DataGrip upgraded to 2021.1.2, error occurs when connecting to database (SSLHandshakeException)

Answered

error message is: javax.net.ssl.SSLHandshakeException: No appropriate protocol (protocol is disabled or cipher suites are inappropriate).

Can anyone helps?

2
10 comments
Avatar
Yuriy Vinogradov
Official comment

This is known issue

We've updated java recently and we've moved to TLSv1 to the jdk.tls.disabledAlgorithms due to security reasons. So to get it back you need to do the following:

  1. Create a file custom.java.security with the following contents:
jdk.tls.disabledAlgorithms=SSLv3, TLSv1.1, RC4, DES, MD5withRSA, \
    DH keySize < 1024, EC keySize < 224, 3DES_EDE_CBC, anon, NULL, \
    include jdk.disabled.namedCurves

I removed TLSv1 from the list.

  1. Go to you data source Advanced tab and add to VM Options: -Djava.security.properties=${PATH_TO_FILE?}/custom.java.security. Don't forget to replace ${PATH_TO_FILE?}.

  2. You can connect.

Or if you have MySQL server version >=5.7.28 then open up data source properties, go to Advanced tab and set

enabledTLSProtocols = TLSv1.2

Avatar
Yuriy Vinogradov

there are known issues in Mysql with TLSv1.2 implementation, so yes, if enabling TLS in driver does not work for you, you have to create custom security config. what is the problem here?

1

I have the same problem after update!

0

Guys, 

I'm having the same problem here and it's a mess.

 

I just can't connect to MYSQL connection.

 

I've tried the TLSv2.1 configuration and it just didn't work.

 

Is it really necessary to create a custom.java.security to make it work???

 

Anyone who can help, please reach me, I'm really in need.

 

I'm using DataGrip in MacOS

0

I was having a hard time to understand the path structure I should use from the MacOS.

 

I was not using the /Users/..... I was only using <username>/Desktop/custom.java.security

The correct way in MacOS is /Users/<username>Desktop/custom.java.security since the file is in my Desktop

0

Same issue here, after upgrading not able to connect (without ssl, also when specifying certificate, cannot connect). On an other machine where I have older version (2020.3.1), still able to connect, so can confirm that it works for older build without ssl. Why would updates in TLS affect connectivity when ssl is disabled?

0

Still seeing this error even after adding 

-Djdk.tls.disabledAlgorithms=SSLv3, TLSv1.1, RC4, DES, MD5withRSA

To the VM options.

0

Problem is Java update to new version not supported!
Remove it (new one) then check

0

I've tried everything I can think of, including the custom.java.security file (I deleted most ciphers from the list for testing), and I still get this error message when trying to connect to a 2008 Microsoft SQL Server!! How can I just connect to do my work?? I legitimately don't understand how there's not a simple way to allow an older connection type when every Microsoft product (SSMS, EF Core, etc) all support it. I understand Java wants to move past these old insecure ciphers, but I shouldn't have to migrate my client's entire server just to be able to use DataGrip...

I like JetBrains tools, but I might have to stick with SSMS for SQL.

0

Could you please report issue on YouTrack: https://youtrack.jetbrains.com/issues/DBE attaching log ("Help | Show log in...") after restarting IDE and reproducing the issue?

0

Please sign in to leave a comment.