Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

SSL-Warning filling catalina.out when connecting to MySQL Database, useSSL not working

Walter Sunk
Walter Sunk November 1, 2016

Hi,

my logfile logs/catalina.out is filled with the following message:

WARN: Establishing SSL connection without server's identity verification is not recommended. According to MySQL 5.5.45+, 5.6.26+ and 5.7.6+ requirements SSL connection must be established by default if explicit option isn't set. For compliance with existing applications not using SSL the verifyServerCertificate property is set to 'false'. You need either to explicitly disable SSL by setting useSSL=false, or set useSSL=true and provide truststore for server certificate verification.

 

I have tried the things below, but cannot get rid of this warning filling my logfile continuously.

In conf/server.xml I tried the following connection-strings:

*) when set up confluence-mysql-user for using plaintext-connections: (GRANT ... REQUIRE NONE)

url="jdbc:mysql://localhost:3306/confluence?useUnicode=true;characterEncoding=utf8;useSSL=false"

url="jdbc:mysql://localhost:3306/confluence?useSSL=false"

*) when set up confluence-mysql-user for using ssl-connections: (GRANT ... REQUIRE SSL)

url="jdbc:mysql://localhost:3306/confluence?useUnicode=true;characterEncoding=utf8;verifyServerCertificate=false;useSSL=true;requireSSL"

and in addition I added the mysql-ca-public-key-file to the truststore jre/lib/security/cacerts;
for info, connecting in bash-commandline with the mysql-ca-public-key-file works fine:
mysql -u confluence -p --ssl-ca=/etc/mysql/certs/ca.pem

*) I tried to also use & instead of only ; in the connection-String, same results.

It seems that the useSSL in the connection-string has no effect, the warning is always logged.

I found this MySQL-Connector-Bug:
https://bugs.mysql.com/bug.php?id=80198
but according to this using useSSL=true should not log the warning, however the warning is always logged.

My Setup:
Confluence 5.10.1
mysql  Ver 14.14 Distrib 5.7.16, for Linux (x86_64)
mysql-connector-java-5.1.40 (also tried 5.1.39)
Ubuntu 16.04 LTS Server

Thanks for help.

Answer
Watch
Like Subash Thirimanna likes this
27127 views

3 answers

1 vote
Walter Sunk
Walter Sunk November 2, 2016

I noticed that I have to edit <CONFLUENCE-DATA-DIR>/confluence.cfg.xml to set the connection-String and not <CONFLUENCE-DIR>/conf/server.xml

Problem solved, useSSL is working when setting the connection-String in confluence.cfg.xml

View More Comments
koganm
koganm April 18, 2017

Hi Walter,

Can you reply with the exact string please. I have tried the below and I still still receive these errors:

<property name="hibernate.connection.url">jdbc:mysql://localhost/confluence?sessionVariables=default_storage_engine%3DInnoDB&useSSL=false&amp;</property>

<property name="hibernate.connection.url">jdbc:mysql://localhost/confluence?sessionVariables=default_storage_engine%3DInnoDB?useSSL=false</property>

Both done in <CONFLUENCE-DATA-DIR>/confluence.cfg.xml

Like
Tom Dickson
Tom Dickson January 9, 2018

I have this:

<property name="hibernate.connection.url">jdbc:mysql://10.10.10.10/confluence?autoReconnect=true&amp;amp;sessionVariables=storage_engine%3DInnoDB&amp;amp;useUnicode=true&amp;amp;characterEncoding=utf8</property>

Like
Tom Dickson
Tom Dickson January 10, 2018

which doesn't work, ha!

Like
Tom Dickson
Tom Dickson January 10, 2018

<property name="hibernate.connection.url">jdbc:mysql://10.10.10.10/confluence?useSSL=false</property>

seems to have silenced it ....

Like
Reply
0 votes
Aleksandr
Aleksandr
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
March 22, 2022

Hello team! Still have the same issue. In the catalina.out logs have 

Tue Mar 22 10:50:26 UTC 2022 WARN: Establishing SSL connection without server's identity verification is not recommended. According to MySQL 5.5.45+, 5.6.26+ and 5.7.6+ requirements SSL connection must be established by default if explicit option isn't set. For compliance with existing applications not using SSL the verifyServerCertificate property is set to 'false'. You need either to explicitly disable SSL by setting useSSL=false, or set useSSL=true and provide truststore for server certificate verification.

nevertheless in dbconfig.xml I have the next configuration:

<url>jdbc:mysql://10.180.4.208/jiradb?useUnicode=true&amp;useSSL=false&amp;characterEncoding=UTF8&amp;sessionVariables=default_storage_engine=InnoDB</url>

View More Comments
Tom Dickson
Tom Dickson March 22, 2022

I got it to work by adding skip_ssl to mysqld.conf and setting my dbconfig.xml to:

jdbc:mysql://address=(protocol=tcp)(host=localhost)(port=3306)/jira?allowPublicKeyRetrieval=true
jdbc:mysql://localhost/confluence?allowPublicKeyRetrieval=true
Like
Reply
0 votes
Walter Sunk
Walter Sunk November 1, 2016

I wrote a JDBC Test Program:

public static final String MYSQL_URL_1 = "jdbc:mysql://localhost:3306/confluence?" +
                "useUnicode=true&amp;" +
                "characterEncoding=utf8&amp;" +
                "verifyServerCertificate=false&amp;" +
                "useSSL=true&amp;" +
                "requireSSL";

public static final String MYSQL_URL_2 = "jdbc:mysql://localhost:3306/confluence?" +
                "useSSL=false&amp;" +
                "useUnicode=true&amp;" +
                "characterEncoding=utf8";

public static final String MYSQL_URL_3 = "jdbc:mysql://localhost:3306/confluence?" +
                "useUnicode=true&amp;" +
                "characterEncoding=utf8";

public static void main(...)
{
	Connection connection = DriverManager.getConnection(MYSQL_URL_1/2/3, MYSQL_USER, MYSQL_PW);
}
MYSQL_URL_1 and MYSQL_URL_2 work
MYSQL_URL_3 creates the warning!

So it seems that Confluence or Tomcat do not parse the connection-String correctly. It seems that Confluence or Tomcat do not forward the useSSL parameter to JDBC!

Feedback on that welcome!

Reply

Suggest an answer

Log in or Sign up to answer
Confluence
Confluence
TAGS
AUG Leaders

Atlassian Community Events

    See all events