Getting warnings related to "mysql_native_password" authentication plugin deprecation in Confluence DC
Platform Notice: Data Center - This article applies to Atlassian products on the Data Center platform.
Note that this knowledge base article was created for the Data Center version of the product. Data Center knowledge base articles for non-Data Center-specific features may also work for Server versions of the product, however they have not been tested. Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.
*Except Fisheye and Crucible
Summary
Upgrading from MySQL5.7 to MySQL8 for being compliant with the new Supported Platforms restrictions in Confluence, triggers warning messages related to 'mysql_native_password' plugin.
Environment
Confluence 7.19 or Confluence 8
MySQL 8
Diagnosis
In the MySQL logs, the following warning can be observed after starting to use MySQL v8:
2024-02-26T09:56:15.444623Z 9 [Warning] [MY-013360] [Server] Plugin mysql_native_password reported: ''mysql_native_password' is deprecated and will be removed in a future release. Please use caching_sha2_password instead'
Cause
mysql_native_password is considered weak compared to more modern authentication methods like the default caching_sha2_password. This authentication method is marked as deprecated since MySQL 8.0.34 as officially mentioned in here and fully removed starting in MySQL v9.0 as stated in the following Oracle blogpost: MySQL 9.0 – it’s time to abandon the weak authentication method
Solution
caching_sha2_password
plugin is supported by MySQL since MySQL Driver 8.0.9 as officially stated in their own documentation: MySQL Connector/J Release Notes > Changes in MySQL Connector/J 8.0.9 (2018-01-30, Release Candidate)
To connect to the server using an account that authenticates with the caching_sha2_password
plugin, you must use either a secure connection or an unencrypted connection that supports password exchange using an RSA key pair. You can read more about configuring MySQL with SSL in their documentation Connecting Securely Using SSL. Either way, the caching_sha2_password
plugin uses MySQL's encryption capabilities. See Section 8.3, “Using Encrypted Connections”.
From Confluence's point of view, there is no impediment that prevents this configuration to work as long as it is properly configured in the database side.