【mysql】ssl

起因：项目上的DolphinScheduler连接不上数据库，查看worker日志提到SSL协议问题：

com.mysql.cj.jdbc.exceptions.CommunicationsException: Communications link failure
Caused by: java.io.EOFException: SSL peer shut down incorrectly

我的排除思路：

1、使用命令连接：

        1）mysql -uxxxx -p   

                error:ssl_choose_client_version:unsupported protocol

        2）使用客户环境登入mysql查看TLS版本，发现5.7版本为TLSv1,TLSv1.1：SHOW VARIABLES LIKE 'tls_version';

       3）查看mysql版本发现本地workbench是8.0.30，而客户的MySQL版本为5.7。

2、网上查阅相关问题：

        1）查阅官网发现问题原因，原来是8.0.15后去除了TLSv1：MySQL :: MySQL 8.0 Reference Manual :: 8.3.2 Encrypted Connection TLS Protocols and Ciphers

Supported TLS Protocols

The set of protocols permitted for connections to a given MySQL server instance is subject to multiple factors as follows:

MySQL Server release

• Up to and including MySQL 8.0.15, MySQL supports the TLSv1, TLSv1.1, and TLSv1.2 protocols.

• As of MySQL 8.0.16, MySQL also supports the TLSv1.3 protocol. To use TLSv1.3, both the MySQL server and the client application must be compiled using OpenSSL 1.1.1 or higher. The Group Replication component supports TLSv1.3 from MySQL 8.0.18 (for details, see Section 20.6.2, “Securing Group Communication Connections with Secure Socket Layer (SSL)”).

• As of MySQL 8.0.26, the TLSv1 and TLSv1.1 protocols are deprecated. These protocol versions are old, released in 1996 and 2006, respectively, and the algorithms used are weak and outdated. For background, refer to the IETF memo Deprecating TLSv1.0 and TLSv1.1.

• As of MySQL 8.0.28, MySQL no longer supports the TLSv1 and TLSv1.1 protocols. From this release, clients cannot make a TLS/SSL connection with the protocol set to TLSv1 or TLSv1.1. For more details, see Removal of Support for the TLSv1 and TLSv1.1 Protocols.

  

  解决：回退DolphinScheduler worker节点mysql版本>8.0.26