GoogleCloudPlatform
failed to connect to instance: Dial error: handshake failed... tls: either ServerName or InsecureSkipVerify must be specified in the tls.Config
Facing this error with a cloud sql auth proxy connection. The set up is like this -
- Cloud SQL Auth proxy is running on a VM in a VPC which is connected to CloudSQL instance via peering (PSA)
- Cloud SQL has only private IP
- Tested with both SSL enabled and disabled. Same error.
- Command used to start the proxy - ./cloud-sql-proxy --address 0.0.0.0 --port 5498 projectname:region:instancename --private-ip
Error seen in proxy logs - failed to connect to instance: Dial error: handshake failed (connection name ="projectname:region:instancename ") tls: either ServerName or InsecureSkipVerify must be specified in the tls.Config
Hi there @rkja22, Would you mind sharing which version of the proxy are you using? Also, do you have any of these features enabled on your cloud sql instance: Custom Certificate Authority, Custom Subject Alternative Names, MySQL 8.4, or Managed Read Pool?
Cloud SQL Proxy Version - 2.14.3+linux.amd64 do you have any of these features enabled on your cloud sql instance: Custom Certificate Authority, Custom Subject Alternative Names, MySQL 8.4, or Managed Read Pool? -- None. Its a Postgres 16, CloudSQL enterprise instance
@rkja22 ,
Thanks for the answers. That helps narrow down what might be wrong.
Here are a few things you can try:
- Rotate server TLS certificates on your postgres instance
- Upgrade to the latest version of the proxy: https://github.com/GoogleCloudPlatform/cloud-sql-proxy/releases/tag/v2.18.0
Let us know if that worked.
Hi,
Closing this issue for now, please feel free to reopen it with any queries you might have.
