[
https://issues.apache.org/jira/browse/NIFI-10358?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
David Handermann updated NIFI-10358:
------------------------------------
Status: Patch Available (was: In Progress)
> Apply SSL Properties to JDBC Connection in CaptureChangeMySQL
> -------------------------------------------------------------
>
> Key: NIFI-10358
> URL: https://issues.apache.org/jira/browse/NIFI-10358
> Project: Apache NiFi
> Issue Type: Improvement
> Components: Extensions
> Reporter: David Handermann
> Assignee: David Handermann
> Priority: Minor
> Time Spent: 10m
> Remaining Estimate: 0h
>
> The {{CaptureChangeMySQL}} Processor supports TLS for Binary Log connections
> using the {{SSL Mode}} and {{SSL Context Service}} properties, but these
> settings do not apply to the JDBC enrichment connection.
> Without apply the SSL properties to the JDBC connection,
> {{CaptureChangeMySQL}} depends on the default MySQL JDBC Connector
> configuration to negotiate TLS settings. MySQL JDBC Connector versions prior
> to 8.0.28 enable deprecated TLS versions 1.0 and 1.1, but Java 8 Update 292
> and following disable TLS 1.0 and 1.1 in the default java.security
> configuration. As a result of this behavior, {{CaptureChangeMySQL}} can fail
> to establish a JDBC connection when running on a newer version of Java and an
> older version of the MySQL JDBC Connector. It is possible to work around the
> problem by upgrading to MySQL JDBC Connector 8.0.28 and following, which
> selects TLS 1.2 as the default protocol version. Although this resolves TLS
> protocol negotiation issues, it does not support customization of the TLS
> keystore and truststore properties, which may be necessary for some MySQL
> installations.
> Configuring the JDBC connection properties based on the {{SSL Mode}} and
> {{SSL Context Service}} properties should provide a more intuitive and
> flexible configuration approach.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
