[jira] [Commented] (NIFI-13369) 2.0.0-M3 Zookeeper TLS connection issue

Wed, 22 Jan 2025 08:24:58 -0800 


    [ 
https://issues.apache.org/jira/browse/NIFI-13369?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17916104#comment-17916104
 ] 

Fabian Reiber commented on NIFI-13369:
--------------------------------------

Any update on this, how I can modify the JVM to use TLSv1.2 as client? I 
already added "jdk.tls.client.protocols=TLSv1.2" to the bootstrap file which 
does not work. And changing the ssl ciphers in zookeeper from the mentioned bug 
report above, doesn't work either.

> 2.0.0-M3 Zookeeper TLS connection issue
> ---------------------------------------
>
>                 Key: NIFI-13369
>                 URL: https://issues.apache.org/jira/browse/NIFI-13369
>             Project: Apache NiFi
>          Issue Type: Bug
>          Components: Core Framework
>    Affects Versions: 2.0.0-M3
>         Environment: Ubuntu 22.04. 
> NiFi 2.0.0-M3 / OpenJDK-21
> Zookeeper 3.8.4 / OpenJDK-11
>            Reporter: Night Gryphon
>            Priority: Major
>
> After upgrading from 2.0.0-M2 to M3 NiFi can't connect existing Zookeeper 
> cluster using SSL/TLS. That blocks upgrade to M3.
> Looks like TLS version mismatch but NiFi don't have corresponding setting for 
> zookeeper client TLS version.
> Below is the error log
> {code:java}
> 2024-06-05 20:21:14,543 INFO [epollEventLoopGroup-2-1] 
> o.apache.zookeeper.ClientCnxnSocketNetty SSL handler added for channel: [id: 
> 0x5e8f288a]
> 2024-06-05 20:21:14,544 INFO [epollEventLoopGroup-2-1] 
> o.apache.zookeeper.ClientCnxnSocketNetty channel is connected: [id: 
> 0x5e8f288a, L:/10.10.0.145:14916 - R:zk3.nifi-test/10.10.0.14
> 3:2182]
> 2024-06-05 20:21:14,549 ERROR [epollEventLoopGroup-2-1] 
> o.apache.zookeeper.ClientCnxnSocketNetty Unexpected throwable
> io.netty.handler.codec.DecoderException: javax.net.ssl.SSLHandshakeException: 
> Received fatal alert: protocol_version
>     at 
> io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:500)
>     at 
> io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:290)
>     at 
> io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:444)
>     at 
> io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:420)
>     at 
> io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:412)
>     at 
> io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1410)
>     at 
> io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:440)
>     at 
> io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:420)
>     at 
> io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:919)
>     at 
> io.netty.channel.epoll.AbstractEpollStreamChannel$EpollStreamUnsafe.epollInReady(AbstractEpollStreamChannel.java:801)
>     at 
> io.netty.channel.epoll.EpollEventLoop.processReady(EpollEventLoop.java:501)
>     at io.netty.channel.epoll.EpollEventLoop.run(EpollEventLoop.java:399)
>     at 
> io.netty.util.concurrent.SingleThreadEventExecutor$4.run(SingleThreadEventExecutor.java:997)
>     at 
> io.netty.util.internal.ThreadExecutorMap$2.run(ThreadExecutorMap.java:74)
>     at 
> io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30)
>     at java.base/java.lang.Thread.run(Thread.java:1583)
> Caused by: javax.net.ssl.SSLHandshakeException: Received fatal alert: 
> protocol_version
>     at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:130)
>     at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:117)
>     at 
> java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:365)
>     at java.base/sun.security.ssl.Alert$AlertConsumer.consume(Alert.java:287)
>     at 
> java.base/sun.security.ssl.TransportContext.dispatch(TransportContext.java:204)
>     at java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:172)
>     at java.base/sun.security.ssl.SSLEngineImpl.decode(SSLEngineImpl.java:736)
>     at 
> java.base/sun.security.ssl.SSLEngineImpl.readRecord(SSLEngineImpl.java:691)
>     at java.base/sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:506)
>     at java.base/sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:482)
>     at java.base/javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:679)
>     at 
> io.netty.handler.ssl.SslHandler$SslEngineType$3.unwrap(SslHandler.java:310)
>     at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1445)
>     at 
> io.netty.handler.ssl.SslHandler.decodeJdkCompatible(SslHandler.java:1338)
>     at io.netty.handler.ssl.SslHandler.decode(SslHandler.java:1387)
>     at 
> io.netty.handler.codec.ByteToMessageDecoder.decodeRemovalReentryProtection(ByteToMessageDecoder.java:530)
>     at 
> io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:469)
>     ... 15 common frames omitted
> 2024-06-05 20:21:14,549 INFO [epollEventLoopGroup-2-1] 
> o.apache.zookeeper.ClientCnxnSocketNetty channel is told closing
> 2024-06-05 20:21:14,549 INFO [epollEventLoopGroup-2-1] 
> o.apache.zookeeper.ClientCnxnSocketNetty channel is disconnected: [id: 
> 0x5e8f288a, L:/10.10.0.145:14916 ! R:zk3.nifi-test/10.10.0
> .143:2182]
>  {code}



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to