SSLHandShakeException No Appropriate Protocol

We Are Going To Discuss About SSLHandShakeException No Appropriate Protocol. So lets Start this Java Article.

SSLHandShakeException No Appropriate Protocol

  1. SSLHandShakeException No Appropriate Protocol

    In $JRE/lib/security/java.security:
    jdk.tls.disabledAlgorithms=SSLv3, TLSv1, RC4, DES, MD5withRSA, DH keySize < 1024, \ EC keySize < 224, 3DES_EDE_CBC, anon, NULL

  2. SSLHandShakeException No Appropriate Protocol

    In $JRE/lib/security/java.security:
    jdk.tls.disabledAlgorithms=SSLv3, TLSv1, RC4, DES, MD5withRSA, DH keySize < 1024, \ EC keySize < 224, 3DES_EDE_CBC, anon, NULL

Solution 1

In $JRE/lib/security/java.security:

jdk.tls.disabledAlgorithms=SSLv3, TLSv1, RC4, DES, MD5withRSA, DH keySize < 1024, \
EC keySize < 224, 3DES_EDE_CBC, anon, NULL

This line is enabled, after I commented out this line, everything is working fine. Apparently after/in jre1.8.0_181 this line is enabled.

My Java version is “1.8.0_201.

Original Author wwjih123 Of This Content

Solution 2

I also run into this with the Java8 update 1.8.0.229 on Ubuntu 18.04.

I changed the following part:

# Example:
#   jdk.tls.disabledAlgorithms=MD5, SSLv3, DSA, RSA keySize < 2048
#jdk.tls.disabledAlgorithms=SSLv3, TLSv1, TLSv1.1, RC4, DES, MD5withRSA, \
#    DH keySize < 1024, EC keySize < 224, 3DES_EDE_CBC, anon, NULL, \
#    include jdk.disabled.namedCurves

jdk.tls.disabledAlgorithms=SSLv3, RC4, DES, MD5withRSA, \
    DH keySize < 1024, EC keySize < 224, 3DES_EDE_CBC, anon, NULL, \
    include jdk.disabled.namedCurves

I removed TLSv1 and TLSv1.1 from the list of jdk.tls.disabledAlgorithms inside the file

/etc/java-8-openjdk/security/java.security

After checking this:

Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 28
Server version: 5.7.33-0ubuntu0.18.04.1 (Ubuntu)

Copyright (c) 2000, 2021, Oracle and/or its affiliates.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql> SHOW GLOBAL VARIABLES LIKE 'tls_version';
+---------------+-----------------------+
| Variable_name | Value                 |
+---------------+-----------------------+
| tls_version   | TLSv1,TLSv1.1,TLSv1.2 |
+---------------+-----------------------+
1 row in set (0.00 sec)

mysql> exit

Original Author Rodney Of This Content

Solution 3

protocol is disabled or cipher suites are inappropriate

The key to the problem lies in that statement. What it basically means is either:

  1. The TLS implementation used by the client does not support the cipher suites used by the server’s certificate.
  2. The TLS configuration on the server has disabled cipher suites supported by the client.
  3. The TLS configurations on the client disable cipher suites offered by the server.
  4. TLS version incompatibility between the client and server.

This leads to handshake failure in TLS, and the connection fails. Check one or all of the three scenarios above.

Original Author automaton Of This Content

Solution 4

You can add the expected TLS protocol to your connection string like this:

jdbc:mysql://localhost:3306/database_name?enabledTLSProtocols=TLSv1.2

That fixed the problem for me.


Edit 04-02-2022:

As Yair’s comment says:

Since Connector/J 8.0.28 enabledTLSProtocols has been renamed to tlsVersions.

Original Author Gerard de Visser Of This Content

Conclusion

So This is all About This Tutorial. Hope This Tutorial Helped You. Thank You.

Also Read,

Siddharth

I am an Information Technology Engineer. I have Completed my MCA And I have 4 Year Plus Experience, I am a web developer with knowledge of multiple back-end platforms Like PHP, Node.js, Python and frontend JavaScript frameworks Like Angular, React, and Vue.

Leave a Comment