{
  "id": "cloud/gcp-cloud-sql-connection-timeout-ssl",
  "signature": "Error: SQL Server connection timeout after 30 seconds using Cloud SQL Proxy with SSL",
  "signature_zh": "错误：使用 Cloud SQL Proxy 和 SSL 时，SQL Server 连接在 30 秒后超时",
  "regex": "Error: SQL Server connection timeout after 30 seconds using Cloud SQL Proxy with SSL",
  "domain": "cloud",
  "category": "network_error",
  "subcategory": null,
  "root_cause": "Cloud SQL Proxy with SSL enabled can cause connection timeouts when the proxy's SSL handshake is misconfigured or the instance's SSL certificate is not properly trusted, leading to a 30-second default connection timeout.",
  "root_cause_type": "generic",
  "root_cause_zh": "当 Cloud SQL Proxy 启用了 SSL 但 SSL 握手配置错误或实例的 SSL 证书未正确信任时，会导致连接超时，默认超时时间为 30 秒。",
  "versions": [
    {
      "version": "Cloud SQL Proxy 2.8.0",
      "introduced": null,
      "deprecated": null,
      "removed": null,
      "behavior_change": null,
      "status": "active"
    },
    {
      "version": "Cloud SQL for SQL Server 2022",
      "introduced": null,
      "deprecated": null,
      "removed": null,
      "behavior_change": null,
      "status": "active"
    },
    {
      "version": "gcloud CLI 450.0.0",
      "introduced": null,
      "deprecated": null,
      "removed": null,
      "behavior_change": null,
      "status": "active"
    }
  ],
  "os_specific": {},
  "dead_ends": [
    {
      "action": "",
      "why_fails": "The timeout is a symptom, not the root cause; the SSL handshake still fails.",
      "fail_rate": 0.7,
      "condition": "",
      "sources": []
    },
    {
      "action": "",
      "why_fails": "SSL is often required by compliance; disabling it is not a viable fix.",
      "fail_rate": 0.5,
      "condition": "",
      "sources": []
    }
  ],
  "workarounds": [
    {
      "action": "Update the Cloud SQL Proxy to the latest version (e.g., 2.9.0+) and ensure the SSL certificate chain is correctly configured: download the server CA certificate from the GCP Console and pass it via --ssl-ca-path.",
      "success_rate": 0.85,
      "how": "Update the Cloud SQL Proxy to the latest version (e.g., 2.9.0+) and ensure the SSL certificate chain is correctly configured: download the server CA certificate from the GCP Console and pass it via --ssl-ca-path.",
      "condition": "",
      "sources": []
    },
    {
      "action": "Use the Cloud SQL Auth Proxy with the --auto-iam-authn flag to bypass SSL certificate issues when IAM authentication is enabled.",
      "success_rate": 0.75,
      "how": "Use the Cloud SQL Auth Proxy with the --auto-iam-authn flag to bypass SSL certificate issues when IAM authentication is enabled.",
      "condition": "",
      "sources": []
    },
    {
      "action": "Example command: cloud-sql-proxy --ssl-ca-path=/path/to/server-ca.pem INSTANCE_CONNECTION_NAME",
      "success_rate": 0.8,
      "how": "Example command: cloud-sql-proxy --ssl-ca-path=/path/to/server-ca.pem INSTANCE_CONNECTION_NAME",
      "condition": "",
      "sources": []
    }
  ],
  "workarounds_zh": [
    "将 Cloud SQL Proxy 更新到最新版本（例如 2.9.0+），并确保 SSL 证书链配置正确：从 GCP 控制台下载服务器 CA 证书，并通过 --ssl-ca-path 参数传递。",
    "使用 Cloud SQL Auth Proxy 的 --auto-iam-authn 标志，在启用了 IAM 认证时绕过 SSL 证书问题。",
    "示例命令：cloud-sql-proxy --ssl-ca-path=/path/to/server-ca.pem INSTANCE_CONNECTION_NAME"
  ],
  "transition_graph": {
    "leads_to": [],
    "preceded_by": [],
    "frequently_confused_with": []
  },
  "official_doc_url": "https://cloud.google.com/sql/docs/sqlserver/connect-connector",
  "official_doc_section": null,
  "error_code": "CLOUD_SQL_CONNECTION_TIMEOUT",
  "verification_tier": "ai_generated",
  "confidence": 0.85,
  "fix_success_rate": 0.8,
  "resolvable": "true",
  "first_seen": "2023-08-15",
  "last_confirmed": "2024-06-01",
  "last_updated": "2024-06-01",
  "evidence_count": 1,
  "tags": [],
  "locale": "en",
  "aliases": []
}