RDS SSL error

0

Hi,

I am trying to connect to RDS through Lambda NodeJS 12.x with SSL. However I am receiving these errors:

  Error: 4506652096:error:1425F102:SSL routines:ssl_choose_client_version:unsupported protocol:
  library: 'SSL routines',
  function: 'ssl_choose_client_version',
  reason: 'unsupported protocol',
  code: 'HANDSHAKE_SSL_ERROR'

I am connecting like this:

const pool  = mysql.createPool({
  connectionLimit     : 10,
  host                : 'db.cqgcxllqwqnk.eu-central-1.rds.amazonaws.com',
  ssl                 : {
    ca                : fs.readFileSync(__dirname + '/rds-ca-2019-root.pem')
  },
  user                : ‘xxxxx’,
  password            : ‘xxxxxx’,
  database            : ‘xxxxxx’,
  multipleStatements  : true
});

When I connect with the certificate through MySql Workbench everything works just fine.

Any idea on how to solve this?

Thanks a lot!

KasperS
asked 4 years ago471 views
4 Answers
0

Hi,

Ensure that your Lambda function has the necessary role attached to it, to be allow it connect to the RDS instance located in your VPC [1].

Also make sure that the client's certificate matches the database instances certificate, in your case the rds-ca-2019 is being used with the lambda, the RDS instance should also make user of this certificate. If your instance was launched after 14 January 2020 it would already have the latest certitifcate [2]

Hope this is of some help
/MrK

References:
[1] https://docs.aws.amazon.com/lambda/latest/dg/services-rds-tutorial.html
[2] https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.SSL-certificate-rotation.html

MrK
answered 4 years ago
0

Hi MrK,

Thank you for your reply. Unfortunately those are not the issues as I can connect just fine without SSL and the database is updated to use the new certificate. As mentioned I connect with that certificate just fine through MySQL WorkBench.

KasperS
answered 4 years ago
0

I am experiencing the same issue, did you get it resolved?

answered 4 years ago
0

The MySQL version was too old, needed to upgrade (I upgraded to 8)

KasperS
answered 3 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions