Warning about SSL connection when connecting to MySQL database

Question

With the two classes below  I ve tried connect to a MySQL database  However  I always get this error    Wed Dec 09 22 46 52 CET 2015 WARN  Establishing SSL connection without server s identity verification is not recommended  According to MySQL 5 5 45   5 6 26  and 5 7 6  requirements SSL connection must be established by default if explicit option isn t set  For compliance with existing applications not using SSL the verifyServerCertificate property is set to  false   You need either to explicitly disable SSL by setting useSSL false  or set useSSL true and provide truststore for server certificate verification    This is the test class with the main method   public class TestDatabase        public static void main String   args            Database db   new Database            try               db connect              catch  Exception e                e printStackTrace                      db close              This is the Database class   import java sql Connection  import java sql DriverManager  import java sql SQLException   public class Database        private Connection con       public void connect   throws Exception           if con    null  return           try               Class forName  com mysql jdbc Driver              catch  ClassNotFoundException e                throw new Exception  No database                       String connectionURL    jdbc mysql   localhost 3306 Peoples            con   DriverManager getConnection connectionURL   root    milos23                       public void close            if con    null               try                   con close                  catch  SQLException e                    e printStackTrace

User · Answer

The defaults for initiating a connection to a MySQL server were changed in the recent past, and (from a quick look through the most popular questions and answers on stack overflow) the new values are causing a lot of confusion. What is worse is that the standard advice seems to be to disable SSL altogether, which is a bit of a disaster in the making.

Now, if your connection is genuinely not exposed to the network (localhost only) or you are working in a non-production environment with no real data, then sure: there's no harm in disabling SSL by including the option useSSL=false.

For everyone else, the following set of options are required to get SSL working with certificate and host verification:

useSSL=true
sslMode=VERIFY_IDENTITY
trustCertificateKeyStoreUrl=file:path_to_keystore
trustCertificateKeyStorePassword=password

As an added bonus, seeing as you're already playing with the options, it is simple to disable the weak SSL protocols too:

enabledTLSProtocols=TLSv1.2

Example

So as a working example you'll need to follow the following broad steps:

First, make sure you have a valid certificate generated for the MySQL server host, and that the CA certificate is installed onto the client host (if you are using self-signed, then you'll likely need to do this manually, but for the popular public CAs it'll already be there).

Next, make sure that the java keystore contains all the CA certificates. On Debian/Ubuntu this is achieved by running:

update-ca-certificates -f
chmod 644 /etc/ssl/certs/java/cacerts

Then finally, update the connection string to include all the required options, which on Debian/Ubuntu would be something a bit like (adapt as required):

jdbc:mysql://{mysql_server}/confluence?useSSL=true&sslMode=VERIFY_IDENTITY&trustCertificateKeyStoreUrl=file%3A%2Fetc%2Fssl%2Fcerts%2Fjava%2Fcacerts&trustCertificateKeyStorePassword=changeit&enabledTLSProtocols=TLSv1.2&useUnicode=true&characterEncoding=utf8

Reference: https://beansandanicechianti.blogspot.com/2019/11/mysql-ssl-configuration.html

User · Answer

Solution To fix it  append a useSSL false at the end of the MySQL connection string   ex  application properties mysql datasource spring datasource url jdbc mysql   localhost dbname useSSL false spring datasource username root spring datasource password password spring datasource driver-class-name com mysql jdbc Driver

User · Answer

I found this warning too then I fixed it by using SSL false suffix to the connection string like this example code   Example   connectionString    jdbc mysql    server-name  3306  s useUnicode yes amp characterEncoding UTF-8 amp useSSL false

User · Answer

you need to user your mysql path like this     lt property name  url  value  jdbc mysql   localhost 3306 world useSSL true   gt

User · Answer

Use this to solve the problem in hive while making connection with MySQL   lt property gt      lt name gt javax jdo option ConnectionURL lt  name gt      lt value gt jdbc mysql   localhost metastore createDatabaseIfNotExist true amp amp autoReconnect true amp amp useSSL false lt  value gt      lt description gt metadata is stored in a MySQL server lt  description gt   lt  property gt

User · Answer

the new versions of mysql-connector establish SSL connection by default    to solve it   Download the older version of mysql-connector such as mysql-connector-java-5 0 8 zip       or     Download OpenSSL for Windows and follow the instructions how to set it

User · Answer

Your connection URL should look like the below   jdbc mysql   localhost 3306 Peoples autoReconnect true amp useSSL false   This will disable SSL and also suppress the SSL errors

User · Answer

Since I am currently in development mode I set useSSL to No not in tomcat but in mysql server configurations  Went to Manage Access Settings Manage Server Connections from workbench -  Selected my connection  Inside connection tab went to SSL tab and disabled the settings  Worked for me

User · Answer

Mention the url like   jdbc mysql   hostname 3306 hibernatedb autoReconnect true amp useSSL false   But in xml configuration when you mention  amp  sign  the IDE shows below error      The reference to entity  useSSL  must end with the     delimiter    And then you have to explicitly use the  amp amp  instead of  amp  to be determined as  amp  by xml thereafter in xml you have to give the url in xml configuration like this    lt property name  connection url  gt jdbc mysql   hostname 3306 hibernatedb autoReconnect true amp amp useSSL false lt  property gt

User · Answer

An alternative method would be   Properties properties   new Properties    properties setProperty  user    root    properties setProperty  password    milos23   properties setProperty  useSSL    false     try  Connection conn   DriverManager getConnection connectionUrl  properties           catch  SQLException e

User · Answer

To disable the warning while connecting to a database in Java  use the below concept - autoReconnect true amp useSSL false  Just need to change connectionURL like   String connectionURL   jdbc mysql   localhost 3306 Peoples autoReconnect true amp useSSL false  This will disable SSL and also suppress the SSL errors

User · Answer

This was OK for me   this conn    Connection DriverManager      getConnection url   dbName     useSSL false   userName  password

User · Answer

How about using SSL but turning off server verification  such as when in development mode on your own computer    jdbc mysql   localhost 3306 Peoples verifyServerCertificate false amp useSSL true

User · Answer

I use this property for hibernate in config xml   lt property name  hibernate connection url  gt  jdbc mysql   localhost 3306 bookshop serverTimezone UTC amp amp useSSL false  lt  property gt    without - serverTimezone UTC  - it doesn t work

[java] Warning about SSL connection when connecting to MySQL database

Example

Examples related to java

Examples related to ssl

Examples related to database-connection

Examples related to mysql-error-1064