[ https://issues.apache.org/jira/browse/NIFI-10358?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17580686#comment-17580686 ]
Anton Koval commented on NIFI-10358: ------------------------------------ [~exceptionfactory] Is possible that this issue resolve https://issues.apache.org/jira/browse/NIFI-9519 ? > Apply SSL Properties to JDBC Connection in CaptureChangeMySQL > ------------------------------------------------------------- > > Key: NIFI-10358 > URL: https://issues.apache.org/jira/browse/NIFI-10358 > Project: Apache NiFi > Issue Type: Improvement > Components: Extensions > Reporter: David Handermann > Assignee: David Handermann > Priority: Minor > Time Spent: 10m > Remaining Estimate: 0h > > The {{CaptureChangeMySQL}} Processor supports TLS for Binary Log connections > using the {{SSL Mode}} and {{SSL Context Service}} properties, but these > settings do not apply to the JDBC enrichment connection. > Without apply the SSL properties to the JDBC connection, > {{CaptureChangeMySQL}} depends on the default MySQL JDBC Connector > configuration to negotiate TLS settings. MySQL JDBC Connector versions prior > to 8.0.28 enable deprecated TLS versions 1.0 and 1.1, but Java 8 Update 292 > and following disable TLS 1.0 and 1.1 in the default java.security > configuration. As a result of this behavior, {{CaptureChangeMySQL}} can fail > to establish a JDBC connection when running on a newer version of Java and an > older version of the MySQL JDBC Connector. It is possible to work around the > problem by upgrading to MySQL JDBC Connector 8.0.28 and following, which > selects TLS 1.2 as the default protocol version. Although this resolves TLS > protocol negotiation issues, it does not support customization of the TLS > keystore and truststore properties, which may be necessary for some MySQL > installations. > Configuring the JDBC connection properties based on the {{SSL Mode}} and > {{SSL Context Service}} properties should provide a more intuitive and > flexible configuration approach. -- This message was sent by Atlassian Jira (v8.20.10#820010)