Uploaded image for project: 'Keycloak'
  1. Keycloak
  2. KEYCLOAK-11988

Regression: Container cannot connect to MySQL using TLS since switch to ubi8-minimal

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed (View Workflow)
    • Priority: Major
    • Resolution: Explained
    • Affects Version/s: 7.0.1, 8.0.0, 8.0.1
    • Fix Version/s: None
    • Component/s: Container
    • Labels:
      None
    • Docs QE Status:
      NEW
    • QE Status:
      NEW

      Description

      The container quay.io/keycloak/keycloak:7.0.1 cannot connect to MySQL using TLS anymore, while quay.io/keycloak/keycloak:7.0.0 could.

      I guess this regression is related to the switch to the ubi8-minimal base image.

      Nov 09 11:51:31 <server name> docker-compose[10706]: keycloak_1  | Caused by: javax.net.ssl.SSLHandshakeException: No appropriate protocol (protocol is disabled or cipher suites are inappropriate)
Nov 09 11:51:31 <server name> docker-compose[10706]: keycloak_1  |         at java.base/sun.security.ssl.HandshakeContext.<init>(HandshakeContext.java:169)
Nov 09 11:51:31 <server name> docker-compose[10706]: keycloak_1  |         at java.base/sun.security.ssl.ClientHandshakeContext.<init>(ClientHandshakeContext.java:98)
Nov 09 11:51:31 <server name> docker-compose[10706]: keycloak_1  |         at java.base/sun.security.ssl.TransportContext.kickstart(TransportContext.java:216)
Nov 09 11:51:31 <server name> docker-compose[10706]: keycloak_1  |         at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:395)
Nov 09 11:51:31 <server name> docker-compose[10706]: keycloak_1  |         at com.mysql.jdbc@5.1.46//com.mysql.jdbc.ExportControlled.transformSocketToSSLSocket(ExportControlled.java:186)
Nov 09 11:51:31 <server name> docker-compose[10706]: keycloak_1  |         ... 71 more

        Attachments

          Issue Links

          is related to

          Bug - A problem which impairs or prevents the functions of the product. KEYCLOAK-12017 Regression due to ubi-8/OpenJDK 11 upgrade: User Federation -> LDAP Connection doesn't support TLS < 1.2

          • Major - A request that should be considered seriously but is not a show stopper.
          • Closed

            Activity

              People

              Assignee:
              pcraveiro Pedro Igor Craveiro
              Reporter:
              marianrh-apa Marian Rainer-Harbach
              Votes:
              2 Vote for this issue
              Watchers:
              8 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: