Getting 'Establishing SSL connection without server's identity verification is not recommended' warning messages in the logs

Still need help?

The Atlassian Community is here for you.

Ask the community


Platform Notice: Server and Data Center Only - This article only applies to Atlassian products on the server and data center platforms.

Problem

Confluence logs is flooded with the following messages:

WARN: Establishing SSL connection without server's identity verification is not recommended. According to MySQL 5.5.45+, 5.6.26+ and 5.7.6+ requirements SSL connection must be established by default if explicit option isn't set. For compliance with existing applications not using SSL the verifyServerCertificate property is set to 'false'. You need either to explicitly disable SSL by setting useSSL=false, or set useSSL=true and provide truststore for server certificate verification.

Diagnosis

Confluence is connected to MySQL 5.5+ and the connection string doesn't have the parameter describing usage of SSL defined. 

Cause

This is warning coming from newer versions of MySQL.

Resolution

Ensure that we explicitly specify to disable or enable SSL usage. 

  1. Shut down Confluence
  2. (warning) Backup confluence.cfg.xml located in <confluence_home>
  3. Edit confluence.cfg.xml 
  4. Look for the database connection string similar to the following:

    <property name="hibernate.connection.url">jdbc:mysql://<database-IP>/<databasename></property>
  5. Ensure that we have specified usage of SSL. 


    1. DISABLE - for example, this is to explicitly specify not to use SSL:

      <property name="hibernate.connection.url">jdbc:mysql://<database-IP>/<databasename>?useSSL=false</property>
    2. ENABLE - for example, this is to explicitly specify to use SSL:

      <property name="hibernate.connection.url">jdbc:mysql://<database-IP>/<databasename>?useSSL=true</property>

      In addition, you must set up certificates and configure the truststore: https://dev.mysql.com/doc/connector-j/8.0/en/connector-j-reference-using-ssl.html

  6. Restart Confluence
DescriptionWhen using MySQL database, Confluence logs gave out warning that SSL flag has not been specified yet
ProductConfluence
Last modified on Jul 30, 2019

Was this helpful?

Yes
No
Provide feedback about this article
Powered by Confluence and Scroll Viewport.