0

I need to connect RDS through SSH for now(Local -> EC2 -> RDS).

So I tried to connect MySQL via SSH Tunnel option on Datagrip, however, It cannot connect to server.

[08S01] Communications link failure  The last packet sent successfully to the server was 0 milliseconds ago. The driver has not received any packets from the server. No appropriate protocol (protocol is disabled or cipher suites are inappropriate).

I tried MySQL Workbench with Standard TCP/IP over SSH option. It works well.

Is that different between TCP/IP over SSH and SSH Tunnel?

Or Did I something wrong?

MySQL Workbench

This is my workbench screenshot. It works.

Datagrip2

Datagrip3

Datagrip1

This is my Datagrip screenshot. I wrote host as RDS endpoint but it failed.

Minkyu Kim
  • 127
  • 3
  • 10

1 Answers1

2

Please read issue DBE-13313 and try suggested workarounds, the issue is with disabled TLSv1 protocol:

Workaround #1

We've updated java recently and we've moved to TLSv1 to the jdk.tls.disabledAlgorithms due to security reasons. So to get it back you need to do the following:

  1. Create a file custom.java.security with the following contents:

    jdk.tls.disabledAlgorithms=SSLv3, RC4, DES, MD5withRSA, \
    DH keySize < 1024, EC keySize < 224, 3DES_EDE_CBC, anon, NULL, \
    include jdk.disabled.namedCurves

I removed TLSv1 from the list.

  1. Go to you data source Advanced tab and add to VM Options: -Djava.security.properties=${PATH_TO_FILE?}/custom.java.security. Don't forget to replace ${PATH_TO_FILE?}.

  2. Restart IDE.

  3. You can connect.

Workaround #2

If you are running MySQL 8.0, 5.7.28, 5.6.46 and later and your server is configured with TLSv1.2 you can enabled it in driver: open up data source properties, switch to Advanced tab and set value for enabledTLSprotocols to TLSv1,TLSv1.1,TLSv1.2,TLSv1.3

Due to MySQL bug you can receive error bad handshake, that means you can't use TLSv1.2, in this case please disable this option and use workaround #1.

Workaround #3

enabledTLSProtocols = TLSv1.1 ( optional ) VM Options = "-Djdk.tls.disabledAlgorithms=SSLv3, TLSv1, RC4, DES, MD5withRSA, DH keySize < 1024, EC keySize < 224, 3DES_EDE_CBC, anon, NULL, include jdk.disabled.namedCurves"

Paul White
  • 94,921
  • 30
  • 437
  • 687
Yuri Win
  • 116
  • 1