David Handermann created NIFI-10358:
---------------------------------------
Summary: Apply SSL Properties to JDBC Connection in
CaptureChangeMySQL
Key: NIFI-10358
URL: https://issues.apache.org/jira/browse/NIFI-10358
Project: Apache NiFi
Issue Type: Improvement
Components: Extensions
Reporter: David Handermann
Assignee: David Handermann
The {{CaptureChangeMySQL}} Processor supports TLS for Binary Log connections
using the {{SSL Mode}} and {{SSL Context Service}} properties, but these
settings do not apply to the JDBC enrichment connection.
Without apply the SSL properties to the JDBC connection, {{CaptureChangeMySQL}}
depends on the default MySQL JDBC Connector configuration to negotiate TLS
settings. MySQL JDBC Connector versions prior to 8.0.28 enable deprecated TLS
versions 1.0 and 1.1, but Java 8 Update 292 and following disable TLS 1.0 and
1.1 in the default java.security configuration. As a result of this behavior,
{{CaptureChangeMySQL}} can fail to establish a JDBC connection when running on
a newer version of Java and an older version of the MySQL JDBC Connector. It is
possible to work around the problem by upgrading to MySQL JDBC Connector 8.0.28
and following, which selects TLS 1.2 as the default protocol version. Although
this resolves TLS protocol negotiation issues, it does not support
customization of the TLS keystore and truststore properties, which may be
necessary for some MySQL installations.
Configuring the JDBC connection properties based on the {{SSL Mode}} and {{SSL
Context Service}} properties should provide a more intuitive and flexible
configuration approach.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
