While SSL/TLS is most familiar to users through its use securing web traffic, it is used for much more. MySQL and MariaDB have supported SSL/TLS encrypted connections since version 5.5. You can checkout the 5.7 documentation for it at https://dev.mysql.com/doc/refman/5.7/en/using-encrypted-connections.html
With Specify7, it is configured by simply adding DATABASE_OPTIONS = {'ssl': True} to local_specify_setting.py. All traffic between the application and database will then be encrypted.
After some additional investigation, according to the Connector/J documentation, it should be as simple as adding “useSSL=True&enabledTLSProtocols=TLSv1.2” to the connection setup strings for MySQL in c:\Program Files\Specify6.8.03\config\dbdrivers.xml.
However, we found that that did not work. Specify was unable to establish a database connection. After reviewing the version of the MySQLConnector/J that was included in Specify 6.8.03, we determined that we needed to upgrade the MySQL Connector/J from version 5.1.35(released 3-23-2015) to version 5.1.49, released 4/29/2020. Once we updated to that version, encrypted MySQL/MariaDB connections works perfectly.
Any chance that the java packages will be updated in Specify 6?
Requested by: Bill Kuntz at the Florida Museum