AWS Lambda Node 12.x with TLS 1.0

After upgrading my Lambda functions from Node 10.x to 12.x, I saw the following error in my logs:

Database error: SequelizeConnectionError: 139767860377472:error:1425F102:SSL routines:ssl_choose_client_version:unsupported protocol:../deps/openssl/openssl/ssl/statem/statem_lib.c:1929:

Clearly my Lambda function was having trouble negotiating a TLS connection to an RDS instance. Because this is an older MySQL RDS instance (version 5.6), the newer TLS versions (1.1+) are not supported.

Some Googling suggested to add the following CLI flag when starting Node:

--tls-min-v1.0

However, we don’t have control over the CLI flags in Lambda. Fortunately, Node has an environment variable we can use instead:

NODE_OPTIONS=--tls-min-v1.0

Add this as an environment variable and your TLS errors should go away.

Side note: upgrade that endpoint to use TLS 1.2+!

Founder of @CloudSploit , acquired by @AquaSecTeam . Former Infra / Security / Manager @Adobe , @Aviary & @Mozilla intern, @RITtigers grad, @NYC resident