- Newest
- Most votes
- Most comments
See the python script on this page.. https://blog.ankitsanghvi.in/migrating-from-mongodb-to-dynamodb-using-aws-dms/
It may help you obtain the A record for DMS
Thanks for your quick response. We still get the error message below:
Test Endpoint failed: Application-Status: 1020912, Application-Message: Failed to create new client connection Failed to connect to database., Application-Detailed-Message: Error verifying connection: 'No suitable servers found (
serverSelectionTryOnce set): [TLS handshake failed: error:14077438:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert internal error calling hello on 'ac-hh3vswm-shard-00-02.b8n6ms2.mongodb.net:27017']'
If test SSL connection locally using "openssl", we can see that TLS handshake is successful nevertheless if we use CA or not. But if we try to use deprecated TLS versions, like 1.0 and 1.1 we get a very similar error to DMS endpoint error
openssl s_client -connect ac-hh3vswm-shard-00-02.b8n6ms2.mongodb.net:27017 -tls1_1 -CAfile /tmp/ISRG-Root-X1.pem
CONNECTED(00000003)
4087DCDC797F0000:error:0A0000BF:SSL routines:tls_setup_handshake:no protocols available:../ssl/statem/statem_lib.c:104:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and written 7 bytes
Verification: OK
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---
Based on it, we can suppose that DMS endpoint for Mongodb uses a deprecated TLS version. Based on message from DMS it's not clear routines:SSL23_GET_SERVER_HELLO:tlsv1
Relevant content
- asked 2 years ago
- asked 4 months ago
- Accepted Answerasked a year ago
- asked 5 years ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 2 years ago