Application deployed in Azure Kubernetes Service (AKS) hit Certificates do not conform to algorithm constraints when trying to connect Azure Database for PostgreSQL

Question

Lately I receive news as below :

User's image

When I trying to start my pod in AKS, it hit error as below when trying to connect to Azure Database for PostgreSQL – Flexible Server :

User's image

Is there any idea and ways to fix this problem ?

Answer

If you are using Java, you can adjust the security settings to allow the necessary algorithms. You can do this by modifying the java.security file typically located in the lib/security directory of your Java installation. Add or modify the lines to include the necessary algorithms.


jdk.tls.disabledAlgorithms=SSLv3, RC4, DES, MD5withRSA, DH keySize < 2048

If the problem persists, you can create a custom trust store that includes the necessary certificates and configure your application to use it. This can be done by setting the appropriate JVM options:


-Djavax.net.ssl.trustStore=/path/to/truststore.jks

-Djavax.net.ssl.trustStorePassword=yourTrustStorePassword

You can set environment variables for the pod to specify the use of the updated trust store or to relax certain constraints temporarily (not recommended for production).

Here is an example of how you might update your deployment.yaml for the AKS pod to include environment variables:


apiVersion: apps/v1

kind: Deployment

metadata:

  name: myapp

spec:

  replicas: 1

  selector:

    matchLabels:

      app: myapp

  template:

    metadata:

      labels:

        app: myapp

    spec:

      containers:

      - name: myapp-container

        image: myapp:latest

        env:

        - name: JAVA_OPTS

          value: "-Djavax.net.ssl.trustStore=/path/to/truststore.jks -Djavax.net.ssl.trustStorePassword=yourTrustStorePassword"

Share via

Application deployed in Azure Kubernetes Service (AKS) hit Certificates do not conform to algorithm constraints when trying to connect Azure Database for PostgreSQL

1 answer