You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@nifi.apache.org by "Anton Koval (Jira)" <ji...@apache.org> on 2022/08/17 10:38:00 UTC

[jira] [Comment Edited] (NIFI-10358) Apply SSL Properties to JDBC Connection in CaptureChangeMySQL

    [ https://issues.apache.org/jira/browse/NIFI-10358?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17580686#comment-17580686 ] 

Anton Koval edited comment on NIFI-10358 at 8/17/22 10:37 AM:
--------------------------------------------------------------

[~exceptionfactory] Is possible that this improvement resolve https://issues.apache.org/jira/browse/NIFI-9519 ?


was (Author: akoval):
[~exceptionfactory] Is possible that this issue resolve https://issues.apache.org/jira/browse/NIFI-9519 ?

> Apply SSL Properties to JDBC Connection in CaptureChangeMySQL
> -------------------------------------------------------------
>
>                 Key: NIFI-10358
>                 URL: https://issues.apache.org/jira/browse/NIFI-10358
>             Project: Apache NiFi
>          Issue Type: Improvement
>          Components: Extensions
>            Reporter: David Handermann
>            Assignee: David Handermann
>            Priority: Minor
>          Time Spent: 10m
>  Remaining Estimate: 0h
>
> The {{CaptureChangeMySQL}} Processor supports TLS for Binary Log connections using the {{SSL Mode}} and {{SSL Context Service}} properties, but these settings do not apply to the JDBC enrichment connection.
> Without apply the SSL properties to the JDBC connection, {{CaptureChangeMySQL}} depends on the default MySQL JDBC Connector configuration to negotiate TLS settings. MySQL JDBC Connector versions prior to 8.0.28 enable deprecated TLS versions 1.0 and 1.1, but Java 8 Update 292 and following disable TLS 1.0 and 1.1 in the default java.security configuration. As a result of this behavior, {{CaptureChangeMySQL}} can fail to establish a JDBC connection when running on a newer version of Java and an older version of the MySQL JDBC Connector. It is possible to work around the problem by upgrading to MySQL JDBC Connector 8.0.28 and following, which selects TLS 1.2 as the default protocol version. Although this resolves TLS protocol negotiation issues, it does not support customization of the TLS keystore and truststore properties, which may be necessary for some MySQL installations.
> Configuring the JDBC connection properties based on the {{SSL Mode}} and {{SSL Context Service}} properties should provide a more intuitive and flexible configuration approach.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)