1
Help us understand the problem. What are the problem?

posted at

JDBC経由でMySQLに突然接続できなくなった

事象

アプリケーション起動後、DB接続するとcom.mysql.cj.jdbc.exceptions.CommunicationsException: Communications link failure 発生。

  • InteliJのバージョンを上げた後、JDBC経由でMySQLに接続できなくなった。その前までは接続できていた。
  • MySQLには、terminalからクライアントから接続できることは確認できている。

環境

  • MySQL 5.7
  • MySQL Connector 8.0.18
  • IntelliJのRuntime JDK11

ログ

com.mysql.cj.jdbc.exceptions.CommunicationsException: Communications link failure

The last packet sent successfully to the server was 0 milliseconds ago. The driver has not received any packets from the server.
    at com.mysql.cj.jdbc.exceptions.SQLError.createCommunicationsException(SQLError.java:174) ~[mysql-connector-java-8.0.18.jar:8.0.18]
    at com.mysql.cj.jdbc.exceptions.SQLExceptionsMapping.translateException(SQLExceptionsMapping.java:64) ~[mysql-connector-java-8.0.18.jar:8.0.18]
~
Caused by: com.mysql.cj.exceptions.CJCommunicationsException: Communications link failure

The last packet sent successfully to the server was 0 milliseconds ago. The driver has not received any packets from the server.
~
    ... 75 common frames omitted
Caused by: javax.net.ssl.SSLHandshakeException: No appropriate protocol (protocol is disabled or cipher suites are inappropriate)
    at java.base/sun.security.ssl.HandshakeContext.<init>(HandshakeContext.java:172) ~[na:na]
    at java.base/sun.security.ssl.ClientHandshakeContext.<init>(ClientHandshakeContext.java:103) ~[na:na]
    at java.base/sun.security.ssl.TransportContext.kickstart(TransportContext.java:221) ~[na:na]
    at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:434) ~[na:na]
    at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:412) ~[na:na]
    at com.mysql.cj.protocol.ExportControlled.performTlsHandshake(ExportControlled.java:316) ~[mysql-connector-java-8.0.18.jar:8.0.18]
    at com.mysql.cj.protocol.StandardSocketFactory.performTlsHandshake(StandardSocketFactory.java:188) ~[mysql-connector-java-8.0.18.jar:8.0.18]
    at com.mysql.cj.protocol.a.NativeSocketConnection.performTlsHandshake(NativeSocketConnection.java:99) ~[mysql-connector-java-8.0.18.jar:8.0.18]
    at com.mysql.cj.protocol.a.NativeProtocol.negotiateSSLConnection(NativeProtocol.java:329) ~[mysql-connector-java-8.0.18.jar:8.0.18]

原因

Caused by: javax.net.ssl.SSLHandshakeException: No appropriate protocol (protocol is disabled or cipher suites are inappropriate)

つまり

  • JDBCでTLS1.3で接続しようとしたが、MySQLのConnectorでTLS1.3はデフォルトで利用できないため、エラーになった。
  • 以下の通り、今回の組み合わせ(connctor8.0.18/MySQL5.7)では、TLSv1.2を指定可能とあるので1.2を指定すれば良い。
For Connector/J 8.0.18 and earlier when connecting to MySQL Community Server 5.6 and 5.7 using the JDBC API:
Due to compatibility issues with MySQL Server compiled with yaSSL, Connector/J does not enable connections with TLSv1.2 and higher by default.
When connecting to servers that restrict connections to use those higher TLS versions, enable them explicitly by setting the Connector/J connection property enabledTLSProtocols (e.g., set enabledTLSProtocols=TLSv1,TLSv1.1,TLSv1.2).

関連
https://stackoverflow.com/questions/67332909/why-can-java-not-connect-to-mysql-5-7-after-the-latest-jdk-update-and-how-should

対応

jdbc接続している箇所に以下のように ?enabledTLSProtocols=TLSv1.2 をつけて明示的にTLSの利用バージョンを指定すればOK

jdbc:mysql://localhost:3306/testdb?enabledTLSProtocols=TLSv1.2
Why not register and get more from Qiita?
  1. We will deliver articles that match you
    By following users and tags, you can catch up information on technical fields that you are interested in as a whole
  2. you can read useful information later efficiently
    By "stocking" the articles you like, you can search right away
Sign upLogin
1
Help us understand the problem. What are the problem?