Unable to connect using SSL (CA file) with MySQL Connector/J ver. 5.1.44

Completed

Workaround:

https://youtrack.jetbrains.com/issue/DBE-2273#focus=streamItem-27-3540670.0-0

Workaround1:

See https://youtrack.jetbrains.com/issue/DBE-5439#focus=streamItem-27-3352630.0-0

Workaround2:
See https://youtrack.jetbrains.com/issue/DBE-5439 for a workaround. In general, one needs to rollback to 5.1.40 driver.

I connect to an Amazon Web Services MySQL RDS instance using SSL with the CA file provided at http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.SSL.html (rds-downloads/rds-combined-ca-bundle.pem)

The other day I saw in my connection the option to update the MySQL driver, and since doing so I have been unable to connect using the SSL option. However, I can connect when not using SSL.

I have managed to get SSL to work again by switching from "MySQL Connector/J ver. 5.1.44" to "MySQL Connector/J ver. 5.1.40" found under Data Sources and Drivers > Drivers > MySQL > Driver Files.

So it seems there may be a problem with the MySQL Connector/J ver. 5.1.44 driver.

8 comments
Comment actions Permalink

I was running into this same problem! It was driving me insane. Thanks so much for the help!!!

0
Comment actions Permalink

We've found the same to be true for 5.1.45 driver. Hope they get this resolved moving forward!

0
Comment actions Permalink

Thank you! Yes we had the same problem. Reverting to 5.1.40 resolved it for now.

1
Comment actions Permalink

Same issue, suddenly couldn't connect anymore with DataGrip to my RDS server. Fixed by switching to 5.1.40 by clicking on the driver and selecting another version

 

1
Comment actions Permalink

Had the same issue in PyCharm, reverting back to MySQL Connector/J ver. 5.1.40 does help - not sure why that happens. 

0
Comment actions Permalink

Yup. Rolling back to 5.1.40 was the key. I was starting to question my abilities....

1
Comment actions Permalink

Connector/J can encrypt all data communicated between the JDBC driver and the server (except for the initial handshake) using SSL. There is a performance penalty for enabling connection encryption, the severity of which depends on multiple factors including (but not limited to) the size of the query, the amount of data returned, the server hardware, the SSL library used, the network bandwidth, and so on.

The system works through two Java keystore files: one file contains the certificate information for the server (truststorein the examples below), and another contains the keys and certificate for the client (keystore in the examples below). All Java keystore files are protected by the password supplied to the keytool when you created the files. You need the file names and the associated passwords to create an SSL connection For more information visit: https://bit.ly/2OUHlbu

0
Comment actions Permalink

The underlying issue is fixed in DataGrip 2019.3 EAP. Feel free to use the latest JDBC driver and set up proper SSL settings

0

Please sign in to leave a comment.