Starting in Looker 21.8, we are now updating the default TLS option for connections using the MariaDB JDBC driver. The change will now enable the following three protocols: TLSv1, TLSv1.1, TLSv1.2. Previously, only TLSv1 and TLSv1.1 were enabled by default.

This affects the following dialects: 

• MySQL

• MariaDB

• Google Cloud MySQL

• Amazon Aurora MySQL

• Clustrix

• MemSQL

• MongoDB Connector for BI.

Identifying if your database does not support TLSv1.2

To check if your database’s SSL library supports TLS 1.2, you can run the following against the database:SHOW GLOBAL VARIABLES LIKE 'tls_version';
 

Disabling TLSv1.2

In order to disable TLSv1.2 for database connections from Looker, a parameter must be added to the jdbc string.  This is done differently depending on whether the connection is an analytics database or Looker’s backend database.

Analytics database connection

In the “Additional Params” section of the connection’s edit page, you can add the following:

enabledSslProtocolSuites=TLSv1,TLSv1.1
 

Looker backend database connection

NOTE: This section only applies to Looker instances that are deployed on-prem, and use MySQL with SSL enabled for the backend database. 

In the credentials file for the connection to your backend database, you can add the following to disable TLSv1.2:

jdbc_additional_params: enabledSslProtocolSuites=TLSv1,TLSv1.1

Also check out the rest of the 21.8 release notes!