[
https://issues.apache.org/jira/browse/HADOOP-19260?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17878574#comment-17878574
]
Steve Loughran commented on HADOOP-19260:
-----------------------------------------
Stack. Note I suspect there's a proxy in the way causing the mismatch
{code}
24/08/23 15:35:41 DEBUG services.AbfsIoUtils: Content-Type=
24/08/23 15:35:42 DEBUG services.AbfsClient: HttpRequestFailure:
0,,,cid=:CID::PC:6,rid=,sent=0,recv=0,HEAD,https://container.dfs.core.windows.net/data/?upn=false&action=getAccessControl&timeout=90,
{}
javax.net.ssl.SSLHandshakeException: No negotiable cipher suite
at
sun.security.ssl.ClientHello$ClientHelloKickstartProducer.produce(ClientHello.java:538)
at sun.security.ssl.SSLHandshake.kickstart(SSLHandshake.java:510)
at
sun.security.ssl.ClientHandshakeContext.kickstart(ClientHandshakeContext.java:112)
at
sun.security.ssl.TransportContext.kickstart(TransportContext.java:238)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:433)
at
sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:559)
at
sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:197)
at
sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1572)
at
sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1500)
at
java.net.HttpURLConnection.getResponseCode(HttpURLConnection.java:480)
at
sun.net.www.protocol.https.HttpsURLConnectionImpl.getResponseCode(HttpsURLConnectionImpl.java:352)
at
org.apache.hadoop.fs.azurebfs.services.AbfsHttpOperation.processResponse(AbfsHttpOperation.java:357)
at
org.apache.hadoop.fs.azurebfs.services.AbfsRestOperation.executeHttpOperation(AbfsRestOperation.java:287)
at
org.apache.hadoop.fs.azurebfs.services.AbfsRestOperation.completeExecute(AbfsRestOperation.java:214)
at
org.apache.hadoop.fs.azurebfs.services.AbfsRestOperation.lambda$execute$0(AbfsRestOperation.java:188)
at
org.apache.hadoop.fs.statistics.impl.IOStatisticsBinding.trackDurationOfInvocation(IOStatisticsBinding.java
{code}
> removal of gcm TLS cyphers blocking abfs access "No negotiable cipher suite"
> ----------------------------------------------------------------------------
>
> Key: HADOOP-19260
> URL: https://issues.apache.org/jira/browse/HADOOP-19260
> Project: Hadoop Common
> Issue Type: Bug
> Components: common, fs/azure
> Affects Versions: 3.4.0
> Reporter: Steve Loughran
> Priority: Major
>
> we've seen instances of client-abfs TLS negotiation failing "No negotiable
> cipher suite". this can be fixed by switching to using
> "Default_JSSE_with_GCM" as the SSL options.
> However, DelegatingSSLSocketFactory "Default" attempts OpenSSL, falling back
> to
> {code}
> Default indicates Ordered, preferred OpenSSL, if failed to load then fall
> back to Default_JSSE
> {code}
> And " Default_JSSE is not truly the the default JSSE implementation because
> the GCM cipher is disabled when running on Java "
> What does that mean? it means that if you use the "Default" TLS option of
> "try openssl and fall back to java" doesn't ever turn on gcm encryption.
> Proposed:
> * "Default" falls back to GCM
> * add an option {{Default_JSSE_No_GCM}}
> Once we move off java8 turning off GCM is no longer needed for performance,
> hopefully (benchmarks would be good here)
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
