7hong opened a new issue, #20565: URL: https://github.com/apache/pulsar/issues/20565
### Search before asking - [X] I searched in the [issues](https://github.com/apache/pulsar/issues) and found nothing similar. ### Version pulsar: 2.11.1 jdk: 1.8.0_202�� ### Minimal reproduce step pulsar-proxy Enables tls authentication,Write a simple producer program in Java and turn on tls. When I run with jdk8 I get an error, then I change the jdk version to jdk17 and it works fine. I ran multiple tests: jdk8 + pulsar-client-2.11.0(with tls) -> ok jdk8 + pulsar-client-2.11.1(with tls) -> not ok jdk17 + pulsar-client-2.11.0(with tls) -> ok jdk17 + pulsar-client-2.11.1(with tls) -> ok ### What did you expect to see? I expect pulsar-client-2.11.1 to work properly in jdk8 environment and enable tls ### What did you see instead? I get an error when using pulsar-client-2.11.1 (tls enabled) in the jdk8 environment: `2023-06-12 23:26:05,568 (pulsar-client-io-1-1) [DEBUG - org.apache.pulsar.client.impl.ConnectionPool.lambda$createConnection$10(ConnectionPool.java:253)] Removing closed connection from pool: AbstractChannel$CloseFuture@31990d72(success) 2023-06-12 23:26:05,569 (pulsar-client-io-1-1) [WARN - org.apache.pulsar.client.impl.ClientCnx.exceptionCaught(ClientCnx.java:328)] [pulsar-xxx.com/10.146.80.10:6651] Got exception org.apache.pulsar.shade.io.netty.handler.codec.DecoderException: javax.net.ssl.SSLHandshakeException: General OpenSslEngine problem at org.apache.pulsar.shade.io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:499) at org.apache.pulsar.shade.io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:290) at org.apache.pulsar.shade.io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:444) at org.apache.pulsar.shade.io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:420) at org.apache.pulsar.shade.io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:412) at org.apache.pulsar.shade.io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1410) at org.apache.pulsar.shade.io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:440) at org.apache.pulsar.shade.io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:420) at org.apache.pulsar.shade.io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:919) at org.apache.pulsar.shade.io.netty.channel.epoll.AbstractEpollStreamChannel$EpollStreamUnsafe.epollInReady(AbstractEpollStreamChannel.java:800) at org.apache.pulsar.shade.io.netty.channel.epoll.EpollEventLoop.processReady(EpollEventLoop.java:499) at org.apache.pulsar.shade.io.netty.channel.epoll.EpollEventLoop.run(EpollEventLoop.java:397) at org.apache.pulsar.shade.io.netty.util.concurrent.SingleThreadEventExecutor$4.run(SingleThreadEventExecutor.java:997) at org.apache.pulsar.shade.io.netty.util.internal.ThreadExecutorMap$2.run(ThreadExecutorMap.java:74) at org.apache.pulsar.shade.io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30) at java.lang.Thread.run(Thread.java:748) Caused by: javax.net.ssl.SSLHandshakeException: General OpenSslEngine problem at org.apache.pulsar.shade.io.netty.handler.ssl.ReferenceCountedOpenSslEngine.handshakeException(ReferenceCountedOpenSslEngine.java:1907) at org.apache.pulsar.shade.io.netty.handler.ssl.ReferenceCountedOpenSslEngine.wrap(ReferenceCountedOpenSslEngine.java:834) at javax.net.ssl.SSLEngine.wrap(SSLEngine.java:509) at org.apache.pulsar.shade.io.netty.handler.ssl.SslHandler.wrap(SslHandler.java:1041) at org.apache.pulsar.shade.io.netty.handler.ssl.SslHandler.wrapNonAppData(SslHandler.java:927) at org.apache.pulsar.shade.io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1409) at org.apache.pulsar.shade.io.netty.handler.ssl.SslHandler.decodeNonJdkCompatible(SslHandler.java:1247) at org.apache.pulsar.shade.io.netty.handler.ssl.SslHandler.decode(SslHandler.java:1287) at org.apache.pulsar.shade.io.netty.handler.codec.ByteToMessageDecoder.decodeRemovalReentryProtection(ByteToMessageDecoder.java:529) at org.apache.pulsar.shade.io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:468) ... 15 more Caused by: java.lang.IllegalArgumentException: TLSv1.3 at sun.security.ssl.ProtocolVersion.valueOf(ProtocolVersion.java:187) at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:258) at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:136) at org.apache.pulsar.shade.io.netty.handler.ssl.ReferenceCountedOpenSslClientContext$ExtendedTrustManagerVerifyCallback.verify(ReferenceCountedOpenSslClientContext.java:234) at org.apache.pulsar.shade.io.netty.handler.ssl.ReferenceCountedOpenSslContext$AbstractCertificateVerifier.verify(ReferenceCountedOpenSslContext.java:773) at org.apache.pulsar.shade.io.netty.internal.tcnative.CertificateVerifierTask.runTask(CertificateVerifierTask.java:36) at org.apache.pulsar.shade.io.netty.internal.tcnative.SSLTask.run(SSLTask.java:48) at org.apache.pulsar.shade.io.netty.internal.tcnative.SSLTask.run(SSLTask.java:42) at org.apache.pulsar.shade.io.netty.handler.ssl.ReferenceCountedOpenSslEngine.runAndResetNeedTask(ReferenceCountedOpenSslEngine.java:1496) at org.apache.pulsar.shade.io.netty.handler.ssl.ReferenceCountedOpenSslEngine.access$700(ReferenceCountedOpenSslEngine.java:94) at org.apache.pulsar.shade.io.netty.handler.ssl.ReferenceCountedOpenSslEngine$TaskDecorator.run(ReferenceCountedOpenSslEngine.java:1471) at org.apache.pulsar.shade.io.netty.handler.ssl.SslHandler.runDelegatedTasks(SslHandler.java:1549) at org.apache.pulsar.shade.io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1395) ... 19 more` ### Anything else? _No response_ ### Are you willing to submit a PR? - [ ] I'm willing to submit a PR! -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
