OpenJDK 11 use TLS 1.2 in JDBC connection string

Question

My remote MySQL server only accepts connections over TLS 1.2. How do i select protocol version in JDBC (OpenJDK 11)?

SQL State: 28000
java.sql.SQLException: TLS version used does not meet minimal requirements
for this server. Please use a higher TLS version and retry.

<dependency>
  <groupId>mysql</groupId>
  <artifactId>mysql-connector-java</artifactId>
  <version>8.0.21</version>
</dependency>

I've tried adding enabledSslProtocolSuites to my connection string but to no avail.

jdbc:mysql://{server}.mysql.database.azure.com:3306/{database_name}?
  serverTimezone=Australia/Melbourne&useSSL=true&requireSSL=true&enabledSslProtocolSuites=TLSv1.2

Adding -Djdk.tls.client.protocols="TLSv1.2" -Djavax.net.debug=all when launching mvn exec:java reveals attempts to Client Hello with TLS 1.1.

javax.net.ssl|DEBUG|0C|azuremysqltest.App.main()|
2020-08-31 09:16:34.400 UTC|ClientHello.java:653|
Produced ClientHello handshake message (
"ClientHello": {
  "client version"      : "TLSv1.1",
  "random"              : "0D 94 D2 90 A7 C0 ...",
  "session id"          : "",
  "cipher suites"       : ...

Answer 1

You can (obviously) select the TLS version for the mysql driver (java vendor independently) via the enabledTLSProtocols property (8.0 reference):

• enabledTLSProtocols

---

If "useSSL" is set to "true", overrides the TLS protocols enabled for use on the underlying SSL sockets. This may be used to restrict connections to specific TLS versions. |Since|Version 8.0.8|

In your case the value =TLSv1.2 approved working. Sorry I can't find the reference on the (exact) value(s) of this property, but we can further investigate/get supported ssl protocol versions like here.