• Home
  • Categories
  • Recent
  • Popular
  • Pricing
  • Contact us
  • Docs
  • Login
FusionAuth
  • Home
  • Categories
  • Recent
  • Popular
  • Pricing
  • Contact us
  • Docs
  • Login

Secure DB Connection with TLS 1.3

Scheduled Pinned Locked Moved
Q&A
0
4
1.3k
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • M
    michael.schramm
    last edited by michael.schramm 4 Nov 2021, 19:11 11 Apr 2021, 18:57

    I am trying to connect to a postgres db system with ssl, the tls1.3 config seems to have something in the certificate so that the handshake fails (all other clients I use with nodejs and python work with it)

    jdbc:postgresql://hostname:26257/fusionauth?ssl=true

    so far it seems like openjdk had a bug with this https://bugs.openjdk.java.net/browse/JDK-8236039

    any ideas of how to solve it?

    Caused by: javax.net.ssl.SSLHandshakeException: extension (5) should not be presented in certificate_request
    at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:131)
    at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:117)
    at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:312)
    at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:268)
    at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:259)
    at java.base/sun.security.ssl.SSLExtensions.<init>(SSLExtensions.java:90)
    at java.base/sun.security.ssl.CertificateRequest$T13CertificateRequestMessage.<init>(CertificateRequest.java:819)
    at java.base/sun.security.ssl.CertificateRequest$T13CertificateRequestConsumer.consume(CertificateRequest.java:923)
    at java.base/sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396)
    at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:445)
    at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:423)
    at java.base/sun.security.ssl.TransportContext.dispatch(TransportContext.java:182)
    at java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:167)
    at java.base/sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1462)
    at java.base/sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1370)
    at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:437)
    at org.postgresql.ssl.MakeSSL.convert(MakeSSL.java:41)

    1 Reply Last reply Reply Quote 0
    • M
      michael.schramm
      last edited by 11 Apr 2021, 19:20

      Solved by:

              - name: FUSIONAUTH_APP_ADDITIONAL_JAVA_ARGS
          value: "-Djdk.tls.client.protocols=TLSv1.2"
      1 Reply Last reply Reply Quote 0
      • J
        joshua
        last edited by 13 Apr 2021, 17:09

        Thanks for sharing @michael-schramm! Glad you got it working!

        -Josh

        1 Reply Last reply Reply Quote 0
        • D
          dan
          last edited by 15 Apr 2021, 15:19

          Looks like this is fixed in openjdk 15, so will be picked up when we roll that out (no timeline, but we are on 14 now).

          --
          FusionAuth - Auth for devs, built by devs.
          https://fusionauth.io

          1 Reply Last reply Reply Quote 0
          2 out of 4
          • First post
            2/4
            Last post