Hi there,
I am exploring the features of Nginx features and doing a POC with all the possible use cases. If all goes well, probably there would be a huge investment on the Nginx to use it our cloud based architecture.
Currently exploring an option on TCP SSL termination on Nginx for a SSL connection from Java JDBC client. Facing issues, any guidance would be speed up my POC and complete it.
I'm using nginx on Windows 10 and using the opensource version.
Error.log:
###################
2020/06/19 11:51:51 [debug] 12568#16420: timer delta: 17
2020/06/19 11:51:51 [debug] 12568#16420: posted event 03004310
2020/06/19 11:51:51 [debug] 12568#16420: *1 delete posted event 03004310
2020/06/19 11:51:51 [debug] 12568#16420: *1 SSL handshake handler: 0
2020/06/19 11:51:51 [debug] 12568#16420: *1 SSL_do_handshake: -1
2020/06/19 11:51:51 [debug] 12568#16420: *1 SSL_get_error: 5
2020/06/19 11:51:51 [info] 12568#16420: *1 peer closed connection in SSL handshake while SSL handshaking, client: 127.0.0.1, server: 0.0.0.0:1592
2020/06/19 11:51:51 [debug] 12568#16420: *1 finalize stream session: 500
2020/06/19 11:51:51 [debug] 12568#16420: *1 stream log handler
2020/06/19 11:51:51 [debug] 12568#16420: *1 close stream connection: 368
2020/06/19 11:51:51 [debug] 12568#16420: *1 event timer del: 368: 3409871779
2020/06/19 11:51:51 [debug] 12568#16420: *1 select del event fd:368 ev:768
Error from JDBC Client:
###################
.....
.....
trigger seeding of SecureRandom
done seeding SecureRandom
Using SSLEngineImpl.
SQL State: 08006
IO Error: The Network Adapter could not establish the connection
Java code:
###################
....
....
String url = "jdbc:oracle:thin:@(DESCRIPTION=(ADDRESS=(PROTOCOL=tcps)(HOST=localhost)(PORT=1592))(CONNECT_DATA=(SERVICE_NAME=xe)))";
String user="sys as sysdba";
String pwd="1234";
Properties props = new Properties();
props.setProperty("url", url);
props.setProperty("user", user);
props.setProperty("password", pwd);
props.setProperty("oracle.net.ssl_cipher_suites", "(TLS_DH_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256)");
.....
.....
try (Connection conn=DriverManager.getConnection(url,props)) { //failing on this line of code
....
....
Nginx.conf:
###################
upstream db_backend {
server localhost:1521; #Local database server which is not SSL enabled.
}
server {
listen 1592 ssl;
listen [::]:1592 ssl;
proxy_pass db_backend;
ssl_certificate C:/Users/SivaPannier/Documents/Siva/IBM/Software/openSSL/ssl/certs/nginx-selfsigned.crt;
ssl_certificate_key C:/Users/SivaPannier/Documents/Siva/IBM/Software/openSSL/ssl/nginx-selfsigned.key;
ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_session_cache shared:SSL:20m;
ssl_session_timeout 4h;
ssl_handshake_timeout 30s;
}
Thanks,
Siva P