BOLT TLS

[tim-hanssen]

Hi all,

I'm trying to setup a BOLT connection to a Neo4j 4.1.4 server using BOLT TLS encrytion on REQUIRED.

        $config = \PTS\Bolt\Configuration::newInstance()
            ->withCredentials(config('neo4j.master.username'), config('neo4j.master.password'))
            ->withTLSMode(\PTS\Bolt\Configuration::TLSMODE_REQUIRED);

        $listener = new EventListener();

        $this->clientWriter = Neo4jClientBuilder::create()
            ->addConnection('default', 'bolt://'.config('neo4j.master.username').':'.config('neo4j.master.password').'@'.config('neo4j.master.host').':'.config('neo4j.master.port'), $config)
            ->setDefaultTimeout(10)
            ->setMaster('default')
            ->registerEventListener(Neo4jClientEvents::NEO4J_PRE_RUN, [$listener, 'onPreRunWrite'])
            ->build();

        return $this->clientWriter;

The neo4j logs are reporting a unencrypted connection. Any suggestions?

[matas-valuzis]

Looks like TLS mode not working even on older versions of Neo4j. Not sure if it ever worked but I'll investigate some more. If you know how to fix it, feel free to submit a PR with some tests.

[tim-hanssen]

Hey @matas-valuzis I would think we somehow also should need to include a certificate. I'm going to try to test some things too.

[matas-valuzis]

@tim-hanssen Did you manage to set up a testing environment? I'm having issues launching Neo4j with tls mode. I have created a self signed certificate and set dbms.ssl.policy.bolt.enabled=true and it looks like Neo4j is reading the certificate file because it fails to start if it can't read the file due to permissions. I'm testing ssl connection with openssl command: openssl s_client -connect localhost:7687 and it looks like Neo4j is still operating in non tls mode. Do you have a working set up? (preferably docker)