over TLS 1.2. How do i select protocol version in JDBC (OpenJDK 11)?

  1. SQL State: 28000
  2. java.sql.SQLException: TLS version used does not meet minimal requirements
  3. for this server. Please use a higher TLS version and retry.
  1. <dependency>
  2.   <groupId>mysql</groupId>
  3.   <artifactId>mysql-connector-java</artifactId>
  4.   <version>8.0.21</version>
  5. </dependency>

I've tried adding enabledSslProtocolSuites to my connection string but to no avail.

  1. jdbc:mysql://{server}.mysql.database.azure.com:3306/{database_name}?
  2.   serverTimezone=Australia/Melbourne&useSSL=true&requireSSL=true&enabledSslProtocolSuites=TLSv1.2

Adding -Djdk.tls.client.protocols="TLSv1.2" -Djavax.net.debug=all when launching mvn exec:java reveals attempts to Client Hello with TLS 1.1.

  1. javax.net.ssl|DEBUG|0C|azuremysqltest.App.main()|
  2. 2020-08-31 09:16:34.400 UTC|ClientHello.java:653|
  3. Produced ClientHello handshake message (
  4. "ClientHello": {
  5.   "client version"      : "TLSv1.1",
  6.   "random"              : "0D 94 D2 90 A7 C0 ...",
  7.   "session id"          : "",
  8.   "cipher suites"       : ...

答案1

得分: 8

你可以(显然地)通过enabledTLSProtocols属性(8.0参考文档)为mysql驱动程序(与Java供应商无关)选择TLS版本:

> - enabledTLSProtocols
> ---
> 如果 "useSSL" 设置为 "true",将覆盖在底层SSL套接字上启用的TLS协议。这可用于限制连接到特定的TLS版本。 |自版本|8.0.8|

在你的情况下,值=TLSv1.2是经过批准的有效值。抱歉,我找不到关于此属性的(确切)值的参考,但我们可以进一步调查/获取支持的SSL协议版本像这里

英文:

You can (obviously) select the TLS version for the mysql driver (java vendor independently) via the enabledTLSProtocols property (8.0 reference):

> - enabledTLSProtocols
> ---
>If "useSSL" is set to "true", overrides the TLS protocols enabled for use on the underlying SSL sockets. This may be used to restrict connections to specific TLS versions. |Since|Version 8.0.8|

In your case the value =TLSv1.2 approved working. Sorry I can't find the reference on the (exact) value(s) of this property, but we can further investigate/get supported ssl protocol versions like here.

huangapple
  • 本文由 发表于 2020年8月31日 17:00:00
  • 转载请务必保留本文链接:https://go.coder-hub.com/63667790.html
  • java
  • jdbc
  • mysql
  • ssl
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定