Trying to connect to an imap server from an app that uses javamail to connect. I can't modify the code, but it's throwing the 'Server chose unsupported or disabled protocol: SSLv3' error, and I can't find a property that I can override to enable that protocol. The server I'm connecting to does not support TLSv1 (yes, it's old).
You should be able to set a specific socket factory using SSLv3 instead of TLSv1 via the mail.smtp.ssl.socketFactory property of JavaMail (see the Socket Factories section in the JavaMail release notes and MailSSLSocketFactory).
Before returning the SSLSocket in your SSLSocketFactory implementation (createSocket), use setEnabledProtocols to allow SSLv3.
Related
I want to enable encryption of data in transit for akka FSM. I am using dnvriend / akka-persistence-jdbc with Mysql. What are the steps involved in enabling ssl for db connections? How do I verify that the data is encrypted? If I use the url parameter useSSL=true, does the connection automatically fallback to non ssl if MySql server doesn't support ssl?
I tried to toggle the switch useSSL in the JDBC url and didn't observe any changes or didn't get any errors.
We are trying to access our MySql RDS instance which is tls1.2 enabled. Our AWS asp.net application server also has tls1.2 protocol enabled. But Application is not able to make connection to database with the error.
We have tried with enabling various Ciphers and also applying .pem files with asp.net connection string. But still can not connect to it. However no connection string is working out for us.
Error: The handshake failed due to an unexpected packet format.
After few changes in the server cipher settings we are now able to connect to the RDS instance using our C# console application (mysql connector latest version)
Below are the findings :
application level (code) changes : None
Server Crypto settings ( using Nartac ) : Best Practices
machine (currently tested from DB server to RDS instance ) TLS version : v1.2 enforced
RDS TLS version : v1.2 enforced
My connection string :
**<add key="conns" value="SERVER=asdf.asdfasdfa.eu-west-1.rds.amazonaws.com;database=FFF;user=FFFF;PASSWORD=p#5sword;SslMode=REQUIRED;"/>**
Output : connection successful
I'm using node-mysql2 and receiving this error message when connecting to a production instance of mysql via a wan:
Server requires auth switch, but no auth switch handler provided
This error is not received when connecting to our local dev server.
Furthmore, connecting to this mysql instance by other means works fine (mysql cli, Toad)
node-mysql2 version: mysql2#1.1.2 installed via npm.
This error was allegedly fixed back in Aug (RC9) https://github.com/sidorares/node-mysql2/pull/331
I'm not very familiar with mysql, Is there a server setting we can change to workaround this issue?
So it turns out this error also occurs with other libraries which give more meaningful error messages, e.g.: Authentication with old password no longer supported, use 4.1 style passwords
Solution from here: https://forums.mysql.com/read.php?38,593423,593423
SET SESSION old_passwords=0;
SET PASSWORD=PASSWORD('YOURDATABASEPASSWORD');
In this way, the client can connect the server without ALPN and use http/2 default.
Is that possible?
Yes it is possible, but the conditions are strict.
Browsers, as of now, do not implement clear-text communication for HTTP/2, so if you use a browser the answer to your question is no: you have to deploy your server with ALPN support if you want browsers to be able to connect.
On the other hand, other clients such as Java clients may be able to connect to a server using clear-text HTTP/2, so for those type of clients the answer to your question is yes: you can deploy a HTTP/2 server without ALPN support.
The Jetty Project [disclaimer, I am a committer] implements a web server and servlet container that support both scenarios: you can enable ALPN for TLS (SSL) HTTP/2 communication so that browsers will be able to connect, and you can also enable clear-text HTTP/2 communication as explained here. See also the Jetty HTTP/2 documentation.
Using as3crypto's TLSSocket it should be possible to connect to an SSL server. However, my server uses a self-signed certificate. How can I configure the client to accept that certificate?
I'm assuming I need to hard-code the cert's fingerprint in the client somewhere (or get it there some way). That's ok.
If as3crypto doesn't support this, other options are welcome.