Error Is Reported or Connection Is Blocked in SSL Mode
Symptom
When JDBC establishes a connection in SSL mode, a strong random number is obtained on the client. During the connection establishment, the error information may be displayed in different scenarios.
Scenario 1: Error report.
Scenario 2: The connection is blocked. If loginTimeout is set in the connection string, the message "Connection attempt timed out" is displayed. If this parameter is not set, the connection is blocked.
Cause Analysis
The random number generation on the client is too slow to meet product requirements. The entropy source is insufficient. As a result, the service fails to be started. This problem exists in some Linux environments.
Solution
- Method 1: Start the haveged service on the client and increase the entropy value of the system entropy pool to improve the speed of reading random numbers.
- Method 2: Adjust the JDK configuration on the client.
Open the $JAVA_PATH/jre/lib/security/java.security file and modify the following configuration items:
securerandom.source=file:/dev/./urandom securerandom.strongAlgorithms=NativePRNGNonBlocking:SUN
The essence of method 2 is to use pseudo-random numbers instead of strong random numbers to reduce the entropy value to be consumed. All applications that use the JDK on the client are affected. Pseudo-random numbers are used to instead of strong random numbers.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
