FusionAuth
    • Home
    • Categories
    • Recent
    • Popular
    • Pricing
    • Contact us
    • Docs
    • Login

    Secure DB Connection with TLS 1.3

    Scheduled Pinned Locked Moved
    Q&A
    0
    4
    1.3k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      michael.schramm
      last edited by michael.schramm

      I am trying to connect to a postgres db system with ssl, the tls1.3 config seems to have something in the certificate so that the handshake fails (all other clients I use with nodejs and python work with it)

      jdbc:postgresql://hostname:26257/fusionauth?ssl=true

      so far it seems like openjdk had a bug with this https://bugs.openjdk.java.net/browse/JDK-8236039

      any ideas of how to solve it?

      Caused by: javax.net.ssl.SSLHandshakeException: extension (5) should not be presented in certificate_request
      at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:131)
      at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:117)
      at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:312)
      at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:268)
      at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:259)
      at java.base/sun.security.ssl.SSLExtensions.<init>(SSLExtensions.java:90)
      at java.base/sun.security.ssl.CertificateRequest$T13CertificateRequestMessage.<init>(CertificateRequest.java:819)
      at java.base/sun.security.ssl.CertificateRequest$T13CertificateRequestConsumer.consume(CertificateRequest.java:923)
      at java.base/sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396)
      at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:445)
      at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:423)
      at java.base/sun.security.ssl.TransportContext.dispatch(TransportContext.java:182)
      at java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:167)
      at java.base/sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1462)
      at java.base/sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1370)
      at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:437)
      at org.postgresql.ssl.MakeSSL.convert(MakeSSL.java:41)

      1 Reply Last reply Reply Quote 0
      • M
        michael.schramm
        last edited by

        Solved by:

                - name: FUSIONAUTH_APP_ADDITIONAL_JAVA_ARGS
          value: "-Djdk.tls.client.protocols=TLSv1.2"
        1 Reply Last reply Reply Quote 0
        • joshuaJ
          joshua
          last edited by

          Thanks for sharing @michael-schramm! Glad you got it working!

          -Josh

          1 Reply Last reply Reply Quote 0
          • danD
            dan
            last edited by

            Looks like this is fixed in openjdk 15, so will be picked up when we roll that out (no timeline, but we are on 14 now).

            --
            FusionAuth - Auth for devs, built by devs.
            https://fusionauth.io

            1 Reply Last reply Reply Quote 0
            • First post
              Last post