mysql allows to connect the jdbc via SSL.
Unfortunately it uses the java default SSLSocketFactory
that allows for weak (40bit) and null-ciphers.
Currently, I don't see how to do better with c3p0 in a
What could be the solution approaches?
Besides specifying the allowed ssl parameters with
attributes for the jndi datasource, one option is to
write a SSLSocketFactory for this and have the
datasource/pool just use that class.
This should happen in a thread-safe way and not via
System.setProperty(...) because my application may have
other SSL connections (e.g. axis) that might have to
satisfy other cipher requirements.
P.S.: Using jdbc with SSL is nice because with a pool
if I have any other tunnel, I will have to make sure
that tunnel gets re-established if it ever goes down.
With a DataSource Pool, this appears to be a lot
simpler to me.