Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Issue while upgrading application from Stack2 to Stack3 #106

Open
Manu2516789 opened this issue Sep 27, 2022 · 2 comments
Open

Issue while upgrading application from Stack2 to Stack3 #106

Manu2516789 opened this issue Sep 27, 2022 · 2 comments

Comments

@Manu2516789
Copy link

Hi all,

We are trying to upgrade Java applications from Stack2 to Stack3 in our cloud foundry environment
The app uses buildpack version 4.16.1 in both stacks for now.
We have a user provided service connected to the app which is AWS MySQL RDS (5.7.mysql_aurora.2.09.2) version.

This app on stack2 works fine without issues while connected to the user provided service.
But when changing the app from stack2 to 3 with same buildpack gives the error as below while connecting to the RDS :

Caused by: javax.net.ssl.SSLHandshakeException: No appropriate protocol (protocol is disabled or cipher suites are inappropriate)
2022-09-02T14:17:26.11+0200 [APP/PROC/WEB/0] OUT at sun.security.ssl.HandshakeContext.(HandshakeContext.java:171) ~[?:1.8.0_312]
2022-09-02T14:17:26.11+0200 [APP/PROC/WEB/0] OUT at sun.security.ssl.ClientHandshakeContext.(ClientHandshakeContext.java:103) ~[?:1.8.0_312

What changes are done for the same buildpack version but in different stacks which is causing this issue?

When I update the user provided service with the jdbc url with useSSL=false it works in stack 3.

What change can be done in the app and where so tht it can connect to the RDS in stack 3 over TLSv1.2?

We tried:  (-Dhttps.protocols=TLSv1.2 -Dhttps.cipherSuites=TLS_RSA_WITH_AES_256_CBC_SHA256 -Ddeployment.security.TLSv1.2=true ) but without success.
Tried with some spring parameters(server.ssl.enabled-protocols=TLSv1.2, server.ssl.enabled=false, server.ssl.enabled=true) but did not work.

Please let us know what could be the cause and solution for the issue?

The sample app is spring-music which we are using now for testing and trial.
@Manu2516789
Copy link
Author

Hi all,
Is there any update on the above issue?

@dmikusa
Copy link
Member

dmikusa commented Oct 9, 2022

It's hard to say. I don't know what you mean by "stack2" and "stack3". Are you talking about cflinuxfs2 and cflinuxfs3? or something else?

Beyond that, it's difficult because the buildpack you're referencing is very old, no one is going to remember the details of that buildpack. I would recommend using a recent buildpack. Maybe configure it to use an older JVM, so your JVM doesn't change. You do want to try and minimize the number of changes, but at the same time trying to use a very old buildpack with a new CF stack might have its own issues and no one is going to have tested that combination.

Best of luck

@dmikusa dmikusa mentioned this issue Oct 9, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@dmikusa @Manu2516789