A few days ago at work, I was investigating a strange issue where one
of our services could not connect to the Azure Managed PostgreSQL
Database from the Kubernetes cluster. Oddly enough, other services of
that cluster did not exhibit this behavior.
org.postgresql.util.PSQLException: The connection attempt failed.
at org.postgresql.core.v3.ConnectionFactoryImpl.openConnectionImpl(ConnectionFactoryImpl.java:315) ~[postgresql-42.2.16.jar!/:42.2.16]
at org.postgresql.core.ConnectionFactory.openConnection(ConnectionFactory.java:51) ~[postgresql-42.2.16.jar!/:42.2.16]
at org.postgresql.jdbc.PgConnection.<init>(PgConnection.java:225) ~[postgresql-42.2.16.jar!/:42.2.16]
at org.postgresql.Driver.makeConnection(Driver.java:465) ~[postgresql-42.2.16.jar!/:42.2.16]
at org.postgresql.Driver.connect(Driver.java:264) ~[postgresql-42.2.16.jar!/:42.2.16]
...
at org.springframework.boot.loader.MainMethodRunner.run(MainMethodRunner.java:49) ~[ehg-hermes.jar:0.13.0-SNAPSHOT]
at org.springframework.boot.loader.Launcher.launch(Launcher.java:107) ~[ehg-hermes.jar:0.13.0-SNAPSHOT]
at org.springframework.boot.loader.Launcher.launch(Launcher.java:58) ~[ehg-hermes.jar:0.13.0-SNAPSHOT]
at org.springframework.boot.loader.JarLauncher.main(JarLauncher.java:88) ~[ehg-hermes.jar:0.13.0-SNAPSHOT]
Caused by: java.io.EOFException: null
at org.postgresql.core.PGStream.receiveChar(PGStream.java:443) ~[postgresql-42.2.16.jar!/:42.2.16]
at org.postgresql.core.v3.ConnectionFactoryImpl.enableGSSEncrypted(ConnectionFactoryImpl.java:436) ~[postgresql-42.2.16.jar!/:42.2.16]
at org.postgresql.core.v3.ConnectionFactoryImpl.tryConnect(ConnectionFactoryImpl.java:144) ~[postgresql-42.2.16.jar!/:42.2.16]
at org.postgresql.core.v3.ConnectionFactoryImpl.openConnectionImpl(ConnectionFactoryImpl.java:213) ~[postgresql-42.2.16.jar!/:42.2.16]
... 46 common frames omitted
As it turns out, it was an issue with the PSQL JDBC driver version
that comes bundled with Spring Boot version 2.3.4-RELEASE. All the
other services were still built with a slightly older release and
therefore used an older PSQL JDBC driver.
The key indicator of what is going on is this method call.
org.postgresql.core.v3.ConnectionFactoryImpl.enableGSSEncrypted
A bit of research led me to a question on StackOverflow that pointed
me in the right direction, and ultimately I ended up on Microsoft’s
Azure documentation. If you scroll down, you will find a
section named "GSS error".
The solution to this problem is simple. If you do not want or cannot
change the Spring Boot or PSQL JDBC driver version, e.g., because of
automated CVE scans that break builds (the reason we upgraded this
one service), then you can solve it with a configuration change.
Append gssEncMode=disable
to the JDBC connection string.
Example: jdbc:postgresql://svc-pdb-name.postgres.database.azure.com:5432/databasename?gssEncMode=disable