RMySQL to MySQL database (on AWS) SSL connection error after deploying

I saw previous posts on similar issues. I whitelisted the shiny IPs on my AWS security group (as per https://docs.rstudio.com/shinyapps.io/applications.html#firewalls) and I'm still getting the below error:

Failed to connect to database: Error: SSL connection error: error:1425F102:SSL routines:ssl_choose_client_version:unsupported protocol

Previous apps I've deployed connected to the same AWS database without this SSL connection error. This app only started crashing after I redeployed.

Anyone have any ideas?

2 Likes

@mlwin I having the same exact problem. Have you solved this? thanks!!

1 Like

i have exactly the same problem ... after deployed my application on Apr 1, 2021, it crashed.. It worked fine until March 31,2021
no changes in AWS database were done!

Failed to connect to database: Error: SSL connection error: error:1425F102:SSL routines:ssl_choose_client_version:unsupported protocol
Calls: local ... tryCatch -> tryCatchList -> tryCatchOne ->

Anyone can help me with this issue?

1 Like

Have same problem with "RMySQL", and "pool", other shinyapps without the use of a database connection works fine

The problem seems to be ubuntu 20

deploys made March 31, and April 1

Error in value[3L] :
Failed to connect to database: Error: SSL connection error: error:1425F102:SSL routines:ssl_choose_client_version:unsupported protocol
Calls: local ... tryCatch -> tryCatchList -> tryCatchOne ->
Execution halted

1 Like

Hey all. After doing a lot of digging, it seems this is old an issue steming from the MySql version on the AWS server with old versions forcing SSL verification (yaSSL forcing SSL vs OpenSSL defaulting to server settings) -- I scheduled an update to the latest AWS Aurora version and it fixed the "unsupported protocol" error!

But now i'm getting:
error: SSL connection error: error:141A318A:SSL routines:tls_process_ske_dhe:dh key too small

This is due to a security response to the "Logjam" hack, where now DH keys are set to a certain size -- if you're connection does not have the same size key as the server, you get the error.

So I'm going to try and amend my .cnf config file to lower the security level:
CipherString = DEFAULT@SECLEVEL=1

I think OpenSSL defaults to level 1. Will let you know how it goes.