Node-postgres: Not connecting to database in version 7.18.1 with ssl=true: unsupported frontend protocol

Created on 30 Jan 2020  路  5Comments  路  Source: brianc/node-postgres

Hi there,

After the new release, version 7.18.1, our production server failed to connect to the database throwing the following error:

error: unsupported frontend protocol 1234.5679: server supports 2.0 to 3.0
at Connection.parseE (/var/app/current/node_modules/pg/lib/connection.js:624:13)
at Connection.parseMessage (/var/app/current/node_modules/pg/lib/connection.js:423:19)
at TLSSocket. (/var/app/current/node_modules/pg/lib/connection.js:139:22)
at TLSSocket.emit (events.js:198:13)
at TLSSocket.EventEmitter.emit (domain.js:448:20)
at addChunk (_stream_readable.js:288:12)
at readableAddChunk (_stream_readable.js:269:11)
at TLSSocket.Readable.push (_stream_readable.js:224:10)
at TLSWrap.onStreamRead [as onread] (internal/stream_base_commons.js:94:17)

DeprecationWarning: Implicit disabling of certificate verification is deprecated and will be removed in pg 8. Specify rejectUnauthorized: true to require a valid CA or rejectUnauthorized: false to explicitly opt out of MITM protection.

I have a nodejs app with express that connects to a database in RDS on AWS. The connection to the database is done with the following url:

postgres://user:[email protected]:5432/database?ssl=true

If I remove the "ssl=true" part it works, but that would mean there connection is not secure, right?

If I go back to use the 7.17.x version my problem is fixed.

Should I add more paramenters to the database url? Or I am missing something else?

Thank you in advance!

picture afontainec

Most helpful comment

See https://www.postgresql.org/docs/current/libpq-ssl.html#LIBPQ-SSL-PROTECTION. If you want your certificate checked (sslmode=verify-full), add this to your pg configuration:

ssl: {
    rejectUnauthorized: true,
},

If you don鈥檛 (sslmode=require):

ssl: {
    rejectUnauthorized: false,
},

The full list of options is at https://nodejs.org/api/tls.html#tls_tls_connect_options_callback if you need to specify your own CA certificate or implement the equivalent of sslmode=verify-ca.

picture charmander on 30 Jan 2020
👍114

All 5 comments

Same issue here, I downgraded pg version to 7.17.7 as well to make it work again.

diegobordeu picture diegobordeu on 30 Jan 2020

Are you sure you鈥檙e using 7.18.1 and not 7.18.0? 7.18.1 was supposed to fix this bug (#2085).

charmander picture charmander on 30 Jan 2020

Sorry, your right the error is in 17.18.0. However in 17.18.1 it shows:

DeprecationWarning: Implicit disabling of certificate verification is deprecated and will be removed in pg 8. Specify rejectUnauthorized: true to require a valid CA or rejectUnauthorized: false to explicitly opt out of MITM protection.

How should I address that issue?

afontainec picture afontainec on 30 Jan 2020

See https://www.postgresql.org/docs/current/libpq-ssl.html#LIBPQ-SSL-PROTECTION. If you want your certificate checked (sslmode=verify-full), add this to your pg configuration:

ssl: {
    rejectUnauthorized: true,
},

If you don鈥檛 (sslmode=require):

ssl: {
    rejectUnauthorized: false,
},

The full list of options is at https://nodejs.org/api/tls.html#tls_tls_connect_options_callback if you need to specify your own CA certificate or implement the equivalent of sslmode=verify-ca.

charmander picture charmander on 30 Jan 2020
👍114

for all of those that fall in here if you are using knex just specify the connection in the following way:

{
  connection: {
     connectionString: <psql connection string>,
     ssl: { rejectUnauthorized: false },
  }
}
rodrigomf24 picture rodrigomf24 on 28 May 2020
👍5 👎2
Was this page helpful?
0 / 5 - 0 ratings

Related issues

dipakdas99 picture dipakdas99  路  3Comments
tonylukasavage picture tonylukasavage  路  4Comments
wrod7 picture wrod7  路  4Comments
gpanainte picture gpanainte  路  3Comments
frmoded picture frmoded  路  3Comments