[jira] [Commented] (NIFI-10358) Apply SSL Properties to JDBC Connection in CaptureChangeMySQL

Wed, 17 Aug 2022 06:03:06 -0700 


    [ 
https://issues.apache.org/jira/browse/NIFI-10358?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17580778#comment-17580778
 ] 

David Handermann commented on NIFI-10358:
-----------------------------------------

Thanks for asking [~akoval]. PR 6306 translates the Processor SSL Mode and SSL 
Context Service properties to JDBC Connection Properties without any other 
changes.

I noticed NIFI-9519 while evaluating current open issues related to 
CaptureChangeMySQL, so I marked it for potential review. It would require a 
separate pull request, but supporting additional JDBC properties for the 
enrichment connection makes sense based on the issue description.

> Apply SSL Properties to JDBC Connection in CaptureChangeMySQL
> -------------------------------------------------------------
>
>                 Key: NIFI-10358
>                 URL: https://issues.apache.org/jira/browse/NIFI-10358
>             Project: Apache NiFi
>          Issue Type: Improvement
>          Components: Extensions
>            Reporter: David Handermann
>            Assignee: David Handermann
>            Priority: Minor
>          Time Spent: 10m
>  Remaining Estimate: 0h
>
> The {{CaptureChangeMySQL}} Processor supports TLS for Binary Log connections 
> using the {{SSL Mode}} and {{SSL Context Service}} properties, but these 
> settings do not apply to the JDBC enrichment connection.
> Without apply the SSL properties to the JDBC connection, 
> {{CaptureChangeMySQL}} depends on the default MySQL JDBC Connector 
> configuration to negotiate TLS settings. MySQL JDBC Connector versions prior 
> to 8.0.28 enable deprecated TLS versions 1.0 and 1.1, but Java 8 Update 292 
> and following disable TLS 1.0 and 1.1 in the default java.security 
> configuration. As a result of this behavior, {{CaptureChangeMySQL}} can fail 
> to establish a JDBC connection when running on a newer version of Java and an 
> older version of the MySQL JDBC Connector. It is possible to work around the 
> problem by upgrading to MySQL JDBC Connector 8.0.28 and following, which 
> selects TLS 1.2 as the default protocol version. Although this resolves TLS 
> protocol negotiation issues, it does not support customization of the TLS 
> keystore and truststore properties, which may be necessary for some MySQL 
> installations.
> Configuring the JDBC connection properties based on the {{SSL Mode}} and 
> {{SSL Context Service}} properties should provide a more intuitive and 
> flexible configuration approach.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to