DataGrip upgraded to 2021.1.2, error occurs when connecting to database (SSLHandshakeException)

Answered

error message is: javax.net.ssl.SSLHandshakeException: No appropriate protocol (protocol is disabled or cipher suites are inappropriate).

Can anyone helps?

7 comments
Avatar
Yuriy Vinogradov
Comment actions Permalink
Official comment

This is known issue

We've updated java recently and we've moved to TLSv1 to the jdk.tls.disabledAlgorithms due to security reasons. So to get it back you need to do the following:

  1. Create a file custom.java.security with the following contents:
jdk.tls.disabledAlgorithms=SSLv3, TLSv1.1, RC4, DES, MD5withRSA, \
    DH keySize < 1024, EC keySize < 224, 3DES_EDE_CBC, anon, NULL, \
    include jdk.disabled.namedCurves

I removed TLSv1 from the list.

  1. Go to you data source Advanced tab and add to VM Options: -Djava.security.properties=${PATH_TO_FILE?}/custom.java.security. Don't forget to replace ${PATH_TO_FILE?}.

  2. You can connect.

Or if you have MySQL server version >=5.7.28 then open up data source properties, go to Advanced tab and set

enabledTLSProtocols = TLSv1.2

Comment actions Permalink

I have the same problem after update!

0
Comment actions Permalink

Guys, 

I'm having the same problem here and it's a mess.

 

I just can't connect to MYSQL connection.

 

I've tried the TLSv2.1 configuration and it just didn't work.

 

Is it really necessary to create a custom.java.security to make it work???

 

Anyone who can help, please reach me, I'm really in need.

 

I'm using DataGrip in MacOS

0
Avatar
Yuriy Vinogradov
Comment actions Permalink

there are known issues in Mysql with TLSv1.2 implementation, so yes, if enabling TLS in driver does not work for you, you have to create custom security config. what is the problem here?

0
Comment actions Permalink

I was having a hard time to understand the path structure I should use from the MacOS.

 

I was not using the /Users/..... I was only using <username>/Desktop/custom.java.security

The correct way in MacOS is /Users/<username>Desktop/custom.java.security since the file is in my Desktop

0
Comment actions Permalink

Same issue here, after upgrading not able to connect (without ssl, also when specifying certificate, cannot connect). On an other machine where I have older version (2020.3.1), still able to connect, so can confirm that it works for older build without ssl. Why would updates in TLS affect connectivity when ssl is disabled?

0
Comment actions Permalink

Still seeing this error even after adding 

-Djdk.tls.disabledAlgorithms=SSLv3, TLSv1.1, RC4, DES, MD5withRSA

To the VM options.

0

Please sign in to leave a comment.