My environment:
OS: centos 7.6.1810
database: 10.3.14-MariaDB
jdbc driver: mariadb-java-client 2.4.1
jdbc parameter: jdbc:mysql://db_ip:3306/dbname?useUnicode=true&characterEncoding=utf8mb4&useSSL=true&trustServerCertificate=true
java: openjdk version "1.8.0_201"
ap server: wildfly 16
MariaDB SSL configuration tested below:
mysql mysql --ssl
MariaDB [mysql]> status
--------------
mysql Ver 15.1 Distrib 10.3.14-MariaDB, for Linux (x86_64) using readline 5.1
Connection id: 68
Current database: mysql
Current user: root#localhost
SSL: Cipher in use is DHE-RSA-AES256-GCM-SHA384
Current pager: less
Using outfile: ''
Using delimiter: ;
Server: MariaDB
Server version: 10.3.14-MariaDB MariaDB Server
Protocol version: 10
Connection: Localhost via UNIX socket
Server characterset: latin1
Db characterset: latin1
Client characterset: utf8
Conn. characterset: utf8
UNIX socket: /var/lib/mysql/mysql.sock
Uptime: 24 min 1 sec
When I tried to establish ssl connection to mariadb using jdbc, I got the following exception:
Caused by: javax.net.ssl.SSLException: Unsupported record version Unknown-0.0
at sun.security.ssl.InputRecord.checkRecordVersion(InputRecord.java:552)
at sun.security.ssl.InputRecord.readV3Record(InputRecord.java:565)
at sun.security.ssl.InputRecord.read(InputRecord.java:529)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:975)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1367)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1395)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1379)
at org.mariadb.jdbc.internal.protocol.AbstractConnectProtocol.handleConnectionPhases(AbstractConnectProtocol.java:437)
... 87 more
The jdbc driver should be the latest version, It worked before I upgrade mariadb to 10.3.14, I already tried several jdbc driver version but none worked. What should I try to solve this problem.
Related
I'm trying to configure a remote table on a second node but receiving "unexpected end of file" every time I try to do a select statement.
Configuration Node one:
can be accessed from anywhere to 0.0.0.0 on /var/local/dbfarm
IP: XXX.XXX.XXX.128
PORT: 50000
MONETDB Version: MonetDB Database Server Toolkit v11.39.17 (Oct2020-SP5)
db: xrouterlab
table: aufXXX ("oid" BIGINT)
Configuration Node two:
IP: XXX.XXX.XXX.126
PORT: 50000
MONETDB Version: MonetDB Database Server Toolkit v11.43.5 (Jan2022)
db: xrouterlab
CREATE REMOTE TABLE aufXXX (
"oid" BIGINT
) on 'mapi:monetdb://XXX.XXX.XXX.128:50000/xrouterlab';
operation successful
sql>select * from aufXXX limit 1;
unexpected end of file
Logs Node 1:
2022-03-16 11:33:32 MSG merovingian[3342]: proxying client XXX.XXX.XXX.126:47446 for database 'xrouterlab' to mapi:monetdb:///var/local/dbfarm/xrouterlab/.mapi.sock?database=xrouterlab
2022-03-16 11:33:32 MSG merovingian[3342]: target connection is on local UNIX domain socket, passing on filedescriptor instead of proxying
Logs Node 2:
2022-03-16 11:33:34 MSG merovingian[1703240]: database 'xrouterlab' (-1) was killed by signal SIGSEGV
Tks in advance for any help.
Diego
i have a Problem with Quarkus and Keycloak. When Quarkus tries to verify a Token with Keycloak it gives me following Error:
2019-10-01 07:40:02,353 ERROR [org.key.ada.rot.JWKPublicKeyLocator] (executor-thread-1) Error when sending request to retrieve realm keys: org.keycloak.adapters.HttpClientAdapterException: IO error
...
Caused by: java.net.ConnectException: Connection timed out (Connection timed out)
...
