My Oracle Support Banner

Older Connector/J Failed to Connect to 5.7.29 - KeyUsage does not allow digital signatures (Doc ID 2653539.1)

Last updated on APRIL 06, 2020

Applies to:

MySQL Server - Version 5.7 and later
Information in this document applies to any platform.

Symptoms

 Older version of Connector/J may connect to 5.7.27,  but fail to connect to 5.7.29 under some circumstances.  The stacktrace/error looks like this:

 

Changes

 After running the java application with -Djavax.net.debug=all  it is apparent that Connector/J 5.1 tries to use the following ciphers when connecting to MySQL 5.7.27 and 5.7.29 respectively:

5.7.27 is using: TLS_RSA_WITH_AES_256_CBC_SHA256 (works)
5.7.29 is using: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (fails)

Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Symptoms
Changes
Cause
Solution


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.