kaosmonk commented on issue #1107: ZOOKEEPER-2122: add SSL support for C-client URL: https://github.com/apache/zookeeper/pull/1107#issuecomment-606924901 > @symat Found 3 issues: > > * `gencerts.sh` should use FQDN instead of `zookeeper.apache.org` as CN in order to make local testing easier (not really an issue), > * the CLI command line doesn't need `--host` as a parameter, only the list of hosts, > * patch doesn't work for me: > > I specified the stores for both client and quorum communication: quorum was successfully brought up with TLS enabled, but client is unable to connect. Error message in server log: > > ``` > 2019-11-18 15:52:43,738 [myid:1] - ERROR [nioEventLoopGroup-4-6:NettyServerCnxnFactory$CertificateVerifier@386] - Unsuccessful handshake with session 0x0 > 2019-11-18 15:52:43,738 [myid:1] - WARN [nioEventLoopGroup-4-6:NettyServerCnxnFactory$CnxnChannelHandler@228] - Exception caught > io.netty.handler.codec.DecoderException: io.netty.handler.ssl.NotSslRecordException: not an SSL/TLS record: 0000002d000000000000000000000000000075300000000000000000000000100000000000000000000000000000000000 > ``` > > We can take a look tomorrow in person. Apologies for using this thread, but I am experiencing this very same error as above in my 3 node cluster (3.5.5). What was the solution here?
---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected] With regards, Apache Git Services
