How to disable JDBC MySQL SSL

#1

Hi All,

After I upgraded my Metabase instance to v.32.1, I couldn’t connect to our MySQL database source.

I’ve checked the log and it looks like it keeps trying to connect using SSL but my MySQL doesn’t have SSL enabled in it.

Can you please advise how we can connect without SSL? What option do I need to put in the JDBC option field?

Please help.

Thank you.

H

#2

Hi @cehau37
Try 0.32.2 - it fixed some stuff with MySQL and SSL.
It shouldn’t try to connect with SSL by default, but try these options:

useSSL=false&requireSSL=false

Otherwise provide the logs. And which version did you upgrade from?

#3

Hi,

Thank you for your help. However, the options given “useSSL=false&requireSSL=false” didnt’ work.

Below are the logs that we have…

java.sql.SQLException: Trying to connect with ssl, but ssl not enabled in the server
Apr 05 14:19:28 xxx metabase[64253]: :dbname “java.sql.SQLException: Trying to connect with ssl, but ssl not enabled in the server”,
Apr 05 14:19:28 xxx metabase[64253]: :message “java.sql.SQLException: Trying to connect with ssl, but ssl not enabled in the server”}

Please help…

#4

@cehau37
Did you try upgrading to 0.32.2? Which version of MySQL?
I’ve just tried to add skip_ssl to my MariaDB 10.3 configuration and restarted, and Metabase connects without problems.

#5

Yes. I did try upgrading my 31.2 to 32.2.

Im using mariadb 10.2

#6

Okay, I cannot reproduce your issue. Try looking at the logs to see if you see something. Otherwise I can only recommend that you downgrade to 0.31.2
Out of curiosity, why is MariaDB configured with skip_ssl ?

#7

we didnt configure skip_ssl… we want to disable have_openssl… is it possible?

#8

But then just disable that on the MariaDB server. have_openssl is a global variable, so it cannot be set by the client/session.

#9

I had an issue after upgrading, where none of my questions could load - traced it back to the details column of metabase_database containing a parameter about SSL, which was not enabled previously for this DB.

Removing that restored access to my questions, but I really didn’t expect a normal upgrade to change settings like this.

I initially tried to disable SSL from the admin dashboard, but it was grayed out and “disabled”, although clicking the save button (and triggering a DB conn check), returned the error that the DB did not support SSL.

#10

Hi @bakavic
Which version did you upgrade from and to which version?
Can you post your details column - replace sensitive content with X ?

EDIT: Do you have the details column from before and after the upgrade, can you provide both?

#11

Can you please advise which area in admin that you tried to disable SSL from? I’ve been trying to find it in the Admin area without any success.

#12

I upgraded from 0.28.1 to 0.32.5.

My original details column (after upgrade) was:
{"host":"XXXX","port":3306,"dbname":"XXXX","user":"XXXX","password":"XXXX","tunnel-port":22,"ssl":"true"}

I removed "ssl":"true", and my queries could work again. The error I was seeing in the metabase logs was:

SQLException:
 Message: Connections could not be acquired from the underlying database!
 SQLState: null
 Error Code: 0

SQLException:
 Message: An SQLException was provoked by the following failure: com.mchange.v2.resourcepool.ResourcePoolException: A ResourcePool cannot acquire a new resource -- the factory or source appears to be down.
 SQLState: null
 Error Code: 0

Interestingly, the other MySQL database I had in the table was not affected with the problem, and questions using that database was fine.

#13

It’s not in the admin panel, I was directly editing the metabase database, metabase_database table, and the details column of the database row.

You can have a look and see if the "ssl": "true" parameter is enabled there, and perhaps trying removing it (temporarily), and see if that solves your problem.

#14

{“host”:“xxxxx”,“port”:3306,“dbname”:“xxxxx”,“user”:“xxxxx”,“password”:“xxxxxxx”,“additional-options”:null,“tunnel-port”:22,“let-user-control-scheduling”:true}

In my details column, there’s no ssl:true but for some reasons if I use v32.1, it keeps trying to connect using SSL…

Very annoying…

#15

@bakavic
That is so strange. I have not been able to reproduce it, but I remember someone else reporting similar problem (I cannot find it right now).
Have you checked if the details column in the database before the upgrade? I’m wondering if "ssl":"true" gets added or if it was already there.

#16

@cehau37 You should try 0.32.5, there are known issues with 0.32.1

#17

Hmm, I didn’t check this before the upgrade, but there is no SSL for my DB, and the behaviour before the upgrade was non-SSL connections.