AWS Lambda Node 12.x with TLS 1.0
After upgrading my Lambda functions from Node 10.x to 12.x, I saw the following error in my logs:
Database error: SequelizeConnectionError: 139767860377472:error:1425F102:SSL routines:ssl_choose_client_version:unsupported protocol:../deps/openssl/openssl/ssl/statem/statem_lib.c:1929:
Clearly my Lambda function was having trouble negotiating a TLS connection to an RDS instance. Because this is an older MySQL RDS instance (version 5.6), the newer TLS versions (1.1+) are not supported.
Some Googling suggested to add the following CLI flag when starting Node:
However, we don’t have control over the CLI flags in Lambda. Fortunately, Node has an environment variable we can use instead:
Add this as an environment variable and your TLS errors should go away.
Side note: upgrade that endpoint to use TLS 1.2+!