Uploaded image for project: 'Red Hat Data Grid'
  1. Red Hat Data Grid
  2. JDG-4763

No SSL client connection established after update to 8.2.1, rejected with 'ssl is null'

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Verified (View Workflow)
    • Priority: Major
    • Resolution: Explained
    • Affects Version/s: RHDG 8.1 CR1, RHDG 8.2.1 GA
    • Fix Version/s: RHDG 8.3 GA
    • Component/s: None
    • Labels:
    • Target Release:
    • Steps to Reproduce:
      Hide

      Configuration

       

      <security>
        <security-realms>
          <security-realm name="default">
            <server-identities>
              <ssl>
                 <keystore path="keystore.jks" keystore-password="XX" .../>
              </ssl>
            </server-identities>

      ...

      <endpoints socket-binding="default" security-realm="default">
        <hotrod-connector name="hotrod">
          <authentication>
            <sasl mechanisms="PLAIN" server-name="infinispan" .../>
          </authentication>
        </hotrod-connector>

      Show
      Configuration   <security>   <security-realms>     <security-realm name="default">       <server-identities>         <ssl>            <keystore path="keystore.jks" keystore-password="XX" .../>         </ssl>       </server-identities> ... <endpoints socket-binding="default" security-realm="default">   <hotrod-connector name="hotrod">     <authentication>       <sasl mechanisms="PLAIN" server-name="infinispan" .../>     </authentication>   </hotrod-connector>
    • Workaround Description:
      Hide

      Use `-Dorg.infinispan.opessl=false`,

      this forces use of JDK SSL instead of the native OpenSSL
       
       
       
       

      Show
      Use `-Dorg.infinispan.opessl=false`, this forces use of JDK SSL instead of the native OpenSSL        
    • Release Notes Text:
      Show
      See https://access.redhat.com/documentation/en-us/red_hat_data_grid/8.2/html-single/red_hat_data_grid_8.2_release_notes/index#rhdg-platform-dependency-issues_issues for a description of the issue and configuration workaround

      Description

      With 8.2 Update #1 the wildfly openssl library is upgraded from 1.0.12 to 2.1.3 to support TLSv1.3.

      After this the clients are not longer able to connect if the endpoint is configured with SSL encryption.

       

      WARN [io.netty.channel.Defa ultChannelPipeline] An exceptionCaught() event was fired, and it reached at the tail of the pipeline. It usually means the last handler in the pipeline did not handle the exception.
      io.netty.handler.codec.DecoderException: java.lang.Illegal StateException: ssl is null

      As a result the user log shows the following:

      Caused by: javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
      at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:992)
      at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375)
      at sun.security.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:747)
      at sun.security.ssl.AppOutputStream.write(AppOutputStream.java:123)
      at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:82)
      at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:140)
      at org.infinispan.client.hotrod.impl.transport.tcp.TcpTransport.flush(TcpTransport.java:203)
      ... 72 more
      Caused by: java.io.EOFException: SSL peer shut down incorrectly
      at sun.security.ssl.InputRecord.read(InputRecord.java:505)
      at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:973)
      ... 78 more

       
       
       
       
       
       
       

        Attachments

          Activity

            People

            Assignee:
            pminz Priyanka Minz
            Reporter:
            wdfink Wolf-Dieter Fink
            Tester:
            Diego Lovison Diego Lovison
            Votes:
            0 Vote for this issue
            Watchers:
            7 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: