On Mon, Apr 23, 2018 at 4:38 PM, kaustubh via grpc.io < [email protected]> wrote:
> val jdkSslClientContext = new JdkSslContext(sslContext, true, > ClientAuth.REQUIRE) > > > val sslChannel = NettyChannelBuilder > .forAddress(host, sslPort) > .negotiationType(NegotiationType.TLS) > .sslContext(jdkSslClientContext) > .build() > > > However, when running this code (on a mac), I get the following exception: > java.lang.IllegalArgumentException: ALPN must be enabled and list HTTP/2 > as a supported protocol. > at com.google.common.base.Preconditions.checkArgument( > Preconditions.java:122) > at io.grpc.netty.shaded.io.grpc.netty.GrpcSslContexts. > ensureAlpnAndH2Enabled(GrpcSslContexts.java:184) > at io.grpc.netty.shaded.io.grpc.netty.NettyChannelBuilder.sslContext( > NettyChannelBuilder.java:187) > If you look at the documentation for sslContext, it mentions the value "must have been configured with GrpcSslContexts". GrpcSslContexts requires using SslContextBuilder, and it seems it doesn't support the SSLContext being provided. What is configured in the SSLContext already? gRPC needs to configure the ciphers, cipherFilter, and apn (the apn not being configured is what that error is complaining about). I've done some digging online and come across this page: > https://github.com/grpc/grpc-java/blob/master/SECURITY.md. I've done the > recommended approach of using netty-tcnative-boringssl by adding it into my > build.sbt as follows (for multiple versions as well): > "io.netty" % "netty-tcnative-boringssl-static" % "2.0.8.Final" > Since you're using grpc-netty-shaded, that isn't necessary and doesn't really do anything. netty-tcnative has to be shaded along with the rest of Netty. -- You received this message because you are subscribed to the Google Groups "grpc.io" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/grpc-io. To view this discussion on the web visit https://groups.google.com/d/msgid/grpc-io/CA%2B4M1oMpyFA4MZ1W5VuRYaNb5FRnMxDndPypGpzEU8f2SfsMEQ%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
smime.p7s
Description: S/MIME Cryptographic Signature