2019-10-01 07:40:02,359 ERROR [org.key.ada.rot.AdapterTokenVerifier] (executor-thread-1) Didn't find publicKey for kid: <some-key>
Quarkus Version: 0.22.0
Java Version:
openjdk version "1.8.0_222"
OpenJDK Runtime Environment (build 1.8.0_222-8u222-b10-1ubuntu1~18.04.1-b10)
OpenJDK 64-Bit Server VM (build 25.222-b10, mixed mode)
OS: "Ubuntu 18.04.1 LTS"
Im using Keycloak with SSL. Without SSL the Error did not happen.
I am now not sure if this is an Issue on my side, and if it is on my side, what did i do wrong?
I am working with symfony 3.3.10, php5.6.31 and I tried several times to connect doctrine to SQL Server 2005 database. I already installed the driver to use sqlsrv and pdo_sqlsrv. Here are my config files:
php.ini
extension=php_sqlsrv_56_ts.dll
extension=php_pdo_sqlsrv_56_ts.dll
symfony config.yml
driver: pdo_sqlsrv
host: server_addr
port: 1433
dbname: dbname
user: db_user
password: db_p#ssw0rd
That is my config, now when I try to do something with doctrine it raises the following errors:
Using pdo_sqlsrv as driver
[Doctrine\DBAL\Driver\PDOException]
SQLSTATE[08001]: [Microsoft][ODBC Driver 11 for SQL Server]ODBC Driver 11 f
or SQL Server does not support connections to SQL Server 2000 or earlier ve
rsions.
[PDOException]
SQLSTATE[08001]: [Microsoft][ODBC Driver 11 for SQL Server]ODBC Driver 11 f
or SQL Server does not support connections to SQL Server 2000 or earlier ve
rsions.
Using sqlsrv as driver
[Doctrine\DBAL\Driver\SQLSrv\SQLSrvException]
SQLSTATE [IMSSP, -33]: Invalid value type for option Database was specified
. String type was expected.
my phpinfo() has no problems and is detectig both php_sqlsrv and php_pdo_sqlsrv
Registered PHP Streams php, file, glob, data, http, ftp, zip, compress.zlib, compress.bzip2, https, ftps, sqlsrv, phar
PDO drivers
mysql, odbc, pgsql, sqlite, sqlsrv
Thanks in advance and sorry for bad English.
My SQL Server version output is:
Microsoft SQL Server 2005 - 9.00.3042.00 (Intel X86) Feb 9 2007 22:47:07 Copyright (c) 1988-2005 Microsoft Corporation Enterprise Edition on Windows NT 6.0 (Build 6002: Service Pack 2)
I have found this post which makes a reference to this link. Now I am using the lastest version (5.1.1). After check the extension is working I just configure multiples entity managers and I can connect to the database and execute/fetch queries.
php.ini
extension=php_pdo_sqlsrv_ts.dll
extension=php_sqlsrv_ts.dll
My Hive server is SSL as well as Kerberos enabled. But when I try to connect to hiverserver2 via beeline using following command:
*!connect jdbc:hive2://**hostnameOfServer**:10000/hive;ssl=true;sslTrustStore=**keystorePath**;trustStorePassword=**passwordfor keystore**;principal=**Kerberos hive principal** **database username** **database password** org.apache.hive.jdbc.HiveDriver*
I get following error :
Error: Could not open client transport with JDBC Uri: jdbc:hive2://hostnameOfServer:10000/hive;ssl=true;sslTrustStore=keystorePath;trustStorePassword=passwordfor
keystore;principal=Kerberos hive principal database username
database password org.apache.hive.jdbc.HiveDriver: Invalid status 21 (state=08S01,code=0)
Also I tried using following command on beeline:
jdbc:hive2://**hostnameOfServer**:10000/hive;principal=**Kerberos hive principal**?transportMode=https;httpPath=cliservice;auth=kerberos;sasl.qop=auth.
