After upgrading my Lambda functions from Node 10.x to 12.x, I saw the following error in my logs:

Database error: SequelizeConnectionError: 139767860377472:error:1425F102:SSL routines:ssl_choose_client_version:unsupported protocol:../deps/openssl/openssl/ssl/statem/statem_lib.c:1929:

Clearly my Lambda function was having trouble negotiating a TLS connection to an RDS instance. Because this is an older MySQL RDS instance (version 5.6), the newer TLS versions (1.1+) are not supported.

Some Googling suggested to add the following CLI flag when starting Node:

--tls-min-v1.0

However, we don’t have control over the CLI flags in Lambda. Fortunately, Node has an environment variable we can use instead:

NODE_OPTIONS=--tls-min-v1.0

Add this as an environment variable and your TLS errors should go away.

Side note: upgrade that endpoint to use TLS 1.2+!

Matt Fuller

Founder of @CloudSploit , acquired by @AquaSecTeam . Former Infra / Security / Manager @Adobe , @Aviary & @Mozilla intern, @RITtigers grad, @NYC resident

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store