Issue while upgrading application from Stack2 to Stack3
Manu2516789 opened this issue · 2 comments
Hi all,
We are trying to upgrade Java applications from Stack2 to Stack3 in our cloud foundry environment
The app uses buildpack version 4.16.1 in both stacks for now.
We have a user provided service connected to the app which is AWS MySQL RDS (5.7.mysql_aurora.2.09.2) version.
This app on stack2 works fine without issues while connected to the user provided service.
But when changing the app from stack2 to 3 with same buildpack gives the error as below while connecting to the RDS :
Caused by: javax.net.ssl.SSLHandshakeException: No appropriate protocol (protocol is disabled or cipher suites are inappropriate)
2022-09-02T14:17:26.11+0200 [APP/PROC/WEB/0] OUT at sun.security.ssl.HandshakeContext.(HandshakeContext.java:171) ~[?:1.8.0_312]
2022-09-02T14:17:26.11+0200 [APP/PROC/WEB/0] OUT at sun.security.ssl.ClientHandshakeContext.(ClientHandshakeContext.java:103) ~[?:1.8.0_312
What changes are done for the same buildpack version but in different stacks which is causing this issue?
When I update the user provided service with the jdbc url with useSSL=false it works in stack 3.
What change can be done in the app and where so tht it can connect to the RDS in stack 3 over TLSv1.2?
We tried: (-Dhttps.protocols=TLSv1.2 -Dhttps.cipherSuites=TLS_RSA_WITH_AES_256_CBC_SHA256 -Ddeployment.security.TLSv1.2=true ) but without success.
Tried with some spring parameters(server.ssl.enabled-protocols=TLSv1.2, server.ssl.enabled=false, server.ssl.enabled=true) but did not work.
Please let us know what could be the cause and solution for the issue?
The sample app is spring-music which we are using now for testing and trial.
Hi all,
Is there any update on the above issue?
It's hard to say. I don't know what you mean by "stack2" and "stack3". Are you talking about cflinuxfs2
and cflinuxfs3
? or something else?
Beyond that, it's difficult because the buildpack you're referencing is very old, no one is going to remember the details of that buildpack. I would recommend using a recent buildpack. Maybe configure it to use an older JVM, so your JVM doesn't change. You do want to try and minimize the number of changes, but at the same time trying to use a very old buildpack with a new CF stack might have its own issues and no one is going to have tested that combination.
Best of luck