[ https://issues.apache.org/jira/browse/CASSANDRA-16362?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17253347#comment-17253347 ]
Alexander Dejanovski commented on CASSANDRA-16362: -------------------------------------------------- Hi [~jmeredithco], thanks for issuing a patch. I tested it with Medusa's integration tests and now get the following error: {noformat} WARN 09:57:44,993 Failed to initialize a channel. Closing: [id: 0x61e6eef5] java.lang.IllegalArgumentException: TLSv1.3 at sun.security.ssl.ProtocolVersion.valueOf(ProtocolVersion.java:187) at sun.security.ssl.ProtocolList.convert(ProtocolList.java:84) at sun.security.ssl.ProtocolList.<init>(ProtocolList.java:52) at sun.security.ssl.SSLEngineImpl.setEnabledProtocols(SSLEngineImpl.java:2081) at org.apache.cassandra.tools.BulkLoader$1.newSSLEngine(BulkLoader.java:276) at com.datastax.driver.core.RemoteEndpointAwareJdkSSLOptions.newSSLHandler(RemoteEndpointAwareJdkSSLOptions.java:62) at com.datastax.driver.core.Connection$Initializer.initChannel(Connection.java:1700) at com.datastax.driver.core.Connection$Initializer.initChannel(Connection.java:1644) at com.datastax.shaded.netty.channel.ChannelInitializer.initChannel(ChannelInitializer.java:113) at com.datastax.shaded.netty.channel.ChannelInitializer.handlerAdded(ChannelInitializer.java:105) at com.datastax.shaded.netty.channel.DefaultChannelPipeline.callHandlerAdded0(DefaultChannelPipeline.java:593) at com.datastax.shaded.netty.channel.DefaultChannelPipeline.access$000(DefaultChannelPipeline.java:44) at com.datastax.shaded.netty.channel.DefaultChannelPipeline$PendingHandlerAddedTask.execute(DefaultChannelPipeline.java:1357) at com.datastax.shaded.netty.channel.DefaultChannelPipeline.callHandlerAddedForAllHandlers(DefaultChannelPipeline.java:1092) at com.datastax.shaded.netty.channel.DefaultChannelPipeline.invokeHandlerAddedIfNeeded(DefaultChannelPipeline.java:642) at com.datastax.shaded.netty.channel.AbstractChannel$AbstractUnsafe.register0(AbstractChannel.java:456) at com.datastax.shaded.netty.channel.AbstractChannel$AbstractUnsafe.access$200(AbstractChannel.java:378) at com.datastax.shaded.netty.channel.AbstractChannel$AbstractUnsafe$1.run(AbstractChannel.java:428) at com.datastax.shaded.netty.util.concurrent.SingleThreadEventExecutor.runAllTasks(SingleThreadEventExecutor.java:399) at com.datastax.shaded.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:464) at com.datastax.shaded.netty.util.concurrent.SingleThreadEventExecutor$2.run(SingleThreadEventExecutor.java:131) at com.datastax.shaded.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30) at java.lang.Thread.run(Thread.java:748) All host(s) tried for query failed (tried: localhost/127.0.0.1:9042 (com.datastax.driver.core.exceptions.TransportException: [localhost/127.0.0.1:9042] Cannot connect)) com.datastax.driver.core.exceptions.NoHostAvailableException: All host(s) tried for query failed (tried: localhost/127.0.0.1:9042 (com.datastax.driver.core.exceptions.TransportException: [localhost/127.0.0.1:9042] Cannot connect)) at com.datastax.driver.core.ControlConnection.reconnectInternal(ControlConnection.java:268) at com.datastax.driver.core.ControlConnection.connect(ControlConnection.java:107) at com.datastax.driver.core.Cluster$Manager.negotiateProtocolVersionAndConnect(Cluster.java:1813) at com.datastax.driver.core.Cluster$Manager.init(Cluster.java:1726) at com.datastax.driver.core.Cluster.init(Cluster.java:214) at com.datastax.driver.core.Cluster.connectAsync(Cluster.java:387) at