as the title says I'm facing the error:
WebSocket connection failure. Due to security constraints in your web
browser, the reason for the failure is not available to this Neo4j
Driver…​
My neo4j DB is running on a Ubuntu Linux machine:
Unbungu 20.04.04 LTS, Release 20.04
Neo4j Community Edition, Version 4.4.8
I can connect to the db via:
http://localhost:7474/browser/
but not under
https://localhost:7473/browser/ or bolt+s://localhost:7687
I already tried multiple "solutions" but none of them work.
Here is what I changed in my config.
dbms.default_listen_address=0.0.0.0
dbms.connectors.default_list_address=0.0.0.0
dbms.connector.bolt.enabled=true
dbms.connector.bolt.address=0.0.0.0:7687
dbms.connector.https.enabled=true
dbms.connector.https.listen_address=0.0.0.0:7473
I also generated SSL certificates:
Bolt SSL configuration
dbms.ssl.policy.bolt.enabled=true
dbms.ssl.policy.bolt.base_directory=certificates/bolt
dbms.ssl.policy.bolt.private_key=private.key
dbms.ssl.policy.bolt.public_certificate=public.crt
dbms.ssl.policy.bolt.client_auth=NONE
Https SSL configuration
dbms.ssl.policy.https.enabled=true
dbms.ssl.policy.https.base_directory=certificates/https
dbms.ssl.policy.https.private_key=private.key
dbms.ssl.policy.https.public_certificate=public.crt
dbms.ssl.policy.https.client_auth=NONE
Any ideas?
*Edit: Typo
Related
I am using Ruby 2.3 and Rails 4.2. gem mysql 0.5.3 is installed. When I am trying to deploy the application to Azure Database for MySQL (restriction TLS1.2) and got the error "SSL verification failed" after configuration of database.yml. Then, I just tried to do single connection in command line with the guide https://learn.microsoft.com/en-us/azure/mysql/connect-ruby. The error is:
$ ruby createtable.rb
..........start to connect to database.
TLS version used does not meet minimal requirements for this server. Please use a higher TLS version and retry.
Done.
How do I fix this issue?
By the way, I installed MySQL Community Server 8.0.22 on Azure VM, which is for web server. Connecting to remove MySQL server using Workbench with SSL is working.
Thanks for your help!
Use this to setup the right SSL/TLS to your environment.
When I run any maven command with specified http and https proxy address and port as below:
mvn <command> -Dhttps.proxyHost=<MY.PROXY.HOST.ADDRESS> -Dhttps.proxyPort=<MY_PROXY_PORT> -Dhttp.proxyHost...
It's running without any error.
I want to set those configurations as default for my STS network connections and select the manual Active Provider (see attached screenshot for my configurations),
I think it's not related to the STS versions because I faced the same problem with 3.8 and 4.6 version. Anyway, Here is my STS version
Now, when I try the same maven command without proxy and port arguments, the maven command fails due to a network connection error.
[ERROR] unable to read java.net.ConnectException: Connection timed out
We're trying to upgrade to Phusion Passenger Enterprise edition from the open source version but we're running into an issue. Passenger fails to connect to the licensing server with the following error message:
[ W 2018-03-27 10:20:55.2565 35498/T6 age/Cor/CloudUsageTracker.h:439 ]: Could not contact the Phusion Passenger Enterprise licensing server (HTTP error: Failed to connect to www.phusionpassenger.com port 443: Connection timed out). To ensure proper access to the licensing server, please try these:
- Ensure that your network connection to https://www.phusionpassenger.com works.
- If you can only access https://www.phusionpassenger.com via a proxy, please set the config option 'PassengerCtl licensing_proxy PROXY_URL' (Apache) or 'passenger_ctl licensing_proxy PROXY_URL' (Nginx). 'PROXY_URL' takes the format of protocol://username:password#hostname:port, where 'protocol' is either 'http' or 'socks5'.
We need to use a proxy for all outgoing HTTP connections, so I have added the recommended config option:
passenger_ctl licensing_proxy http://OURPROXY:3128;
However the issue persist with the same error message.
Using curl to hit this URL through the proxy works as expected:
$ curl -x http://OURPROXY:3128 https://www.phusionpassenger.com
We are using nginx with Passenger on Ubuntu 14.04 LTS, Passenger Enterprise is installed from the official APT repository.
What could be causing this error? Any help would be much appreciated.
I have received an answer to this question from the Phusion Passenger support. They had accidentally misspelled the name of the relevant config option in the error message.
The correct way to set this option is:
passenger_ctl licensing_proxy_url http://OURPROXY:3128;
Related to this question, if you want Passenger to check for security updates behind a proxy, you will also need to set that separately:
passenger_security_update_check_proxy http://OURPROXY:3128;
WAS 8.5 full profile isn't officially supported on OSX by IBM so the only option to perform development from OSX is to install stub runtime and connect to WAS installed remotely. I'm trying to install such scenario but something done wrong and can't connect to my WAS.
There's my installation:
On OSX El Capitan Installed:
RAD 9.5 with WAS 8.5 stub runtime (WebSphere Application Server traditional V8.5 stub)
Installed Virtual Box with Ubuntu Desktop edition 14.04
Ubuntu's hostname: anatoly-ubuntu-vm and it's accessible from host, i.e. ping anatoly-ubuntu-vm works fine
On Ubuntu installed:
WAS 8.5 full profile at /opt/IBM/WebSphere
Created AppSrv01 profile at /opt/IBM/WebSphere/AppServer/profiles
WAS installed with root user, IBM Installation Manager required root permission when was started
My connection settings in RAD:
server name: WebSphere Application Server traditional V8.5 stub at anatoly-ubuntu-vm
hostname: anatoly-ubuntu-vm
Runtime environment: WebSphere Application Server traditional V8.5 stub
Connection type:
I've tried RMI 2809 and SOAP 8880 both options didn't work
Enable the server to start remotely is checked and Select the operating system running the remote server: checked Linux option with my username and password. I've tried my regular Ubuntu account and root, both option didn't work.
