[
https://issues.apache.org/jira/browse/ZOOKEEPER-3674?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Pradeep updated ZOOKEEPER-3674:
-------------------------------
Comment: was deleted
(was: 1 way authentication is failing in 3.6 ..
*Client config*
{code:java}
CLIENT_JVMFLAGS="
-Dzookeeper.clientCnxnSocket=org.apache.zookeeper.ClientCnxnSocketNetty
-Dzookeeper.ssl.trustStore.location=/client.truststore.jks
-Dzookeeper.client.secure=true
-Dzookeeper.ssl.trustStore.password=******
-Dzookeeper.ssl.hostnameVerification=false"
/apache-zookeeper-3.6.0-bin/bin/zkCli.sh -server 192.168.235.165:2281
{code}
*Server config*
{code:java}
root@zoo1:/# cat /apache-zookeeper-3.6.0-bin/conf/zoo.cfg
standaloneEnabled=false
tickTime=2000
dataDir=/var/lib/zookeeper
secureClientPort=2281
initLimit=5
syncLimit=2
server.1=192.168.235.165:2888:3888
server.2=192.168.208.221:2888:3888
server.3=192.168.23.240:2888:3888
ssl.clientAuth=none
sslQuorum=true
serverCnxnFactory=org.apache.zookeeper.server.NettyServerCnxnFactory
ssl.quorum.keyStore.location=/server.pem
ssl.quorum.trustStore.location=/path/to/serverca/cacertbundle.pem
ssl.hostnameVerification=false
ssl.quorum.hostnameVerification=false
root@zoo1:/#
{code}
*Error*
{code:java}
2020-04-17 12:31:34,374 [myid:1] - TRACE
[nioEventLoopGroup-4-1:NettyServerCnxnFactory$CnxnChannelHandler@207] - Channel
active [id: 0x58fda1a0, L:/192.168.235.165:2281 -
R:/192.168.174.137:36062]2020-04-17 12:31:34,374 [myid:1] - TRACE
[nioEventLoopGroup-4-1:NettyServerCnxnFactory$CnxnChannelHandler@207] - Channel
active [id: 0x58fda1a0, L:/192.168.235.165:2281 -
R:/192.168.174.137:36062]2020-04-17 12:31:34,377 [myid:1] - ERROR
[nioEventLoopGroup-4-1:NettyServerCnxnFactory$CertificateVerifier@434] -
Unsuccessful handshake with session 0x02020-04-17 12:31:34,377 [myid:1] - DEBUG
[nioEventLoopGroup-4-1:NettyServerCnxn@106] - close called for session id:
0x02020-04-17 12:31:34,377 [myid:1] - DEBUG
[nioEventLoopGroup-4-1:NettyServerCnxn@117] - cnxns size:02020-04-17
12:31:34,377 [myid:1] - WARN
[nioEventLoopGroup-4-1:NettyServerCnxnFactory$CnxnChannelHandler@273] -
Exception caughtio.netty.handler.codec.DecoderException:
javax.net.ssl.SSLHandshakeException: no cipher suites in common at
io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:468)
at javax.net.ssl.SSLHandshakeException: no cipher suites in common at
java.base/sun.security.ssl.Alert.createSSLException(Alert.java:131) at
java.base/sun.security.ssl.Alert.createSSLException(Alert.java:117) at
java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:308) at
java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:264) at
java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:255) at
java.base/sun.security.ssl.ServerHello$T12ServerHelloProducer.chooseCipherSuite(ServerHello.java:461)
at
io.netty.handler.codec.ByteToMessageDecoder.decodeRemovalReentryProtection(ByteToMessageDecoder.java:498)
at
io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:437)
... 17 more2020-04-17 12:31:34,378 [myid:1] - DEBUG
[nioEventLoopGroup-4-1:NettyServerCnxnFactory$CnxnChannelHandler@276] - Closing
/192.168.174.137:36062[0](queued=0,recved=0,sent=0)
{code}
)
> zookeeper.ssl.clientAuth ignored
> --------------------------------
>
> Key: ZOOKEEPER-3674
> URL: https://issues.apache.org/jira/browse/ZOOKEEPER-3674
> Project: ZooKeeper
> Issue Type: Bug
> Components: security, server
> Affects Versions: 3.5.5, 3.5.6
> Reporter: Ron Dagostino
> Priority: Major
> Fix For: 3.5.7
>
>
> Setting zookeeper.ssl.clientAuth currently has no impact; a client
> certificate is currently always required.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
