ssl connect: Invalid TLS option: {server_name_indication:...

July 8, 2023

Following this guide from neon.tech on setting up Ecto with Neon I ran into this error:

09:11:48.565 [error] Postgrex.Protocol (#PID<0.435.0>) failed to connect: ** (DBConnection.ConnectionError) ssl connect: Invalid TLS option: {server_name_indication,
                        <<"[my neon db host].us-east-2.aws.neon.tech">>} - {:options, {:server_name_indication, "[my neon db host].us-east-2.aws.neon.tech"}}

This was after using their recommended Ecto configuration:

config :friends, Friends.Repo,
  database: "friends",
  username: "<user>",
  password: "<password>",
  hostname: "ep-billowing-sun-767748.us-west-2.aws.neon.tech",
  ssl: true,
  ssl_opts: [
    server_name_indication: 'ep-billowing-sun-767748.us-west-2.aws.neon.tech',
    verify: :verify_none
  ]

Solution

server_name_indication is a char list, not a string! The single quotes are important! I had been passing in a string from an environment variable like this:

config :danos, Danos.Repo,
  ssl: true,
  ssl_opts: [
    server_name_indication: System.get_env("DATABASE_HOST"),
    verify: :verify_none
  ],

To make it a char list:

config :danos, Danos.Repo,
  ssl: true,
  ssl_opts: [
    server_name_indication: to_char_list(System.get_env("DATABASE_HOST")),
    verify: :verify_none
  ],

And voila, it works!