Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

HANDSHAKE_SSL_ERROR when trying to connect to MySQL 5.6 via SSL with Node 12 and Sequelize v6

See original GitHub issue

Issue Description

When I try to connect to a MySQL 5.6 DB hosted on AWS via SSL I receive the following error message (see below)

I suspect that the error could have something to do with the fact that Aurora MySQL 5.6 DBs only support TLS version 1.0 and Node 12 now has a default minimum TLS version of 1.2. As recommended here (https://github.com/nodejs/node/issues/27384) I used the “–tls-min-v1.0” flag when starting my application. Unfortunately that had no effect on the error. This is why I suspect that it COULD have something to do with Sequelize.

Without SSL we can always successfully connect and with MySQL clients (like Heidi DB) we also can access the DB via SSL.

What are you doing?

Environment variable for the cert: DB_CA_PATH=‘./bin/rds-ca-2019-eu-central-1.pem’

const sequelize = new Sequelize({
    host: process.env.DB_HOST,
    database: process.env.DB_NAME,
    username: process.env.DB_USER,
    password: process.env.DB_PASSWORD,
    dialect: 'mysql',
    dialectOptions: {
      ssl: {
        ca: fs.readFileSync(process.env.DB_CA_PATH, "utf8"),
      }
    },
    freezeTableName: true,
    logging: false,
    define: opts
  });

What do you expect to happen?

Successfully connecting to the database.

What is actually happening?

ConnectionError [SequelizeConnectionError]: 20312:error:1425F102:SSL routines:ssl_choose_client_version:unsupported protocol:c:\ws\deps\openssl\openssl\ssl\statem\statem_lib.c:1929:

    at D:\Dev\repos\portal-node\node_modules\sequelize\lib\dialects\mysql\connection-manager.js:122:19
    at tryCatcher (D:\Dev\repos\portal-node\node_modules\bluebird\js\release\util.js:16:23)
    at Promise._settlePromiseFromHandler (D:\Dev\repos\portal-node\node_modules\bluebird\js\release\promise.js:517:31)
    at Promise._settlePromise (D:\Dev\repos\portal-node\node_modules\bluebird\js\release\promise.js:574:18)
    at Promise._settlePromise0 (D:\Dev\repos\portal-node\node_modules\bluebird\js\release\promise.js:619:10)
    at Promise._settlePromises (D:\Dev\repos\portal-node\node_modules\bluebird\js\release\promise.js:695:18)
    at _drainQueueStep (D:\Dev\repos\portal-node\node_modules\bluebird\js\release\async.js:138:12)
    at _drainQueue (D:\Dev\repos\portal-node\node_modules\bluebird\js\release\async.js:131:9)
    at Async._drainQueues (D:\Dev\repos\portal-node\node_modules\bluebird\js\release\async.js:147:5)
    at Immediate.Async.drainQueues [as _onImmediate] (D:\Dev\repos\portal-node\node_modules\bluebird\js\release\async.js:17:14)
    at processImmediate (internal/timers.js:439:21)
    at process.topLevelDomainCallback (domain.js:131:23) {
  name: 'SequelizeConnectionError',
  parent: [Error: 20312:error:1425F102:SSL routines:ssl_choose_client_version:unsupported protocol:c:\ws\deps\openssl\openssl\ssl\statem\statem_lib.c:1929:
  ] {
    library: 'SSL routines',
    function: 'ssl_choose_client_version',
    reason: 'unsupported protocol',
    code: 'HANDSHAKE_SSL_ERROR',
    fatal: true
  },
  original: [Error: 20312:error:1425F102:SSL routines:ssl_choose_client_version:unsupported protocol:c:\ws\deps\openssl\openssl\ssl\statem\statem_lib.c:1929:
  ] {
    library: 'SSL routines',
    function: 'ssl_choose_client_version',
    reason: 'unsupported protocol',
    code: 'HANDSHAKE_SSL_ERROR',
    fatal: true
  }
}

Additional context

Add any other context or screenshots about the feature request here.

Environment

  • Sequelize version: sequelize@6.0.0
  • Node.js version: v12.13.0
  • Operating System: Windows 10

Issue Template Checklist

How does this problem relate to dialects?

  • I think this problem happens regardless of the dialect.
  • [X ] I think this problem happens only for the following dialect(s): MySQL
  • I don’t know, I was using PUT-YOUR-DIALECT-HERE, with connector library version XXX and database version XXX

Would you be willing to resolve this issue by submitting a Pull Request?

  • Yes, I have the time and I know how to start.
  • [X ] Yes, I have the time but I don’t know how to start, I would need guidance.
  • No, I don’t have the time, although I believe I could do it if I had the time…
  • No, I don’t have the time and I wouldn’t even know how to start.

Issue Analytics

  • State:closed
  • Created 4 years ago
  • Comments:5 (1 by maintainers)

github_iconTop GitHub Comments

14reactions
eggerand13commented, Dec 13, 2019

Okay, I can resolve this issue. This issue is not directly Sequelize related but might still help some others in the future so I will post my answer here. It seems that I passed the flag in the wrong way. If you start your application like this, it should work:

node --tls-min-v1.0 ./bin/www

Afterwards you can check if SSL is active by using the following code.

sequelize.query("SHOW STATUS LIKE 'Ssl_cipher'", {
      type: sequelize.QueryTypes.SELECT
    })
    .then((result) => {
      console.log(result[0].Value);
    })
    .catch(e => {
      console.error(e)
    })

When it is not active the output will be empty. When it is active it will print something like this (depending on your configuration): “DHE-RSA-AES256-SHA”

0reactions
pmolericommented, May 26, 2020

@eggerand13 I’ll answer myself. At least the “mysql” driver doesn’t allow to pass every TLS option, only: ca, cert, ciphers, key and passphrase are passed through.

https://github.com/mysqljs/mysql/blob/283425b44bc7a310bf6613d0e112d89080516e55/lib/Connection.js#L463

Read more comments on GitHub >

github_iconTop Results From Across the Web

How To Use Sequelize with Node.js and MySQL - DigitalOcean
In this section, you will connect the Node.js application to the MySQL database using Sequelize. To connect to the database, open server.js for ......
Read more >
Mysql ssl connection handshake error with specific ciphers
I am trying to establish an SSL connection to MySQL (https://github.com/mysqljs/mysql#ssl-options) with Sequelize Dialect options ...
Read more >
MySQL Connection With Node.js Using Sequelize and Express
Configuring MySQL database with sequelize:​​ The combination of node. js and sequelize works based on the configuration.
Read more >
Getting Started with Sequelize for Node.js, Express ... - Medium
NodeJS : We're going to use this to run JavaScript code on the server. I've decided to use the latest version of Node,...
Read more >
Sequelize - Getting Started with bit.io
Sequelize is a modern TypeScript and Node.js ORM for Postgres, MySQL, MariaDB, SQLite and SQL Server, and more. It features solid transaction support, ......
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

Sequelize sum function always rounding to 4 decimal point

Next page

findAndCountAll is not working with DATE_SUB function