Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SSL configuration option enables SSL handshaking regardless of the configuration value #240

Closed
jasperfect opened this issue Dec 23, 2021 · 2 comments
Closed

SSL configuration option enables SSL handshaking regardless of the configuration value #240

jasperfect opened this issue Dec 23, 2021 · 2 comments
Assignees
@mp911de
Labels
type: bug Something isn't working
Milestone
0.8.8.RELEASE

Comments

@jasperfect
Copy link

Bug Report

Versions

  • Driver: 0.8.6-RELEASE
  • Database: MSSQL 2008R2
  • Java: 11
  • OS: Windows2008R2

Current Behavior

As long as the dependency "io.netty:netty-tcnative-boringssl-static:2.0.40.final" exists in class path, then R2DBC always tries to handshaking with MSSQL with SSLv3, then protocol not supported exception pops up.

Steps to reproduce

Input Code 
1. add "io.netty:netty-tcnative-boringssl-static:2.0.40.final" to deps
2. setup R2DBC like below
    @Bean
    fun connectionFactory(): ConnectionFactory = ConnectionFactories.get(
        ConnectionFactoryOptions.builder()
            .option(ConnectionFactoryOptions.DRIVER, "sqlserver")
            .option(ConnectionFactoryOptions.HOST, "localhost")
            .option(ConnectionFactoryOptions.PORT, "1433") 
            .option(ConnectionFactoryOptions.USER, "user")
            .option(ConnectionFactoryOptions.PASSWORD, "pwd")
            .option(ConnectionFactoryOptions.DATABASE, "foo")
            .option(ConnectionFactoryOptions.SSL, false)
            .option(Option.valueOf("sslTunnel"), false)
            .option(Option.valueOf("trustServerCertificate"), true)
            .build()
    )

Expected behavior/code

Set ConnectionFactoryOptions.SSL to false should disable SSL handshaking, even with dependency "io.netty:netty-tcnative-boringssl-static" exists in class path
@mp911de mp911de added the status: waiting-for-triage An issue we've not yet triaged label Jan 7, 2022
@mp911de mp911de self-assigned this Jan 7, 2022
@mp911de mp911de added type: bug Something isn't working and removed status: waiting-for-triage An issue we've not yet triaged labels Jan 11, 2022
@mp911de
Copy link
Member

mp911de commented Jan 11, 2022

This is a bug in MssqlConnectionFactoryProvider. As soon as the SSL option is being configured, the driver enables SSL regardless of the configuration values. If you remove option(ConnectionFactoryOptions.SSL, false), then it will work.

We need to fix this.

@mp911de mp911de changed the title If "io.netty:netty-tcnative-boringssl-static" in class path, then SSL handshaking is always enabled SSL configuration option enables SSL handshaking regardless of the configuration value Jan 11, 2022
@mp911de mp911de added this to the 0.8.8.RELEASE milestone Jan 11, 2022
mp911de added a commit that referenced this issue Jan 11, 2022
@mp911de
Consider SSL configuration option value
137e8c6 
We now enable full SSL only when the SSL configuration option is set to true. Previously, SSL was enabled once the SSL option was present regardless of its value.

[fixes #240]

Signed-off-by: Mark Paluch <mpaluch@vmware.com>
@jasperfect
Copy link
Author

@mp911de Thanks a lot for the fix!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@mp911de mp911de

Labels
type: bug Something isn't working
Projects
None yet
Milestone
0.8.8.RELEASE
Development

No branches or pull requests
2 participants
@mp911de @jasperfect