Can JDBC based on openjdk connect to MySQL?

be familiar with ranger We should know ,ranger The server stores the policy information of service authentication in mysql in .

In the use of oracle jdk In the process of , There has been no problem ,ranger Can correctly from mysql Read and store data . However, when switching to openjdk after , There is ranger Startup cannot connect to mysql The phenomenon of , The following error messages can be seen from the log ：

SQLException: SQL state: 08S01 com.mysql.cj.jdbc.exceptions.CommunicationsException: Communications link failure

Through some source code analysis and online search of similar error information , The final positioning is ：openjdk 1.8.0_291 Start , It is disabled by default tls1.0 and 1.1 edition , Lead to jdbc And mysql The connection to could not be established correctly , To report a mistake ：

detailed release Poke it here ：https://www.java.com/en/download/helprelease_changes.html

contrast oracle jdk Version of ,jdbc Connecting There is no manual designation useSSL=false When , The connection is still established using tls The way , And by default 1.1 Version .

Use openjdk after , Because disabled tls1.1, Unable to send correctly client hello, Therefore, the connection cannot be established .

The solution is simple ：

One way is to jdbc Specifies not to use ssl, That is, add parameters useSSL=false, This is a common solution .

But one thing , Because the connection interaction process is not encrypted , Safety cannot be guaranteed （ Usually mysql All on the intranet , Interact with platform services , The network environment itself is relatively safe , Therefore, there is not much risk without encryption ）

Another way is to jdbc The use of tls1.2 Version establishes a connection with mysql Interact . That is, add parameters enabledTLSProtocols=TLSV1.2.

and mysql By default, it also supports tls1.0/1.1/1.2, So there will be no problem .

Appoint tls1.2 after , The packet capture for establishing connection interaction is shown in the following figure ：

To sum up , An error log for connection exceptions , Most of the solutions that can be found on the Internet are the first , In fact, manually specify the use of tls1.2 It's OK, too , The conclusion of this article is to check the leak and fill the vacancy .

Okay , That's all for this article , Originality is not easy. , give the thumbs-up , Looking at , Sharing is the best support , thank you ～

in addition , Two menus are arranged under the official account

One is the addition of classified historical articles , The current is hdfs、yarn、ranger、rabbitmq series , More articles will follow ; Another is the addition of personal wechat , There are some mistakes in the article , What is lacking , You can add me to wechat communication , Of course, it is not limited to the problem of the article , Other technical issues can also be exchanged .