I am trying to establish a SSL enabled connection from a Java application to MySQL (version 5.0.27-standard). I have followed the instructions on http://dev.mysql.com/doc/refman/5.0/en/secure-create-certs.html and http://dev.mysql.com/doc/refman/5.0/en/connector-j-reference-using-ssl.html. I have also tried to use the certificates that comes along with the source distrubution with MySQL.

It works fine when I connect from a mysql client:
mysql> \s
--------------
mysql Ver 14.12 Distrib 5.0.22, for Win32 (ia32)

Connection id: 38
Current database:
Current user: current_user
SSL: Cipher in use is DHE-RSA-AES256-SHA
Using delimiter: ;
Server version: 5.0.27-standard
Protocol version: 10
Connection: a_connection via TCP/IP
Server characterset: latin1
Db characterset: latin1
Client characterset: utf8
Conn. characterset: utf8
TCP port: 3306
Uptime: 3 hours 18 min 12 sec

I can make a connection from my java application without using SSL. For example
show variables like '%ssl%'
have_openssl YES
ssl_ca /root/Desktop/openssl/test/server/cacert.pem
ssl_capath
ssl_cert /root/Desktop/openssl/test/server/server-cert.pem
ssl_cipher ALL:-DES:-RC2:-RC4:-MD5
ssl_key /root/Desktop/openssl/test/server/server-key.pem.

But when I try to make a connection using SSL something goes wrong (same user as I use when connecting from a mysql client=success). I have tried using mysql-connector-3.1.10 and mysql-connector-java-5.0.4-bin.jar. I debug the communication using -Djavax.net.debug=all

-Djavax.net.ssl.keyStore=D:/temp/ssl/keystore/ssluser.jks
-Djavax.net.ssl.keyStorePassword=some_password
-Djavax.net.ssl.trustStore=D:/temp/ssl/keystore/alinux.jks
-Djavax.net.ssl.trustStorePassword=some_password


--------------------------------------------------------
CODE SNIPPET
--------------------------------------------------------

Properties props = new Properties();
props.put("user", "ssluser");
props.put("password", "some_password");
props.put("dbUrl", "jdbc:mysql://mysql_server:3306/test?useSSL=True");


Statement stmt = null;

try {

Class.forName("com.mysql.jdbc.Driver");

Connection conn = DriverManager.getConnection(props.getProperty("dbUrl"), props);


System.out.println("START");


String sql = "show variables like '%ssl%'";
System.out.println(sql);


stmt = conn.createStatement();
ResultSet rs = stmt.executeQuery(sql);


while ( rs.next() ) {
System.out.println(rs.getString(1)+" " +rs.getString(2));
}

System.out.println("END");

}
catch (ClassNotFoundException e) {
e.printStackTrace();
}
catch (SQLException e) {
e.printStackTrace();

--------------------------------------------------------
ERROR MESSAGE
--------------------------------------------------------

...
...
...
main, WRITE: TLSv1 Handshake, length = 134
[Raw write]: length = 139
0000: 16 03 01 00 86 0F 00 00 82 00 80 5F 95 FD BE B2 ..........._....
0010: B5 DE 17 14 08 8F A1 99 E3 2C 7A 10 B7 C8 4A F7 .........,z...J.
0020: 00 6A 95 33 5A 22 A3 67 1D 5D 82 05 EA 21 01 2C .j.3Z".g.]...!.,
0030: A5 FA 25 B5 E6 F2 59 DC 30 5F F6 F7 26 9E 34 4A ..%...Y.0_..&.4J
0040: 35 12 B6 A6 89 BE EC A4 B8 5B 2B 10 4C 86 0A C5 5........[+.L...
0050: C1 4D 5B 74 EE EB 0D 1E 33 D5 7B 6A 57 41 4F 7A .M[t....3..jWAOz
0060: F4 0F 7C EE F2 95 50 A0 A3 C1 CF 3C D6 44 D2 BA ......P....<.D..
0070: 56 2D B7 7F FD 7D 3B 8C B6 D7 CC EC 13 A1 69 7D V-....;.......i.
0080: CE 2F 32 01 24 C5 19 8B 13 98 5A ./2.$.....Z
main, WRITE: TLSv1 Change Cipher Spec, length = 1
main, handling exception: java.net.SocketException: Software caused connection abort: socket write error
main, SEND TLSv1 ALERT: fatal, description = unexpected_message
main, WRITE: TLSv1 Alert, length = 2
main, Exception sending alert: java.net.SocketException: Software caused connection abort: socket write error
main, called closeSocket()
main, called close()
main, called closeInternal(true)
main, called close()
main, called closeInternal(true)
com.mysql.jdbc.CommunicationsException: Communications link failure due to underlying exception:

** BEGIN NESTED EXCEPTION **

java.net.SocketException
MESSAGE: Software caused connection abort: socket write error

STACKTRACE:

java.net.SocketException: Software caused connection abort: socket write error
at java.net.SocketOutputStream.socketWrite0(Native Method)
at java.net.SocketOutputStream.socketWrite(Unknown Source)
at java.net.SocketOutputStream.write(Unknown Source)
at com.sun.net.ssl.internal.ssl.OutputRecord.writeBuffer(Unknown Source)
at com.sun.net.ssl.internal.ssl.OutputRecord.write(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(Unknown Source)
at com.sun.net.ssl.internal.ssl.Handshaker.sendChangeCipherSpec(Unknown Source)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.sendChangeCipherAndFinish(Unknown Source)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverHelloDone(Unknown Source)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(Unknown Source)
at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Unknown Source)
at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at com.mysql.jdbc.ExportControlled.transformSocketToSSLSocket(ExportControlled.java:72)
at com.mysql.jdbc.MysqlIO.negotiateSSLConnection(MysqlIO.java:4227)
at com.mysql.jdbc.MysqlIO.doHandshake(MysqlIO.java:1221)
at com.mysql.jdbc.Connection.createNewIO(Connection.java:2544)
at com.mysql.jdbc.Connection.<init>(Connection.java:1474)
at com.mysql.jdbc.NonRegisteringDriver.connect(NonRegisteringDriver.java:264)
at java.sql.DriverManager.getConnection(Unknown Source)
at java.sql.DriverManager.getConnection(Unknown Source)
at nu.rydqvist.util.db.mysql.SSLConnMySQL.main(SSLConnMySQL.java:30)


** END NESTED EXCEPTION **

...
...
...


PLEASE HELP ME!!!



Edited 1 time(s). Last edit at 02/22/2007 01:27AM by Anders Rydqvist.