But got same error.
Are ssl and kerberos compatible to each other?
Yes it is compatible from version Hive-2.0.0. Check the below JIRA task for more information
https://issues.apache.org/jira/browse/HIVE-14019
To ensure backward compatibility of my application, I'm testing JDBC over TLS behaviour when an MS SQL Server version vulnerable to CVE-2011-3389 is used (any 2005, or 2008/2008R2 w/o service packs fit). In theory, two options are available:
either disable CBC protection via -Djsse.enableCBCProtection=false and continue to use a block cipher such as AES_128_CBC or 3DES_EDE_CBC,
or fall back to a stream cipher such as RC4 (yes I'm aware this is insecure, too, due to CVE-2015-2808).
In practice, while I have no trouble establishing a connection using 3DES_EDE_CBC with CBC protection off, I'm still unable to use RC4_128 using an JDK newer than 1.8.0_51 (which happened to address CVE-2015-2808) or AES_{128,256}_CBC (using any 1.6+ JDK).
Here's the results broken down by Java version:
1.6.0_45 (jTDS)
SSL_RSA_WITH_RC4_128_MD5 is used
1.7.0_76 (jTDS) and any 1.8.0 up to 1.8.0_45 (MS SQL JDBC):
SSL_RSA_WITH_RC4_128_MD5 (default) or SSL_RSA_WITH_3DES_EDE_CBC_SHA can be used
won't use AES_128_CBC even if 3DES is disabled (3DES_EDE_CBC will be forced anyway)
1.8.0_45 (IBM J9 8.0 SR1) (MS SQL JDBC)
SSL_RSA_WITH_3DES_EDE_CBC_SHA is used (successful only if CBC protection is off), also if either AES or RC4 is requested
1.8.0_51+ (Oracle) (MS SQL JDBC)
SSL_RSA_WITH_3DES_EDE_CBC_SHA is used (successful only if CBC protection is off),
won't use AES_128_CBC or AES_256_CBC even if requested (unlike previous Java versions, 3DES is no longer forced, instead I get an IOException after ClientHello, which does list *_WITH_AES_128_CBC_SHA as compatible ciphersuites)
won't use RC4 even if both with AES and 3DES are disabled: "no negotiable cipher suite" (both jTDS and MS SQL JDBC).
Here's the java.security I use to request AES:
jdk.certpath.disabledAlgorithms=MD2
jdk.tls.disabledAlgorithms=SSLv3, RC4, TLSv1.1, TLSv1.2, 3DES_EDE_CBC
jdk.tls.legacyAlgorithms= \
K_NULL, C_NULL, M_NULL, \
RC4_128, RC4_40
and here's the version to request RC4:
jdk.certpath.disabledAlgorithms=MD2
jdk.tls.disabledAlgorithms=SSLv3, AES_128_CBC, TLSv1.1, TLSv1.2, AES_256_CBC, AES_128_GCM, AES_256_GCM, 3DES_EDE_CBC
jdk.tls.legacyAlgorithms= \
K_NULL, C_NULL, M_NULL
Questions:
Apparently, AES_{128,256}_CBC is supported by my Java clients, as I can use TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA when connecting to MS SQL Server 2014. Can anyone confirm it is not supported by MS SQL Server 2005? Since disabling AES effectively leads to "no negotiable cipher suite", I assume it is supported, but something happens server-side, even though CBC protection is off.
How can I still use RC4 in Java 1.8.0_51+? This solution no longer works, nor has any effect https.cipherSuites system property (described here). There's a magical jdk.tls.enableRC4CipherSuites system property in 6u115 and 7u101, but it seems to have no effect in Java 1.8.
What the heck is wrong with jTDS? It works fine with Java 1.6 and 1.7 (driver versions 1.2.8 and 1.3.1), but using Java 1.8 I'm constantly receiving "Connection reset by peer" whenever MS SQL JDBC would just use 3DES to encrypt connection data.