Layer7 API Management

I just upgraded one of my clustered gateways from v9.2 to v9.4.  

I had no issues with the patching but after the patching 9.3 platform / 9.4 platform / 9.4 Appliance I am seeing a ton of these error / warning messages in the Gateway node logs.


What new parameter or setting am I missing to make thse Warnings go away?  

Gateway is accepting traffic against it so no problems there but I honestly don't like see all these Warnings in the logs.  Any thoughts?

Appreciate the help.

------------------------------
Rick Reed
FedEx Services
------------------------------

Dear Rick,
I see the same problem on my gateway 9.4.
I believe it's due the new mysql 5.7 requires explicit option of useSSL in jdbc url.
The solution below seems to work for me,
1. modify node.properties file (under folder /opt/SecureSpan/Gateway/node/default/etc/conf/)
append one line,

l7.mysql.url.parameters.extra=&useSSL=false

(need to restart gateway)

2. check all your jdbc connections on policy manager (for example, the OTK jdbc connection), ensure useSSL parameter is added to the jdbc url.
for example,
jdbc:mysql://localhost:3306/otk_db?useSSL=false

Regards,
Mark

Original Message:
Sent: 08-17-2019 12:39 AM
From: Reed
Subject: Warn SQL Errors after v9.4 Upgrade

I just upgraded one of my clustered gateways from v9.2 to v9.4.  

I had no issues with the patching but after the patching 9.3 platform / 9.4 platform / 9.4 Appliance I am seeing a ton of these error / warning messages in the Gateway node logs.

2019-08-17T05:30:45.906+0100 WARNING 133 STDERR: 4561303 [com.mchange.v2.async.ThreadPoolAsynchronousRunner$PoolThread-#3] WARN MySQL - Establishing SSL connection without server's identity verification is not recommended. According to MySQL 5.5.45+, 5.6.26+ and 5.7.6+ requirements SSL connection must be established by default if explicit option isn't set. For compliance with existing applications not using SSL the verifyServerCertificate property is set to 'false'. You need either to explicitly disable SSL by setting useSSL=false, or set useSSL=true and provide truststore for server certificate verification.

What new parameter or setting am I missing to make thse Warnings go away?  

Gateway is accepting traffic against it so no problems there but I honestly don't like see all these Warnings in the logs.  Any thoughts?

Appreciate the help.

------------------------------
Rick Reed
FedEx Services
------------------------------

This did the Trick.  Thank you very much Mark!
Original Message:
Sent: 08-19-2019 09:24 PM
From: Zhijun He
Subject: Warn SQL Errors after v9.4 Upgrade

Dear Rick,
I see the same problem on my gateway 9.4.
I believe it's due the new mysql 5.7 requires explicit option of useSSL in jdbc url.
The solution below seems to work for me,
1. modify node.properties file (under folder /opt/SecureSpan/Gateway/node/default/etc/conf/)
append one line,

l7.mysql.url.parameters.extra=&useSSL=false

(need to restart gateway)

2. check all your jdbc connections on policy manager (for example, the OTK jdbc connection), ensure useSSL parameter is added to the jdbc url.
for example,
jdbc:mysql://localhost:3306/otk_db?useSSL=false

Regards,
Mark

Original Message:
Sent: 08-17-2019 12:39 AM
From: Reed
Subject: Warn SQL Errors after v9.4 Upgrade

I just upgraded one of my clustered gateways from v9.2 to v9.4.  

I had no issues with the patching but after the patching 9.3 platform / 9.4 platform / 9.4 Appliance I am seeing a ton of these error / warning messages in the Gateway node logs.

2019-08-17T05:30:45.906+0100 WARNING 133 STDERR: 4561303 [com.mchange.v2.async.ThreadPoolAsynchronousRunner$PoolThread-#3] WARN MySQL - Establishing SSL connection without server's identity verification is not recommended. According to MySQL 5.5.45+, 5.6.26+ and 5.7.6+ requirements SSL connection must be established by default if explicit option isn't set. For compliance with existing applications not using SSL the verifyServerCertificate property is set to 'false'. You need either to explicitly disable SSL by setting useSSL=false, or set useSSL=true and provide truststore for server certificate verification.

What new parameter or setting am I missing to make thse Warnings go away?  

Gateway is accepting traffic against it so no problems there but I honestly don't like see all these Warnings in the logs.  Any thoughts?

Appreciate the help.

------------------------------
Rick Reed
FedEx Services
------------------------------