com.datastax.driver.core.Cluster.connectAsync(Cluster.java:366) at com.datastax.driver.core.Cluster.connect(Cluster.java:311) at org.apache.cassandra.utils.NativeSSTableLoaderClient.init(NativeSSTableLoaderClient.java:75) at org.apache.cassandra.io.sstable.SSTableLoader.stream(SSTableLoader.java:183) at org.apache.cassandra.tools.BulkLoader.load(BulkLoader.java:79) at org.apache.cassandra.tools.BulkLoader.main(BulkLoader.java:51) {noformat} Here's the sstableloader command that is being issued: {noformat} subprocess.CalledProcessError: Command '['/Users/adejanovski/.ccm/repository/githubCOLONjonmeredithSLASHC16362/bin/sstableloader', '-d', '127.0.0.1', '--conf-path', '/Users/adejanovski/.ccm/scenario11/node1/conf/cassandra.yaml', '--username', 'cassandra', '--password', 'cassandra', '--no-progress', '/tmp/medusa-restore-97ec3e11-426a-4924-8bc0-379e99ff2205/system_distributed/repair_history-759fffad624b318180eefa9a52d1f627', '-ts', '/Users/adejanovski/projets/cassandra/thelastpickle/cassandra-medusa/tests/resources/local_with_ssl/generic-server-truststore.jks', '-tspw', 'truststorePass1', '-ks', '/Users/adejanovski/projets/cassandra/thelastpickle/cassandra-medusa/tests/resources/local_with_ssl/127.0.0.1.jks', '-kspw', 'testdata1']' {noformat} Is there a problem with the default SSL protocol version? Should we enforce it when invoking sstableloader? > SSLFactory should initialize SSLContext before setting protocols > ---------------------------------------------------------------- > > Key: CASSANDRA-16362 > URL: https://issues.apache.org/jira/browse/CASSANDRA-16362 > Project: Cassandra > Issue Type: Bug > Components: Tool/bulk load > Reporter: Erik Merkle > Assignee: Jon Meredith > Priority: Normal > Time Spent: 10m > Remaining Estimate: 0h > > Trying to use sstableloader from the latest trunk produced the following > Exception: > {quote} > Exception in thread "main" java.lang.RuntimeException: Could not create SSL > Context. > at > org.apache.cassandra.tools.BulkLoader.buildSSLOptions(BulkLoader.java:261) > at org.apache.cassandra.tools.BulkLoader.load(BulkLoader.java:64) > at org.apache.cassandra.tools.BulkLoader.main(BulkLoader.java:49) > Caused by: java.io.IOException: Error creating/initializing the SSL Context > at > org.apache.cassandra.security.SSLFactory.createSSLContext(SSLFactory.java:184) > at > org.apache.cassandra.tools.BulkLoader.buildSSLOptions(BulkLoader.java:257) > ... 2 more > Caused by: java.lang.IllegalStateException: SSLContext is not initialized > at > sun.security.ssl.SSLContextImpl.engineGetSocketFactory(SSLContextImpl.java:208) > at javax.net.ssl.SSLContextSpi.getDefaultSocket(SSLContextSpi.java:158) > at > javax.net.ssl.SSLContextSpi.engineGetDefaultSSLParameters(SSLContextSpi.java:184) > at javax.net.ssl.SSLContext.getDefaultSSLParameters(SSLContext.java:435) > at > org.apache.cassandra.security.SSLFactory.createSSLContext(SSLFactory.java:178) > ... 3 more > {quote} > I believe this is because of a change to SSLFactory for CASSANDRA-13325 here: > [https://github.com/apache/cassandra/commit/919a8964a83511d96766c3e53ba603e77bca626c#diff-0d569398cfd58566fc56bfb80c971a72afe3f392addc2df731a0b44baf29019eR177-R178] > > I think the solution is to call {{ctx.init()}} before trying to call > {{ctx.getDefaultSSLParameters()}}, essentialy swapping the two lines in the > link above. -- This message was sent by Atlassian Jira (v8.3.4#803005) --------------------------------------------------------------------- To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org