AWS-RDS Oracle connection fails-SSLHandshakeException: The server selected protocol version TLS10 is not accepted by client preferences [TLS13, TLS12]

Question

I am trying to connect to oracle rds of AWS. It has certificate rds-ca-2019 for which I have generated clientkeystore.jks and using connection wallet it is able to make the connection when I run it from an EC2 VM.

However when I run it from a docker container it does not work.

It throws an error:

SSLHandshakeException: The server selected protocol version TLS10 is not accepted by client preferences [TLS13, TLS12]

So to have it worked I referred: https://aws.amazon.com/blogs/opensource/tls-1-0-1-1-changes-in-openjdk-and-amazon-corretto/

Also javax.net.ssl.SSLHandshakeException: The server selected protocol version TLS10 is not accepted by client preferences [TLS13, TLS12]

Docker content:

FROM ubuntu:21.04

RUN apt-get update && apt-get install openjdk-8-jre -y

COPY myjar-with-dependencies.jar /usr/app/app.jar

RUN mkdir -p /myfile/wallet

COPY cwallet.sso /myfile/wallet/cwallet.sso

RUN mkdir -p /myfile/certificates/

COPY clientkeystore.jks /myfile/certificates/clientkeystore.jks

RUN mkdir -p /myfile/tns

COPY *.ora /myfile/tns/

RUN mkdir -p /myfile/security

COPY custom.java.security /myfile/security

CMD java -jar /usr/app/app.jar \
    -Doracle.net.tns_admin=/myfile/tns \
    -Doracle.net.wallet_location="(SOURCE=(METHOD=file)(METHOD_DATA=(DIRECTORY=/myfile/wallet)))" \
    -Doracle.net.ssl_server_dn_match=true \
    -Doracle.net.SSL_CIPHER_SUITES="(SSL_RSA_WITH_AES_256_CBC_SHA)" \
    -Doracle.net.SSL_CLIENT_AUTHENTICATION=false \
    -Djava.security.properties=/myfile/security/custom.java.security
``

Do you have suggestions to make it work?

For `-Doracle.net.ssl_version1`, is this a typo? And this [link](https://blogs.oracle.com/developers/post/ssl-connection-to-oracle-db-using-jdbc-tlsv12-jks-or-oracle-wallets-122-and-lower) may help — samabcde, Oct 06 '21 at 14:25
No it is not, actually this is what I have copied from the response SQL developer settings and put it in the launch command. Firstly it was running fine from SQL developer, then from ec2 and now I need to make it work from docker as well. — ARINDAM BANERJEE, Oct 06 '21 at 14:40
Interesting, I can't find any document about `oracle.net.ssl_version1`, only `oracle.net.ssl_version` is found. — samabcde, Oct 06 '21 at 14:46
Consider removing it, still the main problem persists. I can try running it from VM where it works well and let you know if it works without that parameter or not. — ARINDAM BANERJEE, Oct 06 '21 at 15:12
Please also compare the java version of between docker and VM. I guess docker has version 8u292 or newer and VM is older than 8u292. — samabcde, Oct 06 '21 at 15:32
I confirm that this argument as no impact during the execution of the jar, hence I have updated the question. The java version used in VM: openjdk version "1.8.0_232" OpenJDK Runtime Environment (build 1.8.0_232-b09) OpenJDK 64-Bit Server VM (build 25.232-b09, mixed mode) and in the docker: openjdk version "1.8.0_292" OpenJDK Runtime Environment (build 1.8.0_292-8u292-b10-0ubuntu1-b10) OpenJDK 64-Bit Server VM (build 25.292-b10, mixed mode) — ARINDAM BANERJEE, Oct 06 '21 at 19:42
So it matches what the document said, you simply try to install the same openjdk version in docker as a workaround first. — samabcde, Oct 07 '21 at 01:35
Might be related: https://stackoverflow.com/questions/67246010/the-server-selected-protocol-version-tls10-is-not-accepted-by-client-preferences — Bruno Medeiros, Feb 07 '22 at 04:21

AWS-RDS Oracle connection fails-SSLHandshakeException: The server selected protocol version TLS10 is not accepted by client preferences [TLS13, TLS12]

0 Answers0