Technical Reference Document: MySQL Connection Using TLS
Make sure you are using the corresponding MySQL Connector/J jar that matches the current server version to ensure you can use the appropriate settings described below for your JDBC URL.
An example URL is provided for the legacy and newer, MySQL 8.0.13 and beyond, servers which will require an SSL certificate but not verify the server certificate.
MySQL 8.0.13 and later
The example below is an example of how to require an SSL connection without requiring verification of the server certificate. If the server certificate has been configured, you can use one of the other valid values to add additional security.
jdbc:mysql://localhost:3306/andi?sslMode=REQUIREDConfiguration | Refer To | Valid Values |
sslMode | https://dev.mysql.com/doc/connector-j/8.0/en/connector-j-reference-using-ssl.html |
|
MySQL - Versions before 8.0.13
jdbc:mysql://localhost:3306/andi?verifyServerCertificate=false&useSSL=true&requireSSL=trueConfiguration | Refer To | Valid Values |
verifyServerCertificate | https://dev.mysql.com/doc/connector-j/5.1/en/connector-j-reference-using-ssl.html |
|
useSSL |
|
|
requireSSL |
|
|
Verify Server has SSL Enabled
Open mysql.exe (Windows MySQL Workbench, will be different based on the platform)
Execute status;
Verify the SSL entry has a Cipher in use as shown
mysql> status;
--------------
mysql.exe Ver 8.0.26 for Win64 on x86_64 (MySQL Community Server - GPL)
Connection id: 28
Current database:
Current user: root@localhost
SSL: Cipher in use is ECDHE-RSA-AES128-GCM-SHA256
Using delimiter: ;
Server version: 8.0.26 MySQL Community Server - GPL
Protocol version: 10
Connection: localhost via TCP/IP
Server characterset: utf8mb4
Db characterset: utf8mb4
Client characterset: cp850
Conn. characterset: cp850
TCP port: 3306
Binary data as: Hexadecimal
Uptime: 2 hours 8 min 53 sec
Threads: 9 Questions: 300 Slow queries: 0 Opens: 238 Flush tables: 3 Open tables: 157 Queries per second avg: 0.038
--------------