I've encountered a frustrating problem after upgrading to patch 187 for my Redshift cluster. We have a CNAME set up in Route 53 that points to the AWS endpoint for our Redshift cluster, but now we can't establish an SSL connection using that shortened name. We've created a certificate with ACM and verified that it's tied to the correct hostname, plus we've configured Redshift to use this certificate. Despite following all necessary steps, we keep running into SSL errors. However, connecting to the actual endpoint name works fine. It seems like it's switched from TLS 1.2 to TLS 1.3 after the upgrade. Has anyone else experienced a similar issue?
2 Answers
What specific SSL error are you encountering? Switching from TLS 1.2 to 1.3 could affect the ciphers your client is using. If your client has an outdated TLS library (like from a decade ago), that could cause issues, but most libraries are updated regularly and it shouldn’t be a problem. Also, is the shortened name included in the certificate’s name list?
Yeah, we did check the certificate and it actually matches the DNS record we created. The driver is up to date as well. Looking at the old connection logs, we saw successful connections using TLS 1.2, but now it’s showing TLS 1.3 when we connect to the endpoint name. The connection reset error is all we get—no extra details. It's pretty frustrating!
Related Questions
Cloudflare Origin SSL Certificate Setup Guide
How To Effectively Monetize A Site With Ads