Articles in this section

See more

Connecting to Neo4j AuraDB with Apache Beam (GCP DataFlow)

Pierre Martignon
  • Updated
Follow

Neo4j Aura customers are likely to face some SSL handshake errors when connecting to AuraDB from Apache Beam (GCP Dataflow) when using the default Java settings.

org.neo4j.driver.exceptions.SecurityException: Failed to establish secured connection with the server 
       at org.neo4j.driver.internal.util.Futures.blockingGet(Futures.java:143) 
       at org.neo4j.driver.internal.util.Futures.blockingGet(Futures.java:113) 
       at org.neo4j.driver.internal.InternalDriver.verifyConnectivity(InternalDriver.java:159)
...
Caused by: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
	at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:131)
	at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:117)
	at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:337)
	at java.base/sun.security.ssl.Alert$AlertConsumer.consume(Alert.java:293)
	at java.base/sun.security.ssl.TransportContext.dispatch(TransportContext.java:186)
Because AuraDB supports only the safe TLS ciphers there are some issues based on encryption negotiation when using Java and as such you should check the versions of your JDK 8 or 11 to ensure best performance and support for the encryption.

To ensure the connection can meet the SSL handshake you will need to disable the weak security algorithms (SSLv3, RC4, DES, MD5withRSA, DH keySize < 1024, EC keySize < 224, 3DES_EDE_CBC, anon, NULL) on DataFlow.

To do this you need create a class to implement the JvmInitializer interface and annotate it with 
@AutoService(value = JvmInitializer.class)

The whole class might be something like this:
@AutoService(value = JvmInitializer.class)
public class DataFlowJvmStart implements JvmInitializer {
  @Override
  public void onStartup() {
    Security.setProperty(
        "jdk.tls.disabledAlgorithms",
        "SSLv3, RC4, DES, MD5withRSA, DH keySize < 1024, EC keySize < 224, 3DES_EDE_CBC, anon, NULL");
  }

  @Override
  public void beforeProcessing(PipelineOptions options) {}
}

Beam API picks up this code and will execute the onStartup() method when the DataFlow JVM starts.
This class needs to be included in the classpath of your Dataflow Beam application or indeed in the large jar file archive you'll likely build to run.
Tags: sslTags: tlsTags: dataflowTags: handshakeTags: beamTags: apache beamTags: handshake_failureTags: AuraDBTags: Neo4j AuraTags: Neo4j AuraDB

Related articles

Comments

0 comments

Please sign in to leave a comment.