Cannot connect to MySQL database after Java upgrade
Problem:
After upgrading Java to the latest Java 8 or Java 11, Brekeke CCS applications become not to connect to their database (MySQL). In application logs (cim.log / crm.log), the following error messages are shown.
[] [$] com.mysql.jdbc.exceptions.jdbc4.CommunicationsException: Communications link failure : Caused by: javax.net.ssl.SSLHandshakeException: No appropriate protocol (protocol is disabled or cipher suites are inappropriate) :
Root cause:
On some MySQL version 5.7.x, databases are configured to use old secure protocols (TLS1.0/TLS1.1) for jdbc connections as default settings. However, because on the latest Java 8 or Java 11 or later, those protocols(TLS1.0/TLS1.1) are disabled as default, jdbc connections are failed after Java upgrade.
*You can check the enabled TLS versions on your MySQL database with the following command.
SHOW GLOBAL VARIABLES LIKE 'tls_version';
Solution:
Option 1. Enable TLS 1.2 or later on MySQL.
In some cases, old MySQL 5.7.x may not support TLS 1.2 as default, upgrading MySQL may be needed .
Following MySQL official instructions and manuals, upgrade MySQL and enable TLS 1.2 or later.
Option 2. Not to use TLS protocol on JDBC connections.
Please note that this way may cause security issue.
In the cases that unsecured connections are allowed, adding the parameter “&useSSL=false” to the jdbc connection URL on each database settings page, you can explicitly specify not to use SSL(TLS).