JDBC TLS MariaDB/MySQL Connection Issues

deeztek · July 7, 2023, 10:59am

I have been fighting this for hours. I’m trying to get Lucee to connect to a MariaDB database that has TLS enabled. This is the JDBC string I’m using:

useUnicode=true&characterEncoding=UTF-8&useLegacyDatetimeCode=true&autoReconnect=true&useSSL=true&verifyServerCertificate=false&serverTimezone=America/New_York&enabledTLSProtocols=TLSv1.2&requireSSL=true

I get the following error:

Caused by: com.mysql.jdbc.exceptions.jdbc4.CommunicationsException: Communications link failure

The last packet successfully received from the server was 2 milliseconds ago. The last packet sent successfully to the server was 2 milliseconds ago.

 ... 88 more

Caused by: javax.net.ssl.SSLHandshakeException: Received fatal alert: protocol_version

at sun.security.ssl.Alert.createSSLException(Unknown Source) ~[?:?]

at sun.security.ssl.Alert.createSSLException(Unknown Source) ~[?:?]

at sun.security.ssl.TransportContext.fatal(Unknown Source) ~[?:?]

at sun.security.ssl.Alert$AlertConsumer.consume(Unknown Source) ~[?:?]

at sun.security.ssl.TransportContext.dispatch(Unknown Source) ~[?:?]

at sun.security.ssl.SSLTransport.decode(Unknown Source) ~[?:?]

at sun.security.ssl.SSLSocketImpl.decode(Unknown Source) ~[?:?]

at sun.security.ssl.SSLSocketImpl.readHandshakeRecord(Unknown Source) ~[?:?]

at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source) ~[?:?]

at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source) ~[?:?]

So it looks like it’s not negotiating the correct SSL protocol with the server. Hopefully someone can shed some light on this.

Don’t forget to tell us about your stack!

OS: Ubuntu 22.04/Docker
Java Version: 11.0.15
Tomcat Version:
Lucee Version: 5.3.9.141

syzzle · July 7, 2023, 12:13pm

Not sure if it’s related but our MSSQL connections are all failing as of today as well. Nothing on our end has changed in the last week. No updates, no server changes, no code changes.

“ERROR”,“ajp-nio-127.0.0.1-8009-exec-3”,“07/07/2023”,“08:09:27”,“AllFriends”,"Event Name: "
“ERROR”,“ajp-nio-127.0.0.1-8009-exec-3”,“07/07/2023”,“08:09:27”,“AllFriends”,“Message: Unable to resolve org.lucee.mssql [82](R 82.0): missing requirement [org.lucee.mssql [82](R 82.0)] osgi.wiring.package; (osgi.wiring.package=org.bouncycastle.jce.provider) Unresolved requirements: [[org.lucee.mssql [82](R 82.0)] osgi.wiring.package; (osgi.wiring.package=org.bouncycastle.jce.provider)]”

syzzle · July 7, 2023, 12:49pm

This is very strange. All is working now, but I noticed after a Lucee restart that the Microsoft SQL Server App was no longer installed, as if it self-uninstalled. After re-installing the database connections worked perfectly.

Lucee 5.4.0.80

deeztek · July 10, 2023, 10:23pm

My problem is still there. I have restarted Lucee at least a dozen times trying different settings but no joy. Any other suggestions? It shouldn’t make a difference but I’m using Commandbox.

syzzle · July 11, 2023, 10:44am

Unfortunately I have no further information to share. Maybe Commandbox is part of the issue? Have you tried uninstalling then reinstalling the MariaDB extension (if applicable)?

From “Deeztek via Lucee Dev” <noreply@daemonite.io>
To support@syzzle.com
Date 7/10/23, 6:33:07 PM
Subject [Lucee Dev] [dev/support] JDBC TLS MariaDB/MySQL Connection Issues

| deeztek
July 10 |

| - |

My problem is still there. I have restarted Lucee at least a dozen times trying different settings but no joy. Any other suggestions? It shouldn’t make a difference but I’m using Commandbox.

Visit Topic or reply to this email to respond.

In Reply To

| syzzle
July 7 |

| - |

This is very strange. All is working now, but I noticed after a Lucee restart that the Microsoft SQL Server App was no longer installed, as if it self-uninstalled. After re-installing the database connections worked perfectly. Lucee 5.4.0.80

Visit Topic or reply to this email to respond.

To unsubscribe from these emails, click here.

Roger_Garpenholm · July 31, 2023, 4:30pm

You’re not alone, I had the same issue. But I think I now know why it happens.
I just made a OVF copy (clone) of a fully working virtual machine with Lucee 5.4.3.0 on it together with MySQL 8.0.33-0 (InnoDB) running on a Ubuntu 20.04 (Linux 5.4.0-155-generic). Everything worked fine until I copied it and powered it up, then nothing (MySQL-related) works anymore.
I log on to the VM and type mysql in the terminal and get:
ERROR 2002 (HY000): Can’t connect to local MySQL server through socket ‘/var/run/mysqld/mysqld.sock’ (2)

Then (after reading this forum post) I checked if the /etc/mysql/ still was present, and it is.
I tried to force a stop/start with:

service mysql stop
service mysql start

I got the error: systemd[1]: mysql.service Failed with result ‘exit-code’.
I checked with systemctl status mysql.service and got:
Status: “Server startup in progress”
Error: 99 (Cannot assign requested address)

This gave me a hint that it’s IP address related.

I looked up what IP I have now with:
ip a

I noted the new address (given via DHCP - That’s why this happens)

I edited the configuration file of MySQL:
nano /etc/mysql/mysql.conf.d/mysqld.cnf

And I found that I had two fixed IP addresses in that config:

bind-address = <an old fixed IP> (Replace this with the new noted above)
mysqlx-bind-address = <an old fixed IP> (Replace this with the new noted above)

Then I saved the configuration file and started the MySQL service:

service mysql start

Now there was no error messages!

Next thing was to log in to the local /lucee/admin/ server and change to the correct IP in the “Services”/“Datasource” menu. After I edited the datasource I noticed a green “OK” in the check column of the GUI, so it looked promising.

You have to restart Lucee after this:

service lucee_ctl restart

or

service lucee_ctl stop
service lucee_ctl start

After this my application works fine again!

deeztek · August 1, 2023, 5:51pm

Thanks but I don’t think that’s my problem. I should had mentioned that the JDBC works fine without TLS but as soon as I enable TLS I get the error above.

Terry_Whitney · August 1, 2023, 5:56pm

You have to import the SSL keys

many tutorials on how to import an ssl key to a java instance, but the basics are download the ssl cert and import it depending on your OS and java version.

deeztek · August 1, 2023, 6:16pm

already imported the ssl key

Roger_Garpenholm · August 1, 2023, 10:43pm

Are you running the same TLS version on both servers?
(The issue you’re experiencing looks like a handshake failure due to a mismatch in the TLS protocol version between your Lucee (running MariaDB JDBC driver) and the MariaDB server.)

Looking at your JDBC connection string, you’ve specified

enabledTLSProtocols=TLSv1.2

However, MariaDB might be expecting a different version of TLS. It might be expecting TLSv1.3 or a different version depending upon its configuration?
(Maybe also update JDBC driver and Java version)