Re: JDBC For MySQL 8/MySQL 8 Problem
Posted by: Filipe Silva
Date: January 19, 2019 11:13AM

Hi,

As Edwin explained you can get direct support from Oracle's MySQL support team which would provide you all the info and guidance you need.

But, I can tell you right now this is the expected default behavior. Let me explain:

MySQL 8.0 comes with `caching_sha2_password` as default authentication plugin. You can read all about it in MySQL documentation page https://dev.mysql.com/doc/refman/8.0/en/caching-sha2-pluggable-authentication.html. Note that, right in the beginning of this page, in the "Important" notes, you can read:

> "To connect to the server using an account that authenticates with the caching_sha2_password plugin, you must use either a secure connection or an unencrypted connection that supports password exchange using an RSA key pair (...)"

So, since you are disabling SSL in your connection string (`useSSL=false`) you are not being able to authenticate, but, as soon as you successfully authenticate once, wherever from, then your Java application also connects successfully. This is so because of the "caching" aspect of `caching_sha2_password`, in which one successful authentication makes the following ones go through a simpler and faster path that doesn't require SSL at all.

The reason why you are not getting better error messages from the connector is because you also have `autoReconnect=true&maxReconnects=3`, which is hiding the real cause of the connection failure. I recommend disabling auto reconnects while you debug your code.

My advice to you would be:

1. Don't disable SSL. Configure it properly in the server (note that MySQL 8.0 comes with all basic SSL settings enabled and configured by default) and let the client use SSL by removing the option `useSSL=false` from your connection string.
2. If you are OK with or even require non encrypted connections, then you can still use the default authentication plugin (`caching_sha2_password`) but you should let the server keep its default security configurations (or do your own) and add `allowPublicKeyRetrieval=true` to your connection string. This will make the authentication work even if the user credentials are not yet cached.
3. If configuring the security settings in the server is an issue for you and you prefer not to do it, your last option is to change the authentication plugin for the user(s) connecting through Connector/J to `mysql_native_password`.

IHTH

Options: ReplyQuote


Subject
Written By
Posted
Re: JDBC For MySQL 8/MySQL 8 Problem
January 19, 2019 11:13AM


Sorry, you can't reply to this topic. It has been closed.

Content reproduced on this site is the property of the respective copyright holders. It is not reviewed in advance by Oracle and does not necessarily represent the opinion of Oracle or any other party.