0

I need to connect RDS through SSH for now(Local -> EC2 -> RDS).

So I tried to connect MySQL via SSH Tunnel option on Datagrip, however, It cannot connect to server.

[08S01] Communications link failure The last packet sent successfully to the server was 0 milliseconds ago. The driver has not received any packets from the server. No appropriate protocol (protocol is disabled or cipher suites are inappropriate).

I tried MySQL Workbench with Standard TCP/IP over SSH option. It works well.

Is that different between TCP/IP over SSH and SSH Tunnel?

Or Did I something wrong?

MySQL Workbench

This is my workbench screenshot. It works.

Datagrip2

Datagrip3

Datagrip1

This is my Datagrip screenshot. I wrote host as RDS endpoint but it failed.

Improve this question

1 Answer 1

Reset to default
2

Please read issue DBE-13313 and try suggested workarounds, the issue is with disabled TLSv1 protocol:

Workaround #1

We've updated java recently and we've moved to TLSv1 to the jdk.tls.disabledAlgorithms due to security reasons. So to get it back you need to do the following:

  1. Create a file custom.java.security with the following contents:

    jdk.tls.disabledAlgorithms=SSLv3, RC4, DES, MD5withRSA, \ DH keySize < 1024, EC keySize < 224, 3DES_EDE_CBC, anon, NULL, \ include jdk.disabled.namedCurves

I removed TLSv1 from the list.

  1. Go to you data source Advanced tab and add to VM Options: -Djava.security.properties=${PATH_TO_FILE?}/custom.java.security. Don't forget to replace ${PATH_TO_FILE?}.

  2. Restart IDE.

  3. You can connect.

Workaround #2

If you are running MySQL 8.0, 5.7.28, 5.6.46 and later and your server is configured with TLSv1.2 you can enabled it in driver: open up data source properties, switch to Advanced tab and set value for enabledTLSprotocols to TLSv1,TLSv1.1,TLSv1.2,TLSv1.3

Due to MySQL bug you can receive error bad handshake, that means you can't use TLSv1.2, in this case please disable this option and use workaround #1.

Workaround #3

enabledTLSProtocols = TLSv1.1 ( optional ) VM Options = "-Djdk.tls.disabledAlgorithms=SSLv3, TLSv1, RC4, DES, MD5withRSA, DH keySize < 1024, EC keySize < 224, 3DES_EDE_CBC, anon, NULL, include jdk.disabled.namedCurves"

Improve this answer
2
  • Thank you! I'm using Mysql 5.7.25 so Workaround #2 not working and I applied Workaround #3 only adding "-Djdk.tls.disabledAlgorithms=SSLv3, TLSv1, RC4, DES, MD5withRSA, DH keySize < 1024, EC keySize < 224, 3DES_EDE_CBC, anon, NULL, include jdk.disabled.namedCurves" into VM options. Commented Mar 10, 2022 at 5:26
  • Workaround #2 worked for me Commented Feb 22, 2023 at 5:38

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.