I am new to spring-boot and JPA.
I have successfully connected my spring application to MySQL database using JPA.
However, I see the following warning being printed:
WARN: This connection is using TLSv1.1 which is now deprecated and will be removed in a future release of Connector/J.
How can I upgrade the TLS connection to use either TLS 1.2 or 1.3?
I found a fix for the problem. I added enabledTLSProtocols=TLSv1.2 to the connection URL.
For example:
spring.datasource.url=jdbc:mysql://localhost:3306/mydb?enabledTLSProtocols=TLSv1.2
Related
Does anyone experience any IBM MQ JAR version 9.2.1 (or above) connection issue from Spring Boot 2.3.5?
We encounter this message: MQRC_SSL_INITIALIZATION_ERROR. We do not have this issue when connecting from POJO.
Is there any property in Spring Boot that could be used for setting allowed version of TLS for Redis?
I have found properties for host and password spring.redis.host=${HOST} spring.redis.password=${PASSWORD} and I'd like a way to set minimum allowed version of TLS to 1.2.
I don't think there is such configuration property in Spring, but there is one in Java itself. You can use
-Djdk.tls.client.protocols=TLSv1.2
The value of the property should be a comma-delimited list of allowed protocols. All other protocols are disabled.
I created a very simple project for you to demonstrate.
Here is the traffic with the server without any configuration:
Here is the traffic when running with only the TLSv1.2 enabled:
Beware! Java versions from 12 to 14 do not respect this property!
There are more options how to configure this behavior.
I am migrating a old application with plain Spring to Spring boot. After migrating the application I see this error:
2020-08-06 20:02:03.933 WARN 9986 --- [onnection adder] c.m.s.jdbc.internals.TDS.Channel : TLSv1 was negotiated. Please update server and client to use TLSv1.2 at minimum.
What is this and why I get this? Its first time I see this kind of message. I would be greatful if someone could explain me what this is and how I can fix this problem? Anything i can put to my application.properties? If yes, why? I want to understand :)
Thank you for help :)
TLS is transport layer security (HTTPS & SSL). TLSv1 and TLSv1.1 are considered vulnerable. TLSv1.2 is the minimum you should run. Since that's coming from jdbc, that's one of your database connections. Whatever database that is, you need to configure the TLS to be v1.2 at a minimum. You shouldn't need to change anything on your app.
I have HSQL server 2.3.4 and I am trying to use hsql jdbc connectivity jar 2.2.9 to aceess the HSQL database but I am getting End of file exception.
The Servr is working pretty fine when I am using hsql jdbc connectivity jar 2.3.4 with hSQL Server 2.3.4.
Can somebody explain the reason for no backward compatibility
New features are introduced in each new version of the database engine. Sometimes the addition of new features requires changes to the network protocol used for exchanging data between the client and server. These changes break backward compatibility.
It is recommended to use jars of the same version on client and server.
We have an application using Mule standalone 3.5 (I know...) and need to force it to use TLS 1.1 or 1.2 for HTTPS.
We have upgraded to the latest Java 8 (8u112).
We have modified the mule's tls-default.conf to include the following:
enabledProtocols=SSLv2Hello,
TLSv1.1
TLSv1.2
Our HTTPS GET request results in the exception:
No appropriate protocol (protocol is disabled or cipher suites are
inappropriate) (javax.net.ssl.SSLHandshakeException)
Is there anyway to get Mule 3.5's https connector to use TLS 1.1 or 1.2 for HTTPS?
Our application also uses a Salesforce connector <sfdc:...> which works correctly using TLS 1.2 after our Java upgrade and configuration changes.
Note that Mule 3.5 still has a separate connector for HTTPS (not the combined connector for HTTP/HTTPS that was introduced in 3.6).
We are looking to avoid upgrading to a newer version of Mule since we intended to replace our use of Mule in the near future anyway, and our investigations into upgrading do not indicate that it will be easy.
UPDATE:
In addition to using the fix in Ryan Carter's answer, I also had to fix the mistake in the tls-default.conf by escaping the newlines:
enabledProtocols=SSLv2Hello, \
TLSv1.1 \
TLSv1.2
Yes the Salesforce connector automatically uses JDK's default TLS version.
But for the https connector you need to add a property to your https connector:
<https:connector name="https">
<spring:property name="sslType" value="TLSv1.2"/>
</https:connector>