MySQL-server Connection Failure After a Version Upgrade of RDS for MySQL
Scenario
The following error is displayed when a database is connected to using commands:
Caused by: javax.net.ssl.SSLException: Received fatal alert: protocol_version
MySQL-server connection failed after RDS for MySQL 5.7.23 is upgraded to 5.7.25. Figure 1 shows the captured packet.
The TLS version sent from the client to the server during the TLS handshake is 1.0. A total number of 15 supported cipher suites are provided.
Figure 1 Packets captured when connection failed
Fault Analysis
As shown in the MySQL-server response in Figure 2, the server rejects the client connection because OpenSSL has been upgraded to 1.1.1a on MySQL 5.7.25, resulting in the rejection of the insecure TLS version and password suite.
Figure 2 MySQL-server response
Solution
Upgrade your JDK client to JDK 8 or a later version. By default, TLS 1.2 is supported and 30 cipher suites are provided. Figure 3 shows a normal captured packet.
Figure 3 Packets captured when connection is normal
- Scenario
- Fault Analysis
- Solution