By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Certificate Authority RDS Certificate Authority (CA) 2019 Update breaks Java Lambda database connection

0

I have Java 11 Lambda's connecting to Aurora PostgreSQL which were broken when I updated my Aurora instance from rds-ca-2019 as recommended by the console. The connections failed with a SSL_handshake error. I've read a lot of (complex!) articles on how to use a pem file (global-bundle.pem in this case) to initialise SSL/TLS in java but wondering is the the recommended solution? Having to do this to connect to Aurora from here on would be a high bar for anyone beginning to use to Java's Lambdas. I have found this aspect of Java to be a black art in the past and I'm not looking forward to attempting the fix. Or maybe there's an update to the Lambda java runtime available or coming?

Topics
ServerlessComputeDatabaseJava Development
Tags
AWS LambdaAurora PostgreSQLJava Development
Language
English
slartibartfast
asked 9 months ago423 views
1 Answer
0

Hi,

As per documentation.

-Amazon Aurora PostgreSQL supports Transport Layer Security (TLS) versions 1.1 and 1.2. We recommend using TLS 1.2 for encrypted connections.

-You should update your clients to ones which support TLS versions 1.1 or 1.2. You should also ensure that your database clients are using only supported ciphers as documented above. Ref: https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/AuroraPostgreSQL.Security.html

-You may experience this issue if you upgrade to rds-ca-ecc384-g1 certificate which Aurora does not support. Rollback to previous certificate. https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.SSL.html

Hope this helps.

rePost-User-6123396
answered 9 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content