Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Can't connect to MySQL anymore - SSLHandshakeException

Armin Müller
Armin Müller May 5, 2021

JIRA version = 8.5.4, Java Version = 1.8.0_292, MySQL  5.7.33-0ubuntu0.18.04.1 on Ubuntu 18.04 LTS

Everything was running fine until I had to reboot the server today. I haven't touched anything in my Jira config in months, all that might have happened is that an OS update might have updated MySQL, although I'm pretty sure I had 5.7 to begin with.

The dbconfig.xml connection URL looks like this (file is unmodified since a year):

<jdbc-datasource>
<url>jdbc:mysql://address=(protocol=tcp)(host=localhost)(port=3306)/jiradb?sessionVariables=default_storage_engine=InnoDB</url>
<driver-class>com.mysql.jdbc.Driver</driver-class>

...

The errors I see in my log are those:

2021-05-05 23:58:38,269+0200 JIRA-Bootstrap INFO [c.a.j.config.database.SystemDatabaseConfigurationLoader] Reading database configuration fr
om /var/atlassian/application-data/jira/dbconfig.xml
2021-05-05 23:58:38,295+0200 JIRA-Bootstrap INFO [c.a.j.config.database.DatabaseConfigHandler] Trying to get encrypted password from xml and
decrypt it
2021-05-05 23:58:38,296+0200 JIRA-Bootstrap INFO [c.a.j.config.database.DatabaseConfigHandler] Database password decryption not performed.
2021-05-05 23:58:38,556+0200 JIRA-Bootstrap ERROR [c.a.config.bootstrap.DefaultAtlassianBootstrapManager] Could not successfully test your d
atabase:
com.mysql.jdbc.exceptions.jdbc4.CommunicationsException: Communications link failure

The last packet successfully received from the server was 81 milliseconds ago. The last packet sent successfully to the server was 76 milliseconds ago.

...

Caused by: javax.net.ssl.SSLHandshakeException: No appropriate protocol (protocol is disabled or cipher suites are inappropriate)
at sun.security.ssl.HandshakeContext.<init>(HandshakeContext.java:171)
at sun.security.ssl.ClientHandshakeContext.<init>(ClientHandshakeContext.java:98)
at sun.security.ssl.TransportContext.kickstart(TransportContext.java:220)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:428)
at com.mysql.jdbc.ExportControlled.transformSocketToSSLSocket(ExportControlled.java:186)

Changing the JDBC URL to

jdbc:mysql://localhost:3306/jiradb?useUnicode=true&characterEncoding=UTF8&sessionVariables=default_storage_engine=InnoDB

as shown in https://confluence.atlassian.com/jirakb/change-mysql-connection-url-for-jira-server-874744240.html brings up the server in "new" mode, i.e. it asks me to configure the database and so on (obviously I already have a database with plenty of Jira data in it)

I've already checked this, but don't think the solutions apply since they only seem to be relevant for older MySQL and Jira versions.

Any help is appreciated!

Answer
Watch
Like Tomas Grover likes this
3724 views

3 answers

4 votes
Francesco R
Francesco R
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
August 27, 2021

I had the same problem upgrading from Jira core 7.13.1 to 8.18.2.
The java.security file released with bundled jre has changed between the versions.

So I solve in 2 different ways:

* Commenting lines 706-708 in JIRA\jre\lib\security\java.security (read on stackoverflow):

jdk.tls.disabledAlgorithms=SSLv3, TLSv1, TLSv1.1, RC4, DES, MD5withRSA, \
DH keySize < 1024, EC keySize < 224, 3DES_EDE_CBC, anon, NULL, \
include jdk.disabled.namedCurves

or, an alternative way

* adding useSSL=false in my dbconfig.xml read on Atlassian pages here 

jdbc:mysql://<host>:<port>/<dbname>?...&amp;useSSL=false

To add enabledTLSProtocols=TLSv1.2 and/or also TLSv1,TLSv1.1, did not worked for me.

These are the 2 fastest way to go on. There is also the Atlassian page about how to configure SSL in MySQL but I didn't try: I needed to go on in a faster way.
I'll try to study better the argument later.

Reply
2 votes
Raul Pelaez _TecnoFor - Marketplace Partner_
Raul Pelaez _TecnoFor - Marketplace Partner_
Marketplace Partner
Marketplace Partners provide apps and integrations available on the Atlassian Marketplace that extend the power of Atlassian products.
August 19, 2021

Add this to your dbconfig.xml

jdbc:mysql://<host>:<port>/<dbname>?...&amp;enabledTLSProtocols=TLSv1.2

Will work 

Reply
1 vote
Armin Müller
Armin Müller May 6, 2021

The reason for this was probably caused by a minor upgrade of mysql from 5.7.something to 5.7.33 which according to this replaces yaSSL (which only supports TLS 1.1) with OpenSSL (which only supports TLS 1.2 or 1.3).

I'm not sure if this is then a limitation of my 5.1.48 mysql-jdbc driver or something else in the JRE, at any rate, specifically setting ssl = 0 in my mysql conf (which was previously not set at all), rebooting mysql, then rebooting Jira solved the problem.

Since I only use localhost connections on that mysql server, that shouldn't be a problem, but I'd be curious as to how to make this work without disabling SSL in mysql.

Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira Software
DEPLOYMENT TYPE
SERVER
TAGS
AUG Leaders

Atlassian Community Events

    See all events