I'm having trouble connecting to my Redshift cluster using SSL after upgrading to patch 187. We have a CNAME record set up in Route 53 pointing to the AWS endpoint, but now we can't connect using this shortened name. We've created a certificate via ACM that's validated with the correct hostname and configured Redshift to use it, but we're still encountering SSL errors. Just to clarify, connecting directly to the endpoint works fine without issues. I noticed the upgrade switched us from TLS 1.2 to TLS 1.3. Has anyone else experienced something similar?
2 Answers
What specific SSL error are you seeing? The switch from TLS 1.2 to 1.3 does change the available ciphers, which could potentially lead to compatibility issues if your client is using an older TLS library. Although, it would likely have to be really outdated. I didn't notice any TLS-related changes mentioned in the Redshift patch notes. Also, make sure that the shortened name is included in the certificate's name list.
I can confirm that we experienced a similar issue after the upgrade. We double-checked our cert against the DNS record, and everything matched up. The driver is also fully updated. When we looked into the connection logs, we noticed that while TLS 1.2 was being used successfully before the upgrade, now it shows TLS 1.3 connections. The actual error we received was "Connection Reset" without any further details, which is frustrating.
Related Questions
Cloudflare Origin SSL Certificate Setup Guide
How To Effectively Monetize A Site With Ads