#9 Allow to specify SSL socketFactory

Ralf Hauser

mysql allows to connect the jdbc via SSL.

Unfortunately it uses the java default SSLSocketFactory
that allows for weak (40bit) and null-ciphers.

Currently, I don't see how to do better with c3p0 in a
thread-safe way?

What could be the solution approaches?
Besides specifying the allowed ssl parameters with
attributes for the jndi datasource, one option is to
write a SSLSocketFactory for this and have the
datasource/pool just use that class.
This should happen in a thread-safe way and not via
System.setProperty(...) because my application may have
other SSL connections (e.g. axis) that might have to
satisfy other cipher requirements.

see also http://bugs.mysql.com/bug.php?id=17320

P.S.: Using jdbc with SSL is nice because with a pool
if I have any other tunnel, I will have to make sure
that tunnel gets re-established if it ever goes down.
With a DataSource Pool, this appears to be a lot
simpler to me.


  • Steve Waldman
    Steve Waldman

    Logged In: YES
    Originator: NO

    first, sorry, this is very old, i seem to have just missed it.

    second, i'm not sure what you want me to do... how a jdbc driver communicates with the database is a jdbc-driver level issue, it sounds like this is some mysql-specific support you want? or would there be some way (other than by mucking around with JVM defaults in the System class, which as you note is not really an appropriate thing for a library to do) of controlling how networked dbs end up communicating with their hosts that would not be driver/dbms-specific? I'm having a hard time imagining how that would work...

    sorry again for the looooong nonresponse!