[jira] [Updated] (NIFI-10358) Apply SSL Properties to JDBC Connection in CaptureChangeMySQL

Wed, 17 Aug 2022 09:17:05 -0700 


     [ 
https://issues.apache.org/jira/browse/NIFI-10358?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Matt Burgess updated NIFI-10358:
--------------------------------
    Fix Version/s: 1.18.0
       Resolution: Fixed
           Status: Resolved  (was: Patch Available)

> Apply SSL Properties to JDBC Connection in CaptureChangeMySQL
> -------------------------------------------------------------
>
>                 Key: NIFI-10358
>                 URL: https://issues.apache.org/jira/browse/NIFI-10358
>             Project: Apache NiFi
>          Issue Type: Improvement
>          Components: Extensions
>            Reporter: David Handermann
>            Assignee: David Handermann
>            Priority: Minor
>             Fix For: 1.18.0
>
>          Time Spent: 0.5h
>  Remaining Estimate: 0h
>
> The {{CaptureChangeMySQL}} Processor supports TLS for Binary Log connections 
> using the {{SSL Mode}} and {{SSL Context Service}} properties, but these 
> settings do not apply to the JDBC enrichment connection.
> Without apply the SSL properties to the JDBC connection, 
> {{CaptureChangeMySQL}} depends on the default MySQL JDBC Connector 
> configuration to negotiate TLS settings. MySQL JDBC Connector versions prior 
> to 8.0.28 enable deprecated TLS versions 1.0 and 1.1, but Java 8 Update 292 
> and following disable TLS 1.0 and 1.1 in the default java.security 
> configuration. As a result of this behavior, {{CaptureChangeMySQL}} can fail 
> to establish a JDBC connection when running on a newer version of Java and an 
> older version of the MySQL JDBC Connector. It is possible to work around the 
> problem by upgrading to MySQL JDBC Connector 8.0.28 and following, which 
> selects TLS 1.2 as the default protocol version. Although this resolves TLS 
> protocol negotiation issues, it does not support customization of the TLS 
> keystore and truststore properties, which may be necessary for some MySQL 
> installations.
> Configuring the JDBC connection properties based on the {{SSL Mode}} and 
> {{SSL Context Service}} properties should provide a more intuitive and 
> flexible configuration approach.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to