[ https://issues.apache.org/jira/browse/IGNITE-16496?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Alexey Kukushkin updated IGNITE-16496: -------------------------------------- Summary: SSLException: closing inbound before receiving peer's close_notify (TLS 1.2) (was: SSLException: closing inbound before receiving peer's close_notify (TLS 1.3)) > SSLException: closing inbound before receiving peer's close_notify (TLS 1.2) > ---------------------------------------------------------------------------- > > Key: IGNITE-16496 > URL: https://issues.apache.org/jira/browse/IGNITE-16496 > Project: Ignite > Issue Type: Bug > Affects Versions: 2.12 > Reporter: Alexey Kukushkin > Priority: Major > Labels: cggg > > Ignite nodes output the warning below on startup when TLS protocol v1.3 is > used: > {noformat} > 2022-02-08 11:53:05.705 WARN 19384 --- [1:62095]-#4-#51] > o.a.i.spi.discovery.tcp.TcpDiscoverySpi : Failed to shutdown socket: closing > inbound before receiving peer's close_notify > javax.net.ssl.SSLException: closing inbound before receiving peer's > close_notify > at > java.base/sun.security.ssl.SSLSocketImpl.shutdownInput(SSLSocketImpl.java:745) > ~[na:na] > at > java.base/sun.security.ssl.SSLSocketImpl.shutdownInput(SSLSocketImpl.java:724) > ~[na:na] > at > org.apache.ignite.internal.util.IgniteUtils.close(IgniteUtils.java:4249) > ~[ignite-core-2.12.0.jar!/:2.12.0] > at > org.apache.ignite.spi.discovery.tcp.ServerImpl$SocketReader.body(ServerImpl.java:7370) > ~[ignite-core-2.12.0.jar!/:2.12.0] > at org.apache.ignite.spi.IgniteSpiThread.run(IgniteSpiThread.java:58) > ~[ignite-core-2.12.0.jar!/:2.12.0] {noformat} > To reproduce the problem just start two server nodes with TLS v1.3 enabled > and the warnings will be printed in the log before the cluster is formed. > h3. h3. Analysis > The problem _probably_ happens due to [this > code|https://github.com/apache/ignite/blob/2.12.0/modules/core/src/main/java/org/apache/ignite/internal/util/IgniteUtils.java#L4426] > calling {{Socket#shutdownInput()}} before receiving SSL {{close_notify}} > alert, which TLS 1.3 is expecting. I guess the right approach to close an SSL > socket is just calling {{Socke#close}}, which should properly wait/send a > {{close_notify}} -- This message was sent by Atlassian Jira (v8.20.1#820001)