I've been using MySQL ("Cloud SQL") on Google's platform for years. First Generation. SSL connections only. I have had all my certs in place for months and running just fine. My certificates are not expired. Over the last day and a half I have been unable to connect to the database!!! Tried restarting the database. Did google change something in their environment as a result of the denial of service attacks that started Friday?
Exception in thread "main" java.sql.SQLNonTransientConnectionException: SSL Connection required, but not supported by server.
at com.mysql.cj.jdbc.exceptions.SQLError.createSQLException(SQLError.java:550)
at com.mysql.cj.jdbc.exceptions.SQLError.createSQLException(SQLError.java:537)
at com.mysql.cj.jdbc.exceptions.SQLError.createSQLException(SQLError.java:527)
at com.mysql.cj.jdbc.exceptions.SQLError.createSQLException(SQLError.java:512)
at com.mysql.cj.jdbc.exceptions.SQLError.createSQLException(SQLError.java:480)
at com.mysql.cj.jdbc.exceptions.SQLError.createSQLException(SQLError.java:498)
at com.mysql.cj.jdbc.exceptions.SQLError.createSQLException(SQLError.java:494)
at com.mysql.cj.jdbc.exceptions.SQLExceptionsMapping.translateException(SQLExceptionsMapping.java:72)
at com.mysql.cj.jdbc.ConnectionImpl.createNewIO(ConnectionImpl.java:1634)
at com.mysql.cj.jdbc.ConnectionImpl.<init>(ConnectionImpl.java:637)
at com.mysql.cj.jdbc.ConnectionImpl.getInstance(ConnectionImpl.java:351)
at com.mysql.cj.jdbc.NonRegisteringDriver.connect(NonRegisteringDriver.java:224)
at java.sql.DriverManager.getConnection(DriverManager.java:664)
at java.sql.DriverManager.getConnection(DriverManager.java:208)
at ... my code
What's going on?
So after some investigation I see that my server side certificates went missing . I found this out by using the Developer Console to restart my CloudSQL instance. Then I investigated the logs.
2016-10-22 12:42:47 0 [Note] (mysqld 5.6.31-log) starting as process 554455 ...
2016-10-22 12:42:47 554455 [Note] Semi-sync replication initialized for transactions.
2016-10-22 12:42:47 554455 [Note] Semi-sync replication enabled on the master.
2016-10-22 12:42:47 554455 [Note] InnoDB: Using atomics to ref count buffer pool pages
2016-10-22 12:42:47 554455 [Note] InnoDB: The InnoDB memory heap is disabled
2016-10-22 12:42:47 554455 [Note] InnoDB: Mutexes and rw_locks use GCC atomic builtins
2016-10-22 12:42:47 554455 [Note] InnoDB: Memory barrier is not used
2016-10-22 12:42:47 554455 [Note] InnoDB: Compressed tables use zlib 1.2.8
2016-10-22 12:42:47 554455 [Note] InnoDB: Using CPU crc32 instructions
2016-10-22 12:42:47 554455 [Note] InnoDB: Initializing buffer pool, size = 96.0M
2016-10-22 12:42:47 554455 [Note] InnoDB: Completed initialization of buffer pool
2016-10-22 12:42:47 554455 [Note] InnoDB: Highest supported file format is Barracuda.
2016-10-22 12:42:51 554455 [Note] InnoDB: 128 rollback segment(s) are active.
2016-10-22 12:42:51 554455 [Note] InnoDB: 5.6.31 started; log sequence number 10094548402
2016-10-22 12:42:52 554455 [Note] RSA private key file not found: /sfs/project/database/data//private_key.pem. Some authentication plugins will not work.
2016-10-22 12:42:52 554455 [Note] RSA public key file not found: /sfs/project/database/data//public_key.pem. Some authentication plugins will not work.
2016-10-22 12:42:52 554455 [Note] Add the 'cloudsqladmin' user with the password hash '*ACE49C8814A8031C812FD739A573BDD4FFF8F7EE'
2016-10-22 12:42:53 554455 [Note] Event Scheduler: Loaded 0 events
2016-10-22 12:42:53 554455 [Note] : ready for connections.
Version: '5.6.31-log' socket: '' port: 0 (43, 47) (Google)
I'm still hoping to understand how this happened, will update when I can. Considering this happened on Google's side I'm not sure I can fix it directly. I see that there is an option to "Reset SSL Configuration" in the Dev Console. I hope I don't have to do that because it would mean rolling out new certs to production code and all devlopers. My issue also tracked here: https://code.google.com/p/googlecloudsql/issues/detail?id=188