0

MuleSoft version: 4.3.0 AWS-RTF EKS DB: AWS RDS (Aurora MySQL) 5.7

Able to connect to AWS DB from anypoint studio successfully, but unable to connect from RTF EKS Pod.

org.mule.runtime.api.connection.ConnectionException: Could not obtain connection from data source
Caused by: org.mule.db.commons.shaded.api.exception.connection.ConnectionCreationException: Could not obtain connection from data source
Caused by: org.mule.runtime.extension.api.exception.ModuleException: java.sql.SQLException: Cannot get connection for URL jdbc:mysql://<host>:3306/DBNAME?verifyServerCertificate=false&useSSL=true&requireSSL=true : Communications link failure

The last packet successfully received from the server was 99 milliseconds ago. The last packet sent successfully to the server was 94 milliseconds ago.
Caused by: java.sql.SQLException: Cannot get connection for URL jdbc:mysql://<host>:3306/DBNAME?verifyServerCertificate=false&useSSL=true&requireSSL=true : Communications link failure

I'm able to access the DB from EKS by creating a default pod with --image=mysql:5.7. But not from MuleSoft App.

Use cases tried:

 1. verifyServerCertificate=false&useSSL=true&requireSSL=true
 2. verifyServerCertificate=true&useSSL=true&requireSSL=true. (passing truststore in java arguments )

 -Djavax.net.ssl.trustStore=/opt/mule/apps/test-rds/mySqlKeyStore.jks 
 -Djavax.net.ssl.trustStoreType=JKS 
 -Djavax.net.ssl.trustStorePassword=xxxxxx
 (Generated jks file from .pem file using below commands)

openssl x509 -outform der -in us-west-2-bundle.pem -out us-west-2-bundle.der
keytool -import -alias mysql -keystore mySqlKeyStore -file us-west-2-bundle.der

What else am i missing here ? please help

Improve this question
3
  • Can you paste the output of rtfctl status to your question? Commented Dec 23, 2021 at 2:56
  • Where did you define those Java arguments in RTF exactly? Commented Dec 23, 2021 at 3:46
  • @aled on Runtime Manager app settings "jvm" tab Commented Dec 23, 2021 at 17:41

1 Answer 1

Reset to default
0

I'm able to resolve this .

By adding this jvm argument i came to know that its something related to ssl handshake. -M-Djavax.net.debug=ssl

It gave debug logs like this

javax.net.ssl|SEVERE|43|[MuleRuntime].uber.03: [test-rds].uber@org.mule.runtime.module.extension.internal.runtime.config.LifecycleAwareConfigurationInstance.testConnectivity:179 @3781e9a3|2021-12-23 09:55:53.715 PST|TransportContext.java:316|Fatal (HANDSHAKE_FAILURE): Couldn't kickstart handshaking (
"throwable" : {
javax.net.ssl.SSLHandshakeException: No appropriate protocol (protocol is disabled or cipher suites are inappropriate)
enter code here

After going through this question its clear that i need to pass enabledTLSProtocols=TLSv1.2

Why can Java not connect to MySQL 5.7 after the latest JDK update and how should it be fixed? (ssl.SSLHandshakeException: No appropriate protocol)

So here are the params that i passed in DB Config

<db:connection-properties >                 
                <db:connection-property key="verifyServerCertificate" value="false" />
                <db:connection-property key="useSSL" value="true" />
                <db:connection-property key="requireSSL" value="true" />
                <db:connection-property key="enabledTLSProtocols" value="TLSv1.2" />
            </db:connection-properties>
enter code here

Even after adding the enabledTLSProtocols flag ,if you are getting error make sure the DB Version is correct (I had issue with non-prod and prod)

Non-Prod: MySQL 5.7 worked fine

Prod: MySQL 5.6 didn't work even with enabledTLSProtocols. I had to update DB to 5.7 to make it work

Thank you , Hope it helps someone

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.