Server profile path defined as /opt/IBM/WebSphere/AppServer/profiles/AppSrv01
When I try to start server I get the following exception:
The following problems has occurred when starting the server.
CTGRI0001E The application could not establish a connection to
anatoly-ubuntu-vm .
What am I doing wrong?
UPDATE 1:
After I've written this post I've figured out that SSH server isn't installed and configured at all as described here: Requirements for using Remote Execution and Access (RXA) Now, I've installed and it seems like connecting but stuck at 23% at stage Preparing launch delegate, after a while it throw the following error:
The following problems has occurred when starting the server. The
server may not be started in the correct mode. You can restart the
server to desired mode if it is started. CTGRI0075E A file transfer to
or from the system named [anatoly-ubuntu-vm] timed out before the
transfer could complete. The current timeout interval is set to 240000
milliseconds, and might need to be increased.
UPDATE 2:
As I can see despite error message server is started and I even can connect to web console anatoly-ubuntu-vm:9060/console/ibm but it looks that not SOAP connection, neither RMI connection don't work. When I run Test Connection from Settings overview page in RAD, I get the following error:
The connection failed after trying to use all the available connection
types.
Verify the port values are correct and the server has been started. If
the security of the server is enabled, verify the "Security is enabled
on this server" check box is selected, and the user ID and password
are provided. You can specify this in the server editor or when
creating a new server.
For a Technote with details on the most common server connection
problem, see http://www.ibm.com/support/docview.wss?uid=swg21266028.
The last connection attempt failed with the following exception:
ADMC0016E: The system cannot create a SOAP connector to connect to
host anatoly-ubuntu-vm at port 8880.
UPDATE 3
As #DanielBarbarian guessed I tried to run ./wsadmin.sh -port 8880 and it worked and returned
Connected to process "server1" on node anatoly-ubuntu-vmNode01 using SOAP connector; The type of process is: UnManagedProcess`
This is settings of my ports:
UPDATE 4
When I trying to run telnet anatoly-ubuntu-vm 8880 from OSX host I get the following response (ip address changed to non real due to privacy issue):
anatoly-mac:~ anatoly$ telnet anatoly-ubuntu-vm 8880
Trying 192.168.10.10...
Connected to anatoly-ubuntu-vm
Escape character is '^]'.
HTTP/1.1 408 Request Timeout
Content-Type: text/html
Content-Length: 117
Connection: close
<HTML><TITLE>408 - Request Timeout</TITLE><BODY>
<h1>408 Connection timed out while reading request</h1></BODY>
</HTML>Connection closed by foreign host
Firefox v39 will no longer connect to my web application over HTTPS. I'm using Spring Boot with embedded Tomcat and I've made sure I'm using the latest version of Boot (v1.2.5). Firefox shows the following error message:
Secure Connection Failed
An error occurred during a connection to [website]. SSL received a weak ephemeral Diffie-Hellman key in Server Key Exchange handshake message. (Error code: ssl_error_weak_server_ephemeral_dh_key)
I understand this is to protect against a known vulnerability called Logjam. A solution for Tomcat is provided at weakdh.org.
Spring Boot passes SSL configuration to Tomcat via application.properties and as such I have added server.ssl.ciphers to my application.properties as follows:
server.port=443
server.ssl.key-store=/home/ec2-user/boot.p12
server.ssl.key-store-password=...
server.ssl.keyStoreType=PKCS12
server.ssl.keyAlias=...
server.ssl.ciphers=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,TLS_DHE_DSS_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_SHA256,TLS_ECDHE_RSA_WITH_AES_128_SHA,TLS_ECDHE_ECDSA_WITH_AES_128_SHA,TLS_ECDHE_RSA_WITH_AES_256_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_SHA384,TLS_ECDHE_RSA_WITH_AES_256_SHA,TLS_ECDHE_ECDSA_WITH_AES_256_SHA,TLS_DHE_RSA_WITH_AES_128_SHA256,TLS_DHE_RSA_WITH_AES_128_SHA,TLS_DHE_DSS_WITH_AES_128_SHA256,TLS_DHE_RSA_WITH_AES_256_SHA256,TLS_DHE_DSS_WITH_AES_256_SHA,TLS_DHE_RSA_WITH_AES_256_SHA
After restarting boot, I notice the following in my log file:
WARN 2674 [main] --- o.a.t.util.net.jsse.JSSESocketFactory : None of the ciphers specified are supported by the SSL engine : TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, ...
Additionally, connecting using Firefox fails with the following message:
Secure Connection Failed
The connection to [website] was interrupted while the page was loading.
And I see the following in my log file:
javax.net.ssl.SSLHandshakeException: No appropriate protocol (protocol is disabled or cipher suites are inappropriate)
Unfortunately I'm no encryption expert. Can anyone suggest how to fix this? Do I need to recreate my HTTPS certificate?
The solution was to upgrade server Java on the server from 1.7 to 1.8.
sudo yum remove java-1.7.0-openjdk
sudo yum install java-1.8.0
After this was complete, no other configuration was necessary. Not even modyfing Tomcat as per the advice at weakdh.org.