RMySQL to MySQL database (on AWS) SSL connection error after deploying

I saw previous posts on similar issues. I whitelisted the shiny IPs on my AWS security group (as per https://docs.rstudio.com/shinyapps.io/applications.html#firewalls) and I'm still getting the below error:

Failed to connect to database: Error: SSL connection error: error:1425F102:SSL routines:ssl_choose_client_version:unsupported protocol

Previous apps I've deployed connected to the same AWS database without this SSL connection error. This app only started crashing after I redeployed.

Anyone have any ideas?

2 Likes

@mlwin I having the same exact problem. Have you solved this? thanks!!

1 Like

i have exactly the same problem ... after deployed my application on Apr 1, 2021, it crashed.. It worked fine until March 31,2021
no changes in AWS database were done!

Failed to connect to database: Error: SSL connection error: error:1425F102:SSL routines:ssl_choose_client_version:unsupported protocol
Calls: local ... tryCatch -> tryCatchList -> tryCatchOne ->

Anyone can help me with this issue?

1 Like

Hey all. After doing a lot of digging, it seems this is old an issue steming from the MySql version on the AWS server with old versions forcing SSL verification (yaSSL forcing SSL vs OpenSSL defaulting to server settings) -- I scheduled an update to the latest AWS Aurora version and it fixed the "unsupported protocol" error!

But now i'm getting:
error: SSL connection error: error:141A318A:SSL routines:tls_process_ske_dhe:dh key too small

This is due to a security response to the "Logjam" hack, where now DH keys are set to a certain size -- if you're connection does not have the same size key as the server, you get the error.

So I'm going to try and amend my .cnf config file to lower the security level:
CipherString = DEFAULT@SECLEVEL=1

I think OpenSSL defaults to level 1. Will let you know how it goes.

First of all, we apologize for the delay in responding to this ticket. The change from Ubuntu 16.04 to Ubuntu 20.04 has changed the default security settings. We have just pushed out a change to our system that will enable you to work around these connection issues.
To downgrade the openssl security level from 2 to 1, create a new file at the root of your application: .Renviron with these contents

OPENSSL_CONF="/etc/ssl/insecure-openssl.cnf"

Then redeploy your application.

Please note that this workaround should be considered temporary, as it comes with a security risk. We highly recommend that you update your database so it is secure.

1 Like

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.

If you have a query related to it or one of the replies, start a new topic and refer back with a link.