TCP SSL termination issue on Nginx - for JDBC client

siva.pannier nginx-forum at forum.nginx.org
Fri Jun 19 07:29:56 UTC 2020 

Hi there,

I am exploring the features of Nginx features and doing a POC with all the
possible use cases. If all goes well, probably there would be a huge
investment on the Nginx to use it our cloud based architecture.

Currently exploring an option on TCP SSL termination on Nginx for a SSL
connection from Java JDBC client. Facing issues, any guidance would be speed
up my POC and complete it.

I'm using nginx on Windows 10 and using the opensource version.

Error.log:
###################
2020/06/19 11:51:51 [debug] 12568#16420: timer delta: 17
2020/06/19 11:51:51 [debug] 12568#16420: posted event 03004310
2020/06/19 11:51:51 [debug] 12568#16420: *1 delete posted event 03004310
2020/06/19 11:51:51 [debug] 12568#16420: *1 SSL handshake handler: 0
2020/06/19 11:51:51 [debug] 12568#16420: *1 SSL_do_handshake: -1
2020/06/19 11:51:51 [debug] 12568#16420: *1 SSL_get_error: 5
2020/06/19 11:51:51 [info] 12568#16420: *1 peer closed connection in SSL
handshake while SSL handshaking, client: 127.0.0.1, server: 0.0.0.0:1592
2020/06/19 11:51:51 [debug] 12568#16420: *1 finalize stream session: 500
2020/06/19 11:51:51 [debug] 12568#16420: *1 stream log handler
2020/06/19 11:51:51 [debug] 12568#16420: *1 close stream connection: 368
2020/06/19 11:51:51 [debug] 12568#16420: *1 event timer del: 368:
3409871779
2020/06/19 11:51:51 [debug] 12568#16420: *1 select del event fd:368 ev:768

Error from JDBC Client: 
###################
.....
.....
trigger seeding of SecureRandom
done seeding SecureRandom
Using SSLEngineImpl.
SQL State: 08006
IO Error: The Network Adapter could not establish the connection

Java code:
###################
....
....
		String url =
"jdbc:oracle:thin:@(DESCRIPTION=(ADDRESS=(PROTOCOL=tcps)(HOST=localhost)(PORT=1592))(CONNECT_DATA=(SERVICE_NAME=xe)))";

		String user="sys as sysdba";
		String pwd="1234";
		
		Properties props = new Properties(); 
		props.setProperty("url", url);
		props.setProperty("user", user); 
		props.setProperty("password", pwd); 
		props.setProperty("oracle.net.ssl_cipher_suites",
"(TLS_DH_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256,
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256)");
.....
.....
           try (Connection conn=DriverManager.getConnection(url,props)) {
//failing on this line of code
....
....

Nginx.conf:
###################

    upstream db_backend {
	server localhost:1521; #Local database server which is not SSL enabled.
    }

    server {
        listen        1592 ssl;
	listen [::]:1592 ssl;
        proxy_pass    db_backend;

	ssl_certificate      
C:/Users/SivaPannier/Documents/Siva/IBM/Software/openSSL/ssl/certs/nginx-selfsigned.crt;
	ssl_certificate_key  
C:/Users/SivaPannier/Documents/Siva/IBM/Software/openSSL/ssl/nginx-selfsigned.key;
        ssl_protocols         SSLv3 TLSv1 TLSv1.1 TLSv1.2;
        ssl_ciphers           HIGH:!aNULL:!MD5;
        ssl_session_cache     shared:SSL:20m;
        ssl_session_timeout   4h;
        ssl_handshake_timeout 30s;
    }



Thanks,
Siva P

Posted at Nginx Forum: https://forum.nginx.org/read.php?2,288400,288400#msg-288400

More information about the nginx mailing list