no worries around it.
Cockroach itself provides great support to run within kubernetes / running in multiple availability zones with automated sharding. (not the average use case^^)
whenever it will be fixed on the cockroach side https://github.com/cockroachdb/cockroach/issues/40963?version=v20.2 then I will of course report here if it works.
So far we are using fusionauth with cockroachdb and this is the only error that has pooped up till now.
you can add to the database_url: ?ssl=true&sslmode=require (pick the mode you actually require)
if your server supports tls1.3+ you should force 1.2 on the client:
FUSIONAUTH_APP_ADDITIONAL_JAVA_ARGS="-Djdk.tls.client.protocols=TLSv1.2"
(https://fusionauth.io/community/forum/topic/938/secure-db-connection-with-tls-1-3/4?_=1629097757303)
Hi,
has anyone used Fusionauth in Traefik to secure container access through forwardauth middleware?
https://doc.traefik.io/traefik/v2.4/middlewares/forwardauth/
trying to figure out right now how to do this.
br Michael
you can add to the database_url: ?ssl=true&sslmode=require (pick the mode you actually require)
if your server supports tls1.3+ you should force 1.2 on the client:
FUSIONAUTH_APP_ADDITIONAL_JAVA_ARGS="-Djdk.tls.client.protocols=TLSv1.2"
(https://fusionauth.io/community/forum/topic/938/secure-db-connection-with-tls-1-3/4?_=1629097757303)
no worries around it.
Cockroach itself provides great support to run within kubernetes / running in multiple availability zones with automated sharding. (not the average use case^^)
whenever it will be fixed on the cockroach side https://github.com/cockroachdb/cockroach/issues/40963?version=v20.2 then I will of course report here if it works.
So far we are using fusionauth with cockroachdb and this is the only error that has pooped up till now.
Would it be possible to change the Query to something like:
DELETE FROM
user_registrations_application_roles
WHERE
user_registrations_id IN
(
SELECT
user_registrations.id
FROM
user_registrations
WHERE
user_registrations.id = user_registrations_application_roles.application_roles_id
(...)
)
So far we are using fusionauth with cockroachdb as our database. PW Logins are working.
Right now the only remaining problem we see is with:
DELETE
FROM user_registrations_application_roles USING user_registrations
WHERE user_registrations_application_roles.user_registrations_id = user_registrations.id AND (...)
^
Hint: You have attempted to use a feature that is not yet implemented.
See: https://go.crdb.dev/issue-v/40963/v20.2
I cannot see the remainder of the query, but would it be possible to remove the "USING"?
Solved by:
- name: FUSIONAUTH_APP_ADDITIONAL_JAVA_ARGS
value: "-Djdk.tls.client.protocols=TLSv1.2"
I am trying to connect to a postgres db system with ssl, the tls1.3 config seems to have something in the certificate so that the handshake fails (all other clients I use with nodejs and python work with it)
jdbc:postgresql://hostname:26257/fusionauth?ssl=true
so far it seems like openjdk had a bug with this https://bugs.openjdk.java.net/browse/JDK-8236039
any ideas of how to solve it?
Caused by: javax.net.ssl.SSLHandshakeException: extension (5) should not be presented in certificate_request
at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:131)
at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:117)
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:312)
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:268)
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:259)
at java.base/sun.security.ssl.SSLExtensions.<init>(SSLExtensions.java:90)
at java.base/sun.security.ssl.CertificateRequest$T13CertificateRequestMessage.<init>(CertificateRequest.java:819)
at java.base/sun.security.ssl.CertificateRequest$T13CertificateRequestConsumer.consume(CertificateRequest.java:923)
at java.base/sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396)
at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:445)
at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:423)
at java.base/sun.security.ssl.TransportContext.dispatch(TransportContext.java:182)
at java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:167)
at java.base/sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1462)
at java.base/sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1370)
at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:437)
at org.postgresql.ssl.MakeSSL.convert(MakeSSL.java:41)