How to Fix “Public Key Retrieval is not allowed” MySQL JDBC Error

by

If you are developing a Java or Spring Boot application with a MySQL database, you might suddenly encounter this frustrating connection error:

Caused by: java.sql.SQLNonTransientConnectionException: Public Key Retrieval is not allowed

This issue usually triggers right after upgrading to MySQL 8.0+, moving to a new server, or setting up a fresh local development environment.

In this step-by-step guide, you will learn exactly why this error happens and the three easiest ways to fix it in under two minutes.

Why Does “Public Key Retrieval is not allowed” Happen?

Starting with MySQL 8.0, the default authentication plugin switched from mysql_native_password to caching_sha2_password. This newer mechanism requires an RSA public key to securely encrypt user passwords during the authentication process.

If your application connects to the database over an unencrypted channel (where SSL/TLS is turned off), the JDBC driver attempts to ask the MySQL server for its public key automatically. However, for security reasons, the server blocks this request by default.

Because the driver cannot retrieve the key to encrypt your password, the connection fails and throws the SQLNonTransientConnectionException.

Method 1: Update Your JDBC Connection URL (Fastest Fix)

The quickest and most common fix—especially for local development—is to explicitly tell your JDBC driver that it is safe to retrieve the public key and that you want to bypass SSL.

You can do this by appending allowPublicKeyRetrieval=true&useSSL=false to your database connection string.

For Plain Java Applications

Update your connection string in your database configuration class:

String url = "jdbc:mysql://localhost:3306/your_database?allowPublicKeyRetrieval=true&useSSL=false";

For Spring Boot (application.properties)

Add the parameters directly to your datasource URL line:

spring.datasource.url=jdbc:mysql://localhost:3306/your_database?allowPublicKeyRetrieval=true&useSSL=false

For Spring Boot (application.yml)

If you use YAML configuration, format your configuration like this:

spring:
  datasource:
    url: jdbc:mysql://localhost:3306/your_database?allowPublicKeyRetrieval=true&useSSL=false

Method 2: Fix the Error in Database GUI Clients (DBeaver, DataGrip)

If you are seeing this error while trying to connect through a database GUI tool like DBeaver or IntelliJ DataGrip, you do not need to change code. You just need to flip a couple of driver settings.

Steps for DBeaver:

  1. Right-click on your database connection in the sidebar and select Edit Connection.
  2. Click on the Driver properties tab.
  3. Scroll down or use the search bar to locate the property named allowPublicKeyRetrieval and change its value to true.
  4. Locate the property named useSSL and change its value to false.
  5. Click Test Connection to verify, then click OK to save.

Method 3: Change User Authentication (Best for Production)

While Method 1 and 2 work perfectly for local development, disabling SSL (useSSL=false) is not recommended for production environments because it sends data across the network unencrypted.

If you need a secure alternative without altering connection parameters, you can downgrade the specific MySQL user’s authentication method back to the legacy native password plugin.

Open your MySQL terminal or workbench as an admin user and run these commands:

-- Replace 'your_db_user' and 'your_password' with your actual database details
ALTER USER 'your_db_user'@'localhost' IDENTIFIED WITH mysql_native_password BY 'your_password';

-- Clear the privileges cache to apply changes immediately
FLUSH PRIVILEGES;

Once this SQL script runs, the database user will use the classic handshake, bypassing the need for RSA public key retrieval entirely.

Summary Checklist

EnvironmentRecommended FixParameter / Command to Use
Local DevModify Connection StringallowPublicKeyRetrieval=true&useSSL=false
GUI ClientsEdit Driver PropertiesFlip allowPublicKeyRetrieval to true
ProductionAlter MySQL UserIDENTIFIED WITH mysql_native_password

By applying one of these methods, your Java application will seamlessly connect to your MySQL 8 database without any authentication interruptions.

Related Posts:

Sharing Is Caring: