search

osheroff / mysql-binlog-connector-java

MySQL Binary Log connector
680 stars 167 forks source link

Java 11: SSLMode.VERIFY_CA: `javax.net.ssl.SSLHandshakeException: Received fatal alert: protocol_version` #152

Closed leiless closed 2 months ago

leiless commented 2 months ago 
20:44:00.887 [CDC-Client] ERROR infra.binlog.CdcClient - Cannot do work
javax.net.ssl.SSLHandshakeException: Received fatal alert: protocol_version
    at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?]
    at sun.security.ssl.Alert.createSSLException(Alert.java:117) ~[?:?]
    at sun.security.ssl.TransportContext.fatal(TransportContext.java:347) ~[?:?]
    at sun.security.ssl.Alert$AlertConsumer.consume(Alert.java:293) ~[?:?]
    at sun.security.ssl.TransportContext.dispatch(TransportContext.java:186) ~[?:?]
    at sun.security.ssl.SSLTransport.decode(SSLTransport.java:172) ~[?:?]
    at sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1511) ~[?:?]
    at sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1421) ~[?:?]
    at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:456) ~[?:?]
    at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:427) ~[?:?]
    at com.github.shyiko.mysql.binlog.network.protocol.PacketChannel.upgradeToSSL(PacketChannel.java:98) ~[mysql-binlog-connector-java-0.31.0.jar:0.31.0]
    at com.github.shyiko.mysql.binlog.BinaryLogClient.tryUpgradeToSSL(BinaryLogClient.java:765) ~[mysql-binlog-connector-java-0.31.0.jar:0.31.0]
    at com.github.shyiko.mysql.binlog.BinaryLogClient.connect(BinaryLogClient.java:596) ~[mysql-binlog-connector-java-0.31.0.jar:0.31.0]
    at com.github.shyiko.mysql.binlog.BinaryLogClient$7.run(BinaryLogClient.java:954) ~[mysql-binlog-connector-java-0.31.0.jar:0.31.0]
    at java.lang.Thread.run(Thread.java:829) ~[?:?]

mysql> \s
--------------
mysql  Ver 8.0.39-0ubuntu0.22.04.1 for Linux on x86_64 ((Ubuntu))

Connection id:      122
Current database:   
Current user:       alice@mysql-13306
SSL:            Cipher in use is TLS_AES_128_GCM_SHA256
Current pager:      less
Using outfile:      ''
Using delimiter:    ;
Server version:     8.0.36 Source distribution
Protocol version:   10
Connection:     127.0.0.1 via TCP/IP
Server characterset:    utf8mb4
Db     characterset:    utf8mb4
Client characterset:    utf8mb4
Conn.  characterset:    utf8mb4
TCP port:       13306
Binary data as:     Hexadecimal
Uptime:         10 min 3 sec

Threads: 2  Questions: 49  Slow queries: 0  Opens: 187  Flush tables: 3  Open tables: 102  Queries per second avg: 0.081
--------------

mysql> SHOW STATUS LIKE '%ssl%';
+-----------------------------------------------+------------------------------------------------------+
| Variable_name                                 | Value                                                |
+-----------------------------------------------+------------------------------------------------------+
| Com_show_processlist                          | 0                                                    |
| Deprecated_use_i_s_processlist_count          | 0                                                    |
| Deprecated_use_i_s_processlist_last_timestamp | 0                                                    |
| Mysqlx_ssl_accepts                            | 0                                                    |
| Mysqlx_ssl_active                             |                                                      |
| Mysqlx_ssl_cipher                             |                                                      |
| Mysqlx_ssl_cipher_list                        |                                                      |
| Mysqlx_ssl_ctx_verify_depth                   | 18446744073709551615                                 |
| Mysqlx_ssl_ctx_verify_mode                    | 5                                                    |
| Mysqlx_ssl_finished_accepts                   | 0                                                    |
| Mysqlx_ssl_server_not_after                   | Dec 31 06:26:06 2099 GMT                             |
| Mysqlx_ssl_server_not_before                  | Sep  2 06:26:06 2024 GMT                             |
| Mysqlx_ssl_verify_depth                       |                                                      |
| Mysqlx_ssl_verify_mode                        |                                                      |
| Mysqlx_ssl_version                            |                                                      |
| Ssl_accept_renegotiates                       | 0                                                    |
| Ssl_accepts                                   | 113                                                  |
| Ssl_callback_cache_hits                       | 0                                                    |
| Ssl_cipher                                    | TLS_AES_128_GCM_SHA256                               |
| Ssl_cipher_list                               | TLS_AES_128_GCM_SHA256:ECDHE-ECDSA-AES128-GCM-SHA256 |
| Ssl_client_connects                           | 0                                                    |
| Ssl_connect_renegotiates                      | 0                                                    |
| Ssl_ctx_verify_depth                          | 18446744073709551615                                 |
| Ssl_ctx_verify_mode                           | 5                                                    |
| Ssl_default_timeout                           | 7200                                                 |
| Ssl_finished_accepts                          | 75                                                   |
| Ssl_finished_connects                         | 0                                                    |
| Ssl_server_not_after                          | Dec 31 06:26:06 2099 GMT                             |
| Ssl_server_not_before                         | Sep  2 06:26:06 2024 GMT                             |
| Ssl_session_cache_hits                        | 0                                                    |
| Ssl_session_cache_misses                      | 0                                                    |
| Ssl_session_cache_mode                        | SERVER                                               |
| Ssl_session_cache_overflows                   | 0                                                    |
| Ssl_session_cache_size                        | 128                                                  |
| Ssl_session_cache_timeout                     | 300                                                  |
| Ssl_session_cache_timeouts                    | 0                                                    |
| Ssl_sessions_reused                           | 0                                                    |
| Ssl_used_session_cache_entries                | 0                                                    |
| Ssl_verify_depth                              | 18446744073709551615                                 |
| Ssl_verify_mode                               | 5                                                    |
| Ssl_version                                   | TLSv1.3                                              |
+-----------------------------------------------+------------------------------------------------------+
41 rows in set (0.00 sec)

mysql> SHOW STATUS LIKE '%tls%';
+--------------------------+----------------------------------+
| Variable_name            | Value                            |
+--------------------------+----------------------------------+
| Current_tls_ca           | /etc/mysql/ssl/ca-cert.pem       |
| Current_tls_capath       |                                  |
| Current_tls_cert         | /etc/mysql/ssl/server-cert.pem   |
| Current_tls_cipher       | ECDHE-ECDSA-AES128-GCM-SHA256    |
| Current_tls_ciphersuites | TLS_AES_128_GCM_SHA256           |
| Current_tls_crl          |                                  |
| Current_tls_crlpath      |                                  |
| Current_tls_key          | /etc/mysql/ssl/server-key.pem    |
| Current_tls_version      | TLSv1.3                          |
| Tls_library_version      | OpenSSL 1.1.1k  FIPS 25 Mar 2021 |
+--------------------------+----------------------------------+
10 rows in set (0.00 sec)
leiless commented 2 months ago 
+import com.github.shyiko.mysql.binlog.network.DefaultSSLSocketFactory;
+client.setSslSocketFactory(new DefaultSSLSocketFactory("TLSv1.3"));

Solved my problem