SSL connection through MySQL Connector/J fails with javax.net.ssl.SSLException: Unsupported record version Unknown-0.0

Bug #930145 reported by Elena Stepanova
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
MariaDB
Fix Released
Undecided
Vladislav Vaintroub

Bug Description

An attempt to establish an SSL connection to MariaDB server 5.1.60, 5.2.10, 5.3.2, 5.3.3 through MySQL Connector/J (5.1.18) fails with the exception below.
The same connection to MariaDB 5.2.9 and 5.3.1 works fine, as well as MySQL 5.1.60.
In maria-5.2 tree the problem appeared between revno 3050 and 3052 -- 3050 works, 3052 does not.

Originally the problem was reported in AskMonty Knowledgebase (http://kb.askmonty.org/en/ssl-with-other-clients-than-the-original-mariadb-client)

com.mysql.jdbc.exceptions.jdbc4.CommunicationsException: Communications link failure

The last packet successfully received from the server was 1,400 milliseconds ago. The last packet sent successfully to the server was 1,355 milliseconds ago.
        at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
        at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:57)
        at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
        at java.lang.reflect.Constructor.newInstance(Constructor.java:532)
        at com.mysql.jdbc.Util.handleNewInstance(Util.java:411)
        at com.mysql.jdbc.SQLError.createCommunicationsException(SQLError.java:1116)
        at com.mysql.jdbc.ExportControlled.transformSocketToSSLSocket(ExportControlled.java:105)
        at com.mysql.jdbc.MysqlIO.negotiateSSLConnection(MysqlIO.java:4664)
        at com.mysql.jdbc.MysqlIO.doHandshake(MysqlIO.java:1354)
        at com.mysql.jdbc.ConnectionImpl.coreConnect(ConnectionImpl.java:2336)
        at com.mysql.jdbc.ConnectionImpl.connectOneTryOnly(ConnectionImpl.java:2369)
        at com.mysql.jdbc.ConnectionImpl.createNewIO(ConnectionImpl.java:2153)
        at com.mysql.jdbc.ConnectionImpl.<init>(ConnectionImpl.java:792)
        at com.mysql.jdbc.JDBC4Connection.<init>(JDBC4Connection.java:47)
        at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
        at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:57)
        at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
        at java.lang.reflect.Constructor.newInstance(Constructor.java:532)
        at com.mysql.jdbc.Util.handleNewInstance(Util.java:411)
        at com.mysql.jdbc.ConnectionImpl.getInstance(ConnectionImpl.java:381)
        at com.mysql.jdbc.NonRegisteringDriver.connect(NonRegisteringDriver.java:305)
        at java.sql.DriverManager.getConnection(DriverManager.java:620)
        at java.sql.DriverManager.getConnection(DriverManager.java:169)
        at test.main(test.java:25)
Caused by: javax.net.ssl.SSLException: Unsupported record version Unknown-0.0
        at sun.security.ssl.InputRecord.readV3Record(InputRecord.java:394)
        at sun.security.ssl.InputRecord.read(InputRecord.java:376)
        at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:850)
        at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1190)
        at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1217)
        at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1201)
        at com.mysql.jdbc.ExportControlled.transformSocketToSSLSocket(ExportControlled.java:90)
        ... 17 more

Below is the code of the java test to reproduce the failure. It is based on ConnectionRegressionTest.testBug25545 from Connector/J test suite. The same test (code, class, connector, test certificates) is attached to the bug. Extract the contents of the archive, start MariaSB server with the certificates from ssl_test/ssl-test-certs on port 3306, cd ssl_test, run '. ./run'.

# Java test:

import java.sql.Connection;
import java.sql.DriverManager;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.util.Properties;

public class test
{
   public static void main (String argv[])
   {
      String dbUrl = "jdbc:mysql:///test";
      String trustStorePath = "ssl-test-certs/test-cert-store";

      System.setProperty("javax.net.ssl.keyStore", trustStorePath);
      System.setProperty("javax.net.ssl.keyStorePassword", "password");
      System.setProperty("javax.net.ssl.trustStore", trustStorePath);
      System.setProperty("javax.net.ssl.trustStorePassword", "password");

      Connection sslConn = null;

      try {
            Properties props = new Properties();
            props.setProperty("useSSL", "true");
            props.setProperty("requireSSL", "true");
            sslConn = DriverManager.getConnection(dbUrl, props);

            ResultSet valueRs = sslConn.createStatement().executeQuery("SELECT CONNECTION_ID()");
            if (!valueRs.next()) {
                  System.out.println("No result set, something is wrong");
            }

            String conId = valueRs.getObject(1).toString();
            System.out.println("Established connection " + conId + "\n" );

      }
      catch (Exception e) {
            System.out.println("Could not connect... " + e + "\n");
            e.printStackTrace();
      }
   }
}

# End of java test

Revision history for this message
Elena Stepanova (elenst) wrote :
Revision history for this message
Elena Stepanova (elenst) wrote :

Also filed in JIRA as MDEV-140

Changed in maria:
assignee: Sergei (sergii) → Vladislav Vaintroub (wlad-montyprogram)
Changed in maria:
status: New → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers

Bug attachments