Neo4j version: 4.2.6
I have problem using cypher shell after making changes to neo4j.conf:
dbms.default_listen_address=0.0.0.0
dbms.default_advertised_address=abc.com
dbms.connector.bolt.tls_level=REQUIRED
dbms.connector.http.enabled=false
dbms.connector.https.enabled=true
dbms.ssl.policy.bolt.enabled=true
dbms.ssl.policy.bolt.base_directory=certificates/bolt
dbms.ssl.policy.bolt.private_key=private.key
dbms.ssl.policy.bolt.public_certificate=public.crt
dbms.ssl.policy.bolt.client_auth=NONE
dbms.ssl.policy.https.enabled=true
dbms.ssl.policy.https.base_directory=certificates/https
dbms.ssl.policy.https.private_key=private.key
dbms.ssl.policy.https.public_certificate=public.crt
dbms.ssl.policy.https.client_auth=NONE
Using browser, abc.com:7473 works fine and abc.com:7687 returns not a WebSocket handshake request: missing upgrade.
# expected error when I call without stating address
$ ./cypher-shell
Connection to the database terminated. Please ensure that your database is listening on the correct host and port and that you have compatible encryption settings both on Neo4j server and driver. Note that the default encryption setting has changed in Neo4j 4.0.
# I tried the following, but they gave the same error
$ ./cypher-shell -a abc.com:7687
$ ./cypher-shell -a neo4j://abc.com:7687
$ ./cypher-shell -a neo4j+s://abc.com:7687
$ ./cypher-shell -a bolt://abc.com:7687
$ ./cypher-shell -a bolt+s://abc.com:7687
This problem goes away if I set dbms.connector.bolt.tls_level=OPTIONAL. Can I understand how I can fix this?
Also I would like to hear your opinion on dbms.default_listen_address=0.0.0.0, to make it more secure, I should change 0.0.0.0 to specific ip right?