Connecting to Aura with Databricks

Aura customers using Databricks may encounter SSL handshake errors when connecting. You may see errors like this in your logs:

org.neo4j.driver.exceptions.SecurityException: Failed to establish secured connection with the server

This is caused due to a mismatch in allowed encryption ciphers between some versions of Databricks and Aura. The solution is to make a change to the allowed ciphers in your Databricks cluster:

1. Create a script called cluster_init_aura.sh with the following contents:

   #!/bin/sh
   
   PROPERTIES_FILE="/databricks/spark/dbconf/java/extra.security"
   DISABLED_ALGOS="SSLv3, RC4, DES, MD5withRSA, DH keySize < 1024, EC keySize < 224, 3DES_EDE_CBC, anon, NULL"
   
   echo "Configure Databricks java for Aura access"
   
   if [[ -f "${PROPERTIES_FILE}" ]]; then
       echo "setting jdk.tls.disabledAlgorithms..."
       echo "jdk.tls.disabledAlgorithms=${DISABLED_ALGOS}" | tee "${PROPERTIES_FILE}"
   else
       >&2 echo "ERROR failed to find ${PROPERTIES_FILE}"
   fi
   

2. Deploy to S3 or DBFS. We tested using the Data menu -> DBFS -> Upload. You should end up with a file path. In our testing it was dbfs:/FileStore/cluster_init_aura.sh.

3. Stop the cluster (if it's running) or create a new one (but don't start it yet).

4. On the "Init Scripts" screen under Advanced Configuration (might be hidden), add the path to the init script.

5. Start the cluster.

6. Once started, try connecting to Aura.