Hello Todd,

thank you for the quick response.
What I'm trying to do is to write an adnroid app which connects securely to a mysql server. The server is compiled to use ssl. I'm not very experienced with ssl connections in java but I will try to give you a quick idea what I already have.

The mysql server was configured to use ca-cert.pem, server-key.pem and server-cert.pem at the my.cnf like in the mysql documentation.

I create server-side ca-certificate, and corresponding client-cert and client-key. The certs are x509 format and the key is RSA format. Connecting locally and from remote to the mysql server works just fine using the ssl certs and keys.

Then I created my truststore containing the ca-cert.pem as BKS and the keystore as BKS provider containing the client-cert and the client-key.

At my App I'm calling JdbcConnectionSource with the connection string "jdbc:mysql://myserver.com/mydatabase?useSSL=true&socketFactory=" + CustomSocketFactory.class.getName()". The user is set with the method setUsername on the JdbcConnectionSOurce object.

The Customfactory class implements SocketFactory as it is required to perform an initial plaintext connection to the sql server. When implementing SocketFactory there are three methods to override, connect, beforehandshake and afterhandshake all returning a socket object.

In between the connect method I'm just creating a socket with my destination address and th destination port and returning it.

In the beforhandshake method I'm loading my trustsore and my keystore and to initialize th SSLContext with those. Then I create a new Socket from a SSLSocketFactory with the SSLContext and the destination address and port.

Here is a code snippet of the CustomSocketFactory:
@Override
public Socket connect(String host, int portnumber, Properties props)
throws SocketException, IOException {
javax.net.SocketFactory sf = SSLSocketFactory.getDefault();

mInetAddress = host;
mPort = portnumber;
mSocket = (SSLSocket) sf.createSocket(mInetAddress, mPort);
SSLSession s = mSocket.getSession();

return mSocket;
}

@Override
public Socket beforeHandshake() throws SocketException, IOException {
SSLSocketFactory factory = null;

KeyStore myTrustStore = null;
KeyStore myPrivateKeysStore = null;
TrustManagerFactory tmf = null;
KeyManagerFactory kmf = null;

//class to access raw files since this class has no possibility to access android raw files
PrivateStoresManager privateStores = new PrivateStoresManager();

try {

//get truststore from raw file
myTrustStore = createTrustStore( privateStores );
//get keystore from raw file
myPrivateKeysStore = createPrivateKeyStore( privateStores );

tmf = TrustManagerFactory.getInstance( TrustManagerFactory.getDefaultAlgorithm() );
tmf.init( myTrustStore );

kmf = KeyManagerFactory.getInstance( KeyManagerFactory.getDefaultAlgorithm() );
kmf.init(myPrivateKeysStore, "keystore".toCharArray() );


} catch (NoSuchAlgorithmException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (CertificateException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (KeyStoreException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (UnrecoverableKeyException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}

// Create an SSLContext that uses our TrustManager
SSLContext secureContext = null;

try {

if( kmf != null && tmf != null ) {
secureContext = SSLContext.getInstance( "TLS" );
secureContext.init( kmf.getKeyManagers(), tmf.getTrustManagers(), null );
}

} catch (NoSuchAlgorithmException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (KeyManagementException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}

if( secureContext != null ) {
factory = secureContext.getSocketFactory();
mSocket = (SSLSocket) factory.createSocket( mInetAddress, mPort );
}
return mSocket;
}


In a wireshark trace I can see a Server Greeting coming from the server with Payload "sql native password".

But in my App I get a SSLHandshakeException with an underlying SSLProtocolException and the message: SSL23_GET_SERVER_HELLO:unknown protocol.

I guess the problem is that the client (the APP) doesn't sends the user information with which it should be connected to the server.

I know this is a lot information but I tried to descripe my problem as clearly as possible. Your help is much appriciated!

Thank you in advance!

Yours Ralph