Unable to connect from .Net app using Neo4j .Net Driver

Hi!

I have a .Net Forms app which I use for data entry/housekeeping of objects in a neo4j database. I recently added an in-house generated certificate and key to the neo4j server and it works perfectly when I access the neo4j database using a browser. The traffic is encrypted using my certificate just as advertised. However, when I try to connect my application it throws the following exception upon connecting:

Neo4j.Driver.ServiceUnavailableException: 'Connection with the server breaks due to IOException:
Unexpected end of stream when performing handshake, read only returned 0 bytes but expected
4 bytes. Please ensure that your database is listening on the correct host and port and that you
have compatible encryption settings both on Neo4j server and driver. Note that the default encryption setting has changed in Neo4j 4.0.'

IOException: Unexpected end of stream when performing handshake, read only returned 0
bytes but expected 4 bytes.

I start my neo4j server in a Docker Compose stack and both 7473 and 7687 are exposed to the host. Furthermore my fw is open for my subnet (x.y.0.0/16) on those ports.

These are my env variables:

 - NEO4J_server_bolt_enabled=true
 - NEO4J_server_bolt_tls__level=REQUIRED
 - NEO4J_server_http_enabled=false
 - NEO4J_server_https_enabled=true
 - NEO4J_dbms_security_auth__enabled=true
 - NEO4J_dbms_ssl_policy_bolt_enabled=true
 - NEO4J_dbms_ssl_policy_bolt_client__auth=NONE
 - NEO4J_dbms_ssl_policy_bolt_base__directory=/certs
 - NEO4J_dbms_ssl_policy_bolt_private__key=<key>
 - NEO4J_dbms_ssl_policy_bolt_public__certificate=<cert>
 - NEO4J_dbms_ssl_policy_bolt_verify__hostname=false
 - NEO4J_dbms_ssl_policy_bolt_trust__all=true
 - NEO4J_dbms_ssl_policy_https_enabled=true
 - NEO4J_dbms_ssl_policy_https_client__auth=OPTIONAL
 - NEO4J_dbms_ssl_policy_https_base__directory=/certs
 - NEO4J_dbms_ssl_policy_https_private__key=<key>
 - NEO4J_dbms_ssl_policy_https_public__certificate=<cert>
 - NEO4J_dbms_ssl_policy_https_verify__hostname=false
 - NEO4J_dbms_ssl_policy_https_trust__all=true
 - NEO4J_dbms_security_allow__csv__import__from__file__urls=true
 - NEO4J_initial_dbms_default__database=cbrn
 - apoc.export.file.enabled=true
 - apoc.import.file.enabled=true
 - apoc.import.file.use__neo4j__config=true
 - NEO4J_PLUGINS=\[\"apoc\"\]

This is what my neo4j logs during startup:

2023-11-01 12:13:35.217+0000 INFO Logging config in use: Embedded default config 'default-user-logs.xml'
2023-11-01 12:13:35.223+0000 INFO Starting...
2023-11-01 12:13:36.012+0000 INFO This instance is ServerId{09bf3977} (09bf3977-9b81-4572-9b57-9ef5ba449c0e)
2023-11-01 12:13:36.726+0000 INFO ======== Neo4j 5.12.0 ========
2023-11-01 12:13:38.126+0000 INFO Bolt enabled on 0.0.0.0:7687.
2023-11-01 12:13:38.749+0000 INFO HTTPS enabled on 0.0.0.0:7473.
2023-11-01 12:13:38.750+0000 INFO Remote interface available at https://localhost:7473/
2023-11-01 12:13:38.752+0000 INFO id: xxxxxxxx
2023-11-01 12:13:38.753+0000 INFO name: system
2023-11-01 12:13:38.753+0000 INFO creationDate: 2023-10-19T07:18:05.188Z
2023-11-01 12:13:38.753+0000 INFO Started.

What have I missed here?

Hello,
If it is working in the browser, then it is likely your server is configured correctly.
The config of your driver may be wrong.
What scheme and config are you using when configuring your driver?
Additional URI schemes - Upgrade and Migration Guide.

Geeeee... that's it! A simple bolt+ssc://...:7687 did the trick!

Many, many thanks for pointing this out :)