bigbang489 opened a new issue #14544: URL: https://github.com/apache/pulsar/issues/14544
I have a pulsar broker (standalone) with TLS encryption enabled behind an Apache TrafficServer proxy. I followed the [docs](https://pulsar.apache.org/docs/en/2.7.0/concepts-proxy-sni-routing/) to setup a java client to subscrible to a topic. However I'm not able to connect to the broker throught the proxy, the error was: `2022-03-03 11:17:25,832 [pulsar-client-io-1-1] WARN org.apache.pulsar.client.impl.ClientCnx - [hdfsslave1.sms.com/172.16.6.190:4443] Got exception io.netty.handler.codec.TooLongFrameException: Adjusted frame length exceeds 5253120: 1213486164 - discarded at io.netty.handler.codec.LengthFieldBasedFrameDecoder.fail(LengthFieldBasedFrameDecoder.java:503) at io.netty.handler.codec.LengthFieldBasedFrameDecoder.failIfNecessary(LengthFieldBasedFrameDecoder.java:489) at io.netty.handler.codec.LengthFieldBasedFrameDecoder.exceededFrameLength(LengthFieldBasedFrameDecoder.java:376) at io.netty.handler.codec.LengthFieldBasedFrameDecoder.decode(LengthFieldBasedFrameDecoder.java:419) ` This is my records.config: `CONFIG proxy.config.http.server_ports STRING 4443:ssl 4080 CONFIG proxy.config.ssl.server.cert.path STRING /opt/ts/etc/trafficserver/certs/ CONFIG proxy.config.ssl.server.private_key.path STRING /opt/ts/etc/trafficserver/certs/ CONFIG proxy.config.http.connect_ports STRING 4443 6651 ` ssl_server_name.config: `server_config = { { fqdn = 'pulsar-ssl', # Forward to Pulsar broker which is listening on 6651 tunnel_route = 'pulsar-ssl:6651' } } ` ssl_multicert.config: `dest_ip=* ssl_cert_name=pulsar.cert.pem ssl_key_name=pulsar.key-pk8.pem ` My client code: ` public static void main(String[] args) throws PulsarClientException { String brokerServiceUrl = "pulsar+ssl://pulsar-ssl:6651/"; String proxyUrl = "pulsar+ssl://hdfsslave1.sms.com:4443"; ClientBuilder clientBuilder = PulsarClient.builder() .serviceUrl(brokerServiceUrl) .tlsTrustCertsFilePath("D:\\bitbucket\\pulsar-project\\pulsarlib\\pulsar-core\\src\\test\\resources\\pulsar-CA\\certs\\ca.cert.pem") .enableTls(true) .allowTlsInsecureConnection(true) .proxyServiceUrl(proxyUrl, ProxyProtocol.SNI) .operationTimeout(1000, TimeUnit.MILLISECONDS); PulsarClient pulsarClient = clientBuilder.build(); Consumer consumer = pulsarClient.newConsumer().topic("non-persistent://public/default/test-proxy-topic").subscriptionType(SubscriptionType.Shared).subscriptionName("test1").subscribe(); consumer.close(); } ` I checked the TLS handshake package and see no SNI extension:  As far as I know, there should be a SNI extension with value 'pulsar-ssl' in TLS handshake packet Pulsar Broker version: 2.9.3 Pulsar Client version: 2.7.0 TrafficServer version: 10.0.0 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
