Uploaded image for project: 'Red Hat Data Grid'
  1. Red Hat Data Grid
  2. JDG-4763

No SSL client connection established after update to 8.2.1, rejected with 'ssl is null'

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Major Major
    • RHDG 8.3 GA
    • RHDG 8.1 CR1, RHDG 8.2.1 GA
    • Server
    • False
    • False
    • Hide
      See https://access.redhat.com/documentation/en-us/red_hat_data_grid/8.2/html-single/red_hat_data_grid_8.2_release_notes/index#rhdg-platform-dependency-issues_issues for a description of the issue and configuration workaround
      Show
      See https://access.redhat.com/documentation/en-us/red_hat_data_grid/8.2/html-single/red_hat_data_grid_8.2_release_notes/index#rhdg-platform-dependency-issues_issues for a description of the issue and configuration workaround
    • Hide

      Use `-Dorg.infinispan.openssl=false`,

      this forces use of JDK SSL instead of the native OpenSSL
       
       
       
       

      Show
      Use `-Dorg.infinispan.openssl=false`, this forces use of JDK SSL instead of the native OpenSSL        
    • Hide

      Configuration

       

      <security>
        <security-realms>
          <security-realm name="default">
            <server-identities>
              <ssl>
                 <keystore path="keystore.jks" keystore-password="XX" .../>
              </ssl>
            </server-identities>

      ...

      <endpoints socket-binding="default" security-realm="default">
        <hotrod-connector name="hotrod">
          <authentication>
            <sasl mechanisms="PLAIN" server-name="infinispan" .../>
          </authentication>
        </hotrod-connector>

      Show
      Configuration   <security>   <security-realms>     <security-realm name="default">       <server-identities>         <ssl>            <keystore path="keystore.jks" keystore-password="XX" .../>         </ssl>       </server-identities> ... <endpoints socket-binding="default" security-realm="default">   <hotrod-connector name="hotrod">     <authentication>       <sasl mechanisms="PLAIN" server-name="infinispan" .../>     </authentication>   </hotrod-connector>

      With 8.2 Update #1 the wildfly openssl library is upgraded from 1.0.12 to 2.1.3 to support TLSv1.3.

      After this the clients are not longer able to connect if the endpoint is configured with SSL encryption.

       

      WARN [io.netty.channel.Defa ultChannelPipeline] An exceptionCaught() event was fired, and it reached at the tail of the pipeline. It usually means the last handler in the pipeline did not handle the exception.
      io.netty.handler.codec.DecoderException: java.lang.Illegal StateException: ssl is null

      As a result the user log shows the following:

      Caused by: javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
      at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:992)
      at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375)
      at sun.security.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:747)
      at sun.security.ssl.AppOutputStream.write(AppOutputStream.java:123)
      at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:82)
      at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:140)
      at org.infinispan.client.hotrod.impl.transport.tcp.TcpTransport.flush(TcpTransport.java:203)
      ... 72 more
      Caused by: java.io.EOFException: SSL peer shut down incorrectly
      at sun.security.ssl.InputRecord.read(InputRecord.java:505)
      at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:973)
      ... 78 more

       
       
       
       
       
       
       

              pminz@redhat.com Priyanka Minz
              rhn-support-wfink Wolf Fink
              Diego Lovison Diego Lovison
              Votes:
              0 Vote for this issue
              Watchers:
              7 Start watching this issue

                Created:
                Updated:
                Resolved: