Starting in Looker 21.8, we are now updating the default TLS option for connections using the MariaDB JDBC driver. The change will now enable the following three protocols: TLSv1, TLSv1.1, TLSv1.2. Previously, only TLSv1 and TLSv1.1 were enabled by default.
This affects the following dialects:
MySQL
MariaDB
Google Cloud MySQL
Amazon Aurora MySQL
Clustrix
MemSQL
MongoDB Connector for BI.
To check if your database’s SSL library supports TLS 1.2, you can run the following against the database:SHOW GLOBAL VARIABLES LIKE 'tls_version';
In order to disable TLSv1.2 for database connections from Looker, a parameter must be added to the jdbc string. This is done differently depending on whether the connection is an analytics database or Looker’s backend database.
In the “Additional Params” section of the connection’s edit page, you can add the following:
enabledSslProtocolSuites=TLSv1,TLSv1.1
NOTE: This section only applies to Looker instances that are deployed on-prem, and use MySQL with SSL enabled for the backend database.
In the credentials file for the connection to your backend database, you can add the following to disable TLSv1.2:
jdbc_additional_params: enabledSslProtocolSuites=TLSv1,TLSv1.1
Also check out the rest of the 21.8 release notes!