SSL Connection to MySQL Azure failing in Node.js application

Question

Following all of the documentation Microsoft provides for their new Azure MySQL product, I keep getting the same error

Error: 140736265921472:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:../deps/openssl/openssl/ssl/s23_clnt.c:794

I have tried this on a Linux docker container in case that I had an issue on macOS.

Example code, I have tried this isolated from my app to be sure:

var mysql = require('mysql2');

var conn = mysql.createConnection({
  host: "mydbname.mysql.database.azure.com",
  user: "user@mydbname",
  password: 'password',
  database: 'dbname',
  port: 3306,
  ssl: {
    ca: fs.readFileSync('./BaltimoreCyberTrustRoot.crt'),
  }
});

Documentation I followed:

https://learn.microsoft.com/en-us/azure/mysql/howto-configure-ssl https://learn.microsoft.com/en-us/azure/mysql/howto-connection-string

I have tried both mysql and mysql2 node drivers without success. Anyone solved this?

Did you install mysql2? npm install --save mysql2 – lloiacono May 15 '17 at 12:59 — lloiacono, May 15 '17 at 12:59
I'm having the exact same issue on Windows. Node v6.10.3 – Alex McKenzie May 15 '17 at 20:10 — Alex McKenzie, May 15 '17 at 20:10

TwoCode · Accepted Answer · 2017-05-23T03:50:52.960

4

Thanks for reporting the issue. The bug had been exposed in our internal testings and fixed. We will deploy the fix these several days, and we'll keep you posted. At the mean time, please use non-ssl mode to mitigate if you could. Thanks!

-----Edit-----

Hi, the fix has been deployed. Please try out! Thanks.

edited May 23 '17 at 03:50

answered May 16 '17 at 06:40

TwoCode

127
7

Out of curiosity, what is the fix being implemented? The issues being discussed on github for mysql lib points that there's an issue with authentication switch (which means node can't connect with or w/o SSL). The PR to fix the switch won't fix the SSL issues. Was this because the cert issued wasn't setup for the mysql database domain? Because I noticed that also. – Dave May 18 '17 at 02:19
Hi Dave, there were two issues here. One was node client did not support authentication switch protocol; the other one was our service had a regression talking to node client over SSL connection. The regression was caused by capability flag was not recognized. Thanks for your interest! – TwoCode May 23 '17 at 03:54
Hi, with the same code I now get `Error: unable to get local issuer certificate` with both `mysql` and `mysql2` latest drivers? – sjdweb May 23 '17 at 10:28
1

@sjdweb Can you try pem format root CA instead of crt? Another option is to set `rejectUnauthorized: false` to try to mitigate. – TwoCode May 24 '17 at 08:51
@TwoCode Hi, this has solved my issue. But after a few minutes in my app I see `Error: read ECONNRESET at exports._errnoException (util.js:1050:11) at TLSWrap.onread (net.js:582:26)` though? I saw this on a separate Stackoverflow here in the answer comments, the user still accepted the answer though: https://stackoverflow.com/questions/44210615/cannot-connect-azure-web-app-nodejs-to-azure-mysql – sjdweb Jun 06 '17 at 09:42
Hey @sjdweb, could you help to elaborate on more details? Were you using running queries or keeping connections idle? What was the timestamp you had this issue? Could it be constantly reproduced? – TwoCode Jun 12 '17 at 05:16

SSL Connection to MySQL Azure failing in Node.js application

1 Answers1