0

I have been connecting .Net Core code from within a Docker container to a Neo4j DB. I tried using Neo4jClient first but ran into issues with the http connection out of the docker container. I then tried the Neo4j.Driver directly with the bolt connection using host.docker.internal to alias localhost. This worked fine. I swapped back to Neo4jClient with bolt (again from within Docker) but its failing with. Thanks for any help.

Neo4j.Driver.V1.ServiceUnavailableException
  HResult=0x80131500
  Message=Connection with the server breaks due to SecurityException: Failed to establish encrypted connection with server bolt://host.docker.internal:7687/.
  Source=Neo4j.Driver

Update: Following Chris Skardon's help below. I switched on ssl for bolt as per section Example 11.2. Enable Bolt SSL. As per instructions here at Neo4j

The code below using Neo4j.Driver directly works and updates the DB with 12 organisations. Its running from within a .Net Core Docker container and using host.docker.internal. I would have expected this not to work without the Encryption config. But it does.

IDriver driver = GraphDatabase.Driver("bolt://host.docker.internal:7687", AuthTokens.Basic("neo4j", "xxxxx"));
IAsyncSession session = driver.AsyncSession(o => o.WithDatabase("neo4j"));

This code using Neo4jClient doesn’t work. I was originally running it within a docker container as above and thought that might be it. But still have a problem with no container

IDriver driver = GraphDatabase.Driver("bolt://localhost:7687", AuthTokens.Basic("neo4j", "xxxxx"), Config.Builder.WithEncryptionLevel(EncryptionLevel.Encrypted).ToConfig());
            var client = new BoltGraphClient(driver);

The exceptions are:

  1. Connection with the server breaks due to SecurityException: Failed to establish encrypted connection with server bolt://localhost:7687/.'
  2. IOException: Authentication failed because the remote party has closed the transport stream.

Nothing appears in the Neo4j logs. I don't have any specific code in the .Net Core API code for supporting SSL and googling the 2nd exception comes back with a lots of incorrect TLS results. So am exploring that.

TimH
  • 83
  • 1
  • 9
  • What versions of the client/driver are you using? And what version of the DB? – Charlotte Skardon Apr 06 '20 at 14:54
  • Apologies should have provided. -- Neo4j 4.0.3 -- Neo4jClient 3.1.0.6 -- Docker Engine 19.03.8 -- .Net Core 3.1.101 – TimH Apr 06 '20 at 18:35
  • I'm not at a computer at the moment, but can you try turning on encryption on the client and give it a whirl, I'm not sure of the syntax offhand, I'll put it properly when I get to – Charlotte Skardon Apr 06 '20 at 18:58

1 Answers1

4

The 4.x versions of Neo4j require Encryption to be set, Neo4jClient doesn't actually provide an easy way to do this, so you'd need to pass in an IDriver instance, like so:

var driver = GraphDatabase.Driver("bolt://localhost:7687", AuthTokens.Basic("neo4j", "neo"), Config.Builder.WithEncryptionLevel(EncryptionLevel.None).ToConfig());
var client = new BoltGraphClient(driver);

EDIT

I've been testing this - and the problem is actually the opposite - you need to turn the encrpytion level to 'None' - unless you actually have an SSL cert setup

Charlotte Skardon
  • 6,220
  • 2
  • 31
  • 42
  • After a lot of googling, this was finally what worked. Even Neo4J's sample hello world application didn't work for local neo4j instance – Arun May 28 '20 at 10:21