The TLSv1 and TLSv1.1 connection protocols were deprecated in Connector/C++ 8.0.26 and now are removed in this release. The removed values are considered invalid for use with connection options and session settings. Connections can be made using the more-secure TLSv1.2 and TLSv1.3 protocols. TLSv1.3 requires that both the server and Connector/C++ be compiled with OpenSSL 1.1.1 or higher. (WL #14816, WL #14818)
Applications that use the legacy JDBC API now can establish connections using multifactor authentication, such that up to three passwords can be specified at connect time. The new
OPT_PASSWORD3connection options are available for specifying the first, second, and third multifactor authentication passwords, respectively.
OPT_PASSWORD1is an alias for the existing
OPT_PASSWORDoption; if both are given,
OPT_PASSWORDis ignored. (WL #14658)
For platforms on which OpenSSL libraries are bundled, the linked OpenSSL library for Connector/C++ has been updated to version 1.1.1l. Issues fixed in the new OpenSSL version are described at https://www.openssl.org/news/cl111.txt and https://www.openssl.org/news/vulnerabilities.html. (Bug #33309902)