Node+RDS+Mysql+SSL Upgrade: Am I Impacted?

Check your ssl version today

You probably have seen the warning letter from AWS since last December. If you work in a sensitive environment (HealthIT for example) and need to access the database securely, usually the connection to the database would use TLS/SSL and database admins would lock it down to require ssl connections.

Who doesn’t have to worry?

• If your node-mysql2 package version is over 2.0.0, you have the latest CA certs in there.
• If you don’t need to use SSL connections, this is rarely the case for production databases and public connections. Production databases should be only connected inside private networks and SSL connections should be enforced.

How do I check?

• ssh or docker exec -it /bin/sh or kubectl exec -it /bin/sh your way into the instance that hosts the code.
• head /app/node_modules/mysql2/lib/constants/ssl_profiles.js
• If you see the following, you are good:

'use strict';
// Certificate for Amazon RDS (Updated for 2019)
// https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.SSL.html
// https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/aurora-serverless.html#aurora-serverless.tls