启动到MySQL服务器的连接的默认值在最近发生了变化，并且(通过快速浏览关于堆栈溢出的最流行的问题和答案)新值引起了很多混乱。更糟糕的是，标准的建议似乎是完全禁用SSL，这是一场正在形成的灾难。

现在，如果您的连接确实没有暴露到网络(仅针对本地主机)，或者您正在一个没有实际数据的非生产环境中工作，那么当然:通过包含useSSL=false选项来禁用SSL没有害处。

对于其他人，需要以下一组选项来让SSL与证书和主机验证一起工作:

useSSL = true sslMode = VERIFY_IDENTITY trustCertificateKeyStoreUrl =文件:path_to_keystore trustCertificateKeyStorePassword =密码

作为一个额外的好处，看到你已经在玩选项，禁用弱SSL协议也很简单:

enabledTLSProtocols = TLSv1。2

例子

因此，作为一个工作示例，你需要遵循以下主要步骤:

首先，确保为MySQL服务器主机生成了有效的证书，并将CA证书安装到客户端主机上(如果使用自签名，则可能需要手动完成此操作，但对于流行的公共CA，它已经存在了)。

接下来，确保java密钥存储库包含所有CA证书。在Debian/Ubuntu上，通过运行:

update-ca-certificates -f
chmod 644 /etc/ssl/certs/java/cacerts

最后，更新连接字符串以包含所有必需的选项，这在Debian/Ubuntu上有点像(根据需要进行调整):

jdbc:mysql://{mysql_server}/confluence?useSSL=true&sslMode=VERIFY_IDENTITY&trustCertificateKeyStoreUrl=file%3A%2Fetc%2Fssl%2Fcerts%2Fjava%2Fcacerts&trustCertificateKeyStorePassword=changeit&enabledTLSProtocols=TLSv1.2&useUnicode=true&characterEncoding=utf8

参考:https://beansandanicechianti.blogspot.com/2019/11/mysql-ssl-configuration.html

像这样提到url:

jdbc:mysql://hostname:3306/hibernatedb?autoReconnect=true&useSSL=false

但是在xml配置中，当你提到& sign时，IDE会显示以下错误:

对实体“useSSL”的引用必须以“;”分隔符结束。

然后你必须显式地使用&在XML中，你必须在XML配置中给出这样的url，而不是将&确定为&:

<property name="connection.url">jdbc:mysql://hostname:3306/hibernatedb?autoReconnect=true&amp;useSSL=false</property>

你需要像这样使用你的mysql路径:

<property name="url" value="jdbc:mysql://localhost:3306/world?useSSL=true"/>

只需使用平台独立的zip或tar https://dev.mysql.com/downloads/connector/j/?os=26

根据https://dev.mysql.com/doc/connector-j/8.0/en/connector-j-connp-props-security.html, sslModel属性替换了过时的旧属性useSSL、requireSSL和verifyServerCertificate。因此，您可以使用连接字符串sslModel=DISABLED。

从8.0.13开始，useSSL参数现在已弃用，你应该使用sslMode:

MySQL:: MySQL Connector/J 8.0 Developer Guide:: 6.3.5 Security

sslMode By default, network connections are SSL encrypted; this property permits secure connections to be turned off, or a different levels of security to be chosen. The following values are allowed: "DISABLED" - Establish unencrypted connections; "PREFERRED" - (default) Establish encrypted connections if the server enabled them, otherwise fall back to unencrypted connections; "REQUIRED" - Establish secure connections if the server enabled them, fail otherwise; "VERIFY_CA" - Like "REQUIRED" but additionally verify the server TLS certificate against the configured Certificate Authority (CA) certificates; "VERIFY_IDENTITY" - Like "VERIFY_CA", but additionally verify that the server certificate matches the host to which the connection is attempted. This property replaced the deprecated legacy properties "useSSL", "requireSSL", and "verifyServerCertificate", which are still accepted but translated into a value for "sslMode" if "sslMode" is not explicitly set: "useSSL=false" is translated to "sslMode=DISABLED"; Unknown macro: {"useSSL=true", "requireSSL=false", "verifyServerCertificate=false"} is translated to "sslMode=PREFERRED"; Unknown macro: {"useSSL=true", "requireSSL=true", "verifyServerCertificate=false"} is translated to "sslMode=REQUIRED"; Unknown macro: {"useSSL=true" AND "verifyServerCertificate=true"} is translated to "sslMode=VERIFY_CA". There is no equivalent legacy settings for "sslMode=VERIFY_IDENTITY". Note that, for ALL server versions, the default setting of "sslMode" is "PREFERRED", and it is equivalent to the legacy settings of "useSSL=true", "requireSSL=false", and "verifyServerCertificate=false", which are different from their default settings for Connector/J 8.0.12 and earlier in some situations. Applications that continue to use the legacy properties and rely on their old default settings should be reviewed. The legacy properties are ignored if "sslMode" is set explicitly. If none of "sslMode" or "useSSL" is set explicitly, the default setting of "sslMode=PREFERRED" applies. Default Value PREFERRED Since Version 8.0.13