Welcome! Log In Create A New Profile

Advanced

TCP SSL termination issue on Nginx - for JDBC client

June 19, 2020 03:02AM
Hi there,

I am exploring the features of Nginx features and doing a POC with all the possible use cases. If all goes well, probably there would be a huge investment on the Nginx to use it our cloud based architecture.

Currently exploring an option on TCP SSL termination on Nginx for a SSL connection from Java JDBC client. Facing issues, any guidance would be speed up my POC and complete it.

I'm using nginx on Windows 10 and using the opensource version.

Error.log:
###################
2020/06/19 11:51:51 [debug] 12568#16420: timer delta: 17
2020/06/19 11:51:51 [debug] 12568#16420: posted event 03004310
2020/06/19 11:51:51 [debug] 12568#16420: *1 delete posted event 03004310
2020/06/19 11:51:51 [debug] 12568#16420: *1 SSL handshake handler: 0
2020/06/19 11:51:51 [debug] 12568#16420: *1 SSL_do_handshake: -1
2020/06/19 11:51:51 [debug] 12568#16420: *1 SSL_get_error: 5
2020/06/19 11:51:51 [info] 12568#16420: *1 peer closed connection in SSL handshake while SSL handshaking, client: 127.0.0.1, server: 0.0.0.0:1592
2020/06/19 11:51:51 [debug] 12568#16420: *1 finalize stream session: 500
2020/06/19 11:51:51 [debug] 12568#16420: *1 stream log handler
2020/06/19 11:51:51 [debug] 12568#16420: *1 close stream connection: 368
2020/06/19 11:51:51 [debug] 12568#16420: *1 event timer del: 368: 3409871779
2020/06/19 11:51:51 [debug] 12568#16420: *1 select del event fd:368 ev:768

Error from JDBC Client:
###################
.....
.....
trigger seeding of SecureRandom
done seeding SecureRandom
Using SSLEngineImpl.
SQL State: 08006
IO Error: The Network Adapter could not establish the connection

Java code:
###################
....
....
String url = "jdbc:oracle:thin:@(DESCRIPTION=(ADDRESS=(PROTOCOL=tcps)(HOST=localhost)(PORT=1592))(CONNECT_DATA=(SERVICE_NAME=xe)))";
String user="sys as sysdba";
String pwd="1234";

Properties props = new Properties();
props.setProperty("url", url);
props.setProperty("user", user);
props.setProperty("password", pwd);
props.setProperty("oracle.net.ssl_cipher_suites", "(TLS_DH_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256)");
.....
.....
try (Connection conn=DriverManager.getConnection(url,props)) { //failing on this line of code
....
....

Nginx.conf:
###################

upstream db_backend {
server localhost:1521; #Local database server which is not SSL enabled.
}

server {
listen 1592 ssl;
listen [::]:1592 ssl;
proxy_pass db_backend;

ssl_certificate C:/Users/SivaPannier/Documents/Siva/IBM/Software/openSSL/ssl/certs/nginx-selfsigned.crt;
ssl_certificate_key C:/Users/SivaPannier/Documents/Siva/IBM/Software/openSSL/ssl/nginx-selfsigned.key;
ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_session_cache shared:SSL:20m;
ssl_session_timeout 4h;
ssl_handshake_timeout 30s;
}



Thanks,
Siva P
Subject Author Posted

TCP SSL termination issue on Nginx - for JDBC client

siva.pannier June 19, 2020 03:02AM

Re: TCP SSL termination issue on Nginx - for JDBC client

siva.pannier June 21, 2020 09:42PM

RE: TCP SSL termination issue on Nginx - for JDBC client

Reinis Rozitis June 22, 2020 07:58AM

Re: RE: TCP SSL termination issue on Nginx - for JDBC client

siva.pannier June 22, 2020 01:21PM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 140
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 500 on July 15, 2024
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready