Confluence is not starting with Mysql and Confluence Java 11

Still need help?

The Atlassian Community is here for you.

Ask the community


Platform Notice: Server and Data Center Only - This article only applies to Atlassian products on the server and data center platforms.

Summary

Confluence using Java 11 and connected to Mysql Database. As soon as we start Confluence it gives the below error message which is related to Mysql TLS supported version and not appropriated protocol passed via JDBC URL.

2021-04-26 03:16:06,441 ERROR [Catalina-utility-1] [confluence.impl.setup.DefaultBootstrapDatabaseAccessor] getBootstrapData Unable to open database connection during bootstrap.
com.mysql.jdbc.exceptions.jdbc4.CommunicationsException: Communications link failure

The last packet successfully received from the server was 41 milliseconds ago.  The last packet sent successfully to the server was 30 milliseconds ago.
...
Caused by: javax.net.ssl.SSLHandshakeException: No appropriate protocol (protocol is disabled or cipher suites are inappropriate)


Environment

  • Confluence running with Java 11
  • Mysql 5.7
  • Mysql Driver version 5.1.4

Diagnosis

The error seems to be with MySQL and TLS protocols and this error mentioned in the MySQL :: MySQL Connector/J 8.0 Developer Guide :: 16 Known Issues and Limitations:

Connector/J does not enable connections with TLSv1.2 and higher by default due to compatibility issues when connecting to servers that restrict connections to use those higher TLS versions, you might encounter com.mysql.cj.exceptions.CJCommunicationsException: javax.net.ssl.SSLHandshakeException: No appropriate protocol (protocol is disabled or cipher suites are inappropriate). You need to enable connections with TLSv1.2 and higher versions using the enabledTLSProtocols connection property. See Section 6.8, “Connecting Securely Using SSL” for details.

Java 11 Comes with higher security and the latest TLS versions. 

On the server-side, the value of the tls_version system variable determines which TLS protocols a MySQL server permits for encrypted connections. The tls_version value applies to connections from clients and from replica servers using regular source/replica replication. The variable value is a list of one or more comma-separated protocol versions from this list (not case-sensitive): TLSv1, TLSv1.1, TLSv1.2. By default, this variable lists all protocols supported by the SSL library used to compile MySQL (TLSv1,TLSv1.1,TLSv1.2 for OpenSSL, TLSv1,TLSv1.1 for yaSSL). To determine the value of tls_version at runtime, use this statement:

SHOW GLOBAL VARIABLES LIKE 'tls_version';

To change the value of tls_version, set it at server startup. For example, to permit connections that use the TLSv1.1 or TLSv1.2 protocol, but prohibit connections that use the less-secure TLSv1 protocol, use these lines in the server my.cnf file:

[mysqld]
tls_version=TLSv1.1,TLSv1.2


Solution

To fix this we can pass TLS different versions in JDBC connection URL using enabledTLSProtocols property, like below:

<property name="hibernate.connection.url">jdbc:mysql://localhost:3306/confluencedb?enabledTLSProtocols=TLSv1,TLSv1.1,TLSv1.2</property>

Or Just pass the useSSL=false in Connection string like below, this will not use any TLS version. 

<property name="hibernate.connection.url">jdbc:mysql://localhost:3306/confluencedb?useSSL=false</property>

Last modified on Jul 6, 2021

Was this helpful?

Yes
No
Provide feedback about this article
Powered by Confluence and Scroll Viewport.