[
https://issues.apache.org/jira/browse/SOLR-16023?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Yordan Borisov updated SOLR-16023:
----------------------------------
Description:
Enabling ssl in Solr and Zookeeper which is listening only on secure port (e.g.
2283) cause
an empty response from Zookeeper because of the following error
{code:java}
Caused by: io.netty.handler.ssl.NotSslRecordException: not an SSL/TLS record:
72756f6b0a {code}
The current implementation in Solr is working with Socket where it should be
SslSocket in order to create ssl layer before sending the request.
I believe the problem comes from :
org.apache.solr.handler.admin.ZookeeperStatusHandler#getZkRawResponse where the
communication between Solr and ZooKeeper happens by using this code :
{code:java}
Socket socket = new Socket(host, port);
......
{code}
and it is a plain text, but the ZooKeeper listens only on *secureClientPort*
(e.g. 2281) where the *clientPort* is not defined.
What is the expected behaviour here? Can Solr and ZooKeeper communicate only
via SSL?
I validated that secureClientPort works with the following command:
{code:bash}
~$ echo srvr | ncat --ssl localhost 2281
Zookeeper version: 3.6.3--6401e4ad2087061bc6b9f80dec2d69f2e3c8660a, built on
04/08/2021 16:35 GMT
Latency min/avg/max: 0/0.0/0
Received: 1
Sent: 0
Connections: 1
Outstanding: 0
Zxid: 0x2000001f3
Mode: follower
Node count: 87
{code}
Java version: OpenJDK Runtime Environment (build
1.8.0_312-8u312-b07-0ubuntu1~20.04-b07)
Solr version 8.11.1
Zookeeper version: 3.6.3
was:
Enabling ssl in Solr and Zookeeper which is listening only on secure port (e.g.
2283) cause
an empty response from Zookeeper because of the following error
{code:java}
Caused by: io.netty.handler.ssl.NotSslRecordException: not an SSL/TLS record:
72756f6b0a {code}
The current implementation in Solr is working with Socket where it should be
SslSocket in order to create ssl layer before sending the request.
Java version: OpenJDK Runtime Environment (build
1.8.0_312-8u312-b07-0ubuntu1~20.04-b07)
Solr version 8.11.1
Zookeeper version: 3.6.3
> Solr obtain zookeeper ruok via ssl cause error
> ----------------------------------------------
>
> Key: SOLR-16023
> URL: https://issues.apache.org/jira/browse/SOLR-16023
> Project: Solr
> Issue Type: Bug
> Security Level: Public(Default Security Level. Issues are Public)
> Affects Versions: 8.11.1
> Reporter: Yordan Borisov
> Priority: Major
>
> Enabling ssl in Solr and Zookeeper which is listening only on secure port
> (e.g. 2283) cause
> an empty response from Zookeeper because of the following error
> {code:java}
> Caused by: io.netty.handler.ssl.NotSslRecordException: not an SSL/TLS record:
> 72756f6b0a {code}
> The current implementation in Solr is working with Socket where it should be
> SslSocket in order to create ssl layer before sending the request.
> I believe the problem comes from :
> org.apache.solr.handler.admin.ZookeeperStatusHandler#getZkRawResponse where
> the communication between Solr and ZooKeeper happens by using this code :
> {code:java}
> Socket socket = new Socket(host, port);
> ......
> {code}
> and it is a plain text, but the ZooKeeper listens only on *secureClientPort*
> (e.g. 2281) where the *clientPort* is not defined.
>
> What is the expected behaviour here? Can Solr and ZooKeeper communicate only
> via SSL?
> I validated that secureClientPort works with the following command:
> {code:bash}
> ~$ echo srvr | ncat --ssl localhost 2281
> Zookeeper version: 3.6.3--6401e4ad2087061bc6b9f80dec2d69f2e3c8660a, built on
> 04/08/2021 16:35 GMT
> Latency min/avg/max: 0/0.0/0
> Received: 1
> Sent: 0
> Connections: 1
> Outstanding: 0
> Zxid: 0x2000001f3
> Mode: follower
> Node count: 87
> {code}
> Java version: OpenJDK Runtime Environment (build
> 1.8.0_312-8u312-b07-0ubuntu1~20.04-b07)
> Solr version 8.11.1
> Zookeeper version: 3.6.3
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
