MySQL - Java SSL connection throwing error

Question

I am trying to connect to MySQL DB from Java over SSL using the following program.

public class MySQLJDBC {

 public static void main(String[] args) throws ClassNotFoundException, SQLException {
  Class.forName("com.mysql.jdbc.Driver");
  String m_host = "localhost";
  String m_port = "3306";
  String m_db = "test";
  boolean isSSL = true;
  String dbUrl = "jdbc:mysql://" + m_host + ":" + m_port + "/" + m_db + "?noDatetimeStringSync=true&verifyServerCertificate=false&useSSL=" +String.valueOf(isSSL);
  String m_user = "root";
  String m_pass = "Pass";
  System.setProperty("javax.net.ssl.keyStore","D:/content/dev/connectors/Database (JDBC)/2011.1/src/mykeystore.jks");
  System.setProperty("javax.net.ssl.keyStorePassword","password");
  System.setProperty("javax.net.ssl.trustStore","D:/content/dev/connectors/Database (JDBC)/2011.1/src/mystore.jks");
  System.setProperty("javax.net.ssl.trustStorePassword","password");
  DriverManager.getConnection(dbUrl, m_user, m_pass);
  System.out.println(System.getProperty("javax.net.ssl.keyStore"));
 }
}

If I have the client keystores installed, this will throw the following exception.

Exception in thread "main" com.mysql.jdbc.exceptions.jdbc4.CommunicationsException: Communications link failure

Last packet sent to the server was 328 ms ago.
 at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
 at sun.reflect.NativeConstructorAccessorImpl.newInstance(Unknown Source)
 at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(Unknown Source)
 at java.lang.reflect.Constructor.newInstance(Unknown Source)
 at com.mysql.jdbc.Util.handleNewInstance(Util.java:406)
 at com.mysql.jdbc.SQLError.createCommunicationsException(SQLError.java:1074)
 at com.mysql.jdbc.ConnectionImpl.createNewIO(ConnectionImpl.java:2104)
 at com.mysql.jdbc.ConnectionImpl.<init>(ConnectionImpl.java:729)
 at com.mysql.jdbc.JDBC4Connection.<init>(JDBC4Connection.java:46)
 at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
 at sun.reflect.NativeConstructorAccessorImpl.newInstance(Unknown Source)
 at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(Unknown Source)
 at java.lang.reflect.Constructor.newInstance(Unknown Source)
 at com.mysql.jdbc.Util.handleNewInstance(Util.java:406)
 at com.mysql.jdbc.ConnectionImpl.getInstance(ConnectionImpl.java:302)
 at com.mysql.jdbc.NonRegisteringDriver.connect(NonRegisteringDriver.java:283)
 at java.sql.DriverManager.getConnection(Unknown Source)
 at java.sql.DriverManager.getConnection(Unknown Source)
 at MySQLJDBC.main(MySQLJDBC.java:20)
Caused by: com.mysql.jdbc.exceptions.jdbc4.CommunicationsException: Communications link failure

Last packet sent to the server was 328 ms ago.
 at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
 at sun.reflect.NativeConstructorAccessorImpl.newInstance(Unknown Source)
 at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(Unknown Source)
 at java.lang.reflect.Constructor.newInstance(Unknown Source)
 at com.mysql.jdbc.Util.handleNewInstance(Util.java:406)
 at com.mysql.jdbc.SQLError.createCommunicationsException(SQLError.java:1074)
 at com.mysql.jdbc.ExportControlled.transformSocketToSSLSocket(ExportControlled.java:102)
 at com.mysql.jdbc.MysqlIO.negotiateSSLConnection(MysqlIO.java:4357)
 at com.mysql.jdbc.MysqlIO.doHandshake(MysqlIO.java:1302)
 at com.mysql.jdbc.ConnectionImpl.createNewIO(ConnectionImpl.java:2032)
 ... 12 more
Caused by: java.net.SocketException: Software caused connection abort: socket write error
 at java.net.SocketOutputStream.socketWrite0(Native Method)
 at java.net.SocketOutputStream.socketWrite(Unknown Source)
 at java.net.SocketOutputStream.write(Unknown Source)
 at com.sun.net.ssl.internal.ssl.OutputRecord.writeBuffer(Unknown Source)
 at com.sun.net.ssl.internal.ssl.OutputRecord.write(Unknown Source)
 at com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecordInternal(Unknown Source)
 at com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(Unknown Source)
 at com.sun.net.ssl.internal.ssl.Handshaker.sendChangeCipherSpec(Unknown Source)
 at com.sun.net.ssl.internal.ssl.ClientHandshaker.sendChangeCipherAndFinish(Unknown Source)
 at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverHelloDone(Unknown Source)
 at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(Unknown Source)
 at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Unknown Source)
 at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Unknown Source)
 at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown Source)
 at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
 at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source)
 at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source)
 at com.mysql.jdbc.ExportControlled.transformSocketToSSLSocket(ExportControlled.java:87)
 ... 15 more

If I comment out the keystore lines, the connection happens.

//System.setProperty("javax.net.ssl.keyStore","D:/content/dev/connectors/Database (JDBC)/2011.1/src/mykeystore.jks");
//System.setProperty("javax.net.ssl.keyStorePassword","password");, 

then the conection happens fine. My Questions are,

1. Any idea why I am getting this error with this keystore specified?
2. I dont want a mutual authentication. Hence I want to say to the server not to validate the client certificate. Is there any property for this?

Any answers are appreciated.

Answer 1

1. If it works without the keystore and not with it, (a) there is something wrong with what's in it, and (b) you don't need it anyway.

2. If you don't want to send a client certificate, don't specify a keystore that contains one.