When this was called,
java.sql.DriverManager.getConnection( connection, props)
We got the following exceptions
com.mysql.jdbc.exceptions.jdbc4.MySQLNonTransientConnectionException: Could not create connection to database server. Attempted reconnect 3 times. Giving up.
Caused by: javax.net.ssl.SSLHandshakeException: DHPublicKey does not comply to algorithm constraints
at sun.security.ssl.DHCrypt.checkConstraints(DHCrypt.java:237)
at sun.security.ssl.ClientHandshaker.serverKeyExchange(ClientHandshaker.java:765)
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:268)
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1052)
at sun.security.ssl.Handshaker.process_record(Handshaker.java:987)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1072)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1385)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1413)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1397)
at com.mysql.jdbc.ExportControlled.transformSocketToSSLSocket(ExportControlled.java:89)
… 134 more
How? It’s probably due to your SSL connection to the database is using an algorithm that is not as secured as JRE allows.
Solution
Open the file:
/usr/lib/jvm/java-8-oracle/jre/lib/security/java.security
Then look for this line:
jdk.tls.disabledAlgorithms=SSLv3, RC4, MD5withRSA, DH keySize < 1024, \
EC keySize < 224, DES40_CBC, RC4_40, 3DES_EDE_CBC
and replace it with
jdk.tls.disabledAlgorithms=SSLv3, RC4, MD5withRSA, \
DES40_CBC, RC4_40, 3DES_EDE_CBC
DH keySize and EC keySize restrictions were removed.