[jira] [Commented] (CASSANDRA-18839) Catch SSLHandshakeExceptions exceptions
[ https://issues.apache.org/jira/browse/CASSANDRA-18839?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17807342#comment-17807342 ] Caleb Rackliffe commented on CASSANDRA-18839: - +1 > Catch SSLHandshakeExceptions exceptions > --- > > Key: CASSANDRA-18839 > URL: https://issues.apache.org/jira/browse/CASSANDRA-18839 > Project: Cassandra > Issue Type: Improvement > Components: Messaging/Client >Reporter: Brad Schoening >Assignee: James Hu >Priority: Low > Fix For: 4.0.x, 4.1.x, 5.0.x, 5.x > > Time Spent: 3h 50m > Remaining Estimate: 0h > > When SSL connection errors occur, they tend to flood the log with stack > traces and lack the identity of the remote client IP. Instead, > PreV5Handlers.decode() could catch SSLHandshakeException and provide a brief, > more informative WARN level message instead of the verbose and mostly > unhelpful stack trace. > I.e., > {code:java} > [WARN ] [epollEventLoopGroup-5-5] cluster_id=3 ip_address=10.0.0.1 > PreV5Handlers.java:261 - SSLHandshakeException in client networking with peer > 10.0.0.10:9042 error:10d7:SSL > routines:OPENSSL_internal:SSL_HANDSHAKE_FAILURE {code} > instead of the current ones which flood the logs: > {code:java} > 2023-09-12 00:00:25,368 [WARN ] [epollEventLoopGroup-5-5] cluster_id=3 > ip_address=10.0.0.1 PreV5Handlers.java:261 - Unknown exception in client > networking > io.netty.handler.codec.DecoderException: javax.net.ssl.SSLHandshakeException: > error:10d7:SSL routines:OPENSSL_internal:SSL_HANDSHAKE_FAILURE > at > io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:478) > at > io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:276) > at > io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379) > at > io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:365) > at > io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:357) > at > io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1410) > at > io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379) > at > io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:365) > at > io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:919) > at > io.netty.channel.epoll.AbstractEpollStreamChannel$EpollStreamUnsafe.epollInReady(AbstractEpollStreamChannel.java:795) > at > io.netty.channel.epoll.EpollEventLoop.processReady(EpollEventLoop.java:480) > at io.netty.channel.epoll.EpollEventLoop.run(EpollEventLoop.java:378) > at > io.netty.util.concurrent.SingleThreadEventExecutor$4.run(SingleThreadEventExecutor.java:989) > at > io.netty.util.internal.ThreadExecutorMap$2.run(ThreadExecutorMap.java:74) > at > io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30) > at java.base/java.lang.Thread.run(Thread.java:834) > Caused by: javax.net.ssl.SSLHandshakeException: error:10d7:SSL > routines:OPENSSL_internal:SSL_HANDSHAKE_FAILURE > at > io.netty.handler.ssl.ReferenceCountedOpenSslEngine.shutdownWithError(ReferenceCountedOpenSslEngine.java:1031) > at > io.netty.handler.ssl.ReferenceCountedOpenSslEngine.sslReadErrorResult(ReferenceCountedOpenSslEngine.java:1321) > at > io.netty.handler.ssl.ReferenceCountedOpenSslEngine.unwrap(ReferenceCountedOpenSslEngine.java:1270) > at > io.netty.handler.ssl.ReferenceCountedOpenSslEngine.unwrap(ReferenceCountedOpenSslEngine.java:1346) > at > io.netty.handler.ssl.ReferenceCountedOpenSslEngine.unwrap(ReferenceCountedOpenSslEngine.java:1389) > at > io.netty.handler.ssl.SslHandler$SslEngineType$1.unwrap(SslHandler.java:206) > at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1387) > at > io.netty.handler.ssl.SslHandler.decodeNonJdkCompatible(SslHandler.java:1294) > at io.netty.handler.ssl.SslHandler.decode(SslHandler.java:1331) > at > io.netty.handler.codec.ByteToMessageDecoder.decodeRemovalReentryProtection(ByteToMessageDecoder.java:508) > at > io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:447) > ... 15 common frames omitted {code} -- This message was sent by Atlassian Jira (v8.20.10#820010) - To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org
[jira] [Commented] (CASSANDRA-18839) Catch SSLHandshakeExceptions exceptions
[ https://issues.apache.org/jira/browse/CASSANDRA-18839?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17803721#comment-17803721 ] Caleb Rackliffe commented on CASSANDRA-18839: - Dropped one [minor comment|https://github.com/apache/cassandra/pull/3018/files#r1443508639] in the trunk PR... > Catch SSLHandshakeExceptions exceptions > --- > > Key: CASSANDRA-18839 > URL: https://issues.apache.org/jira/browse/CASSANDRA-18839 > Project: Cassandra > Issue Type: Improvement > Components: Messaging/Client >Reporter: Brad Schoening >Assignee: James Hu >Priority: Low > Fix For: 4.0.x, 4.1.x, 5.0.x, 5.x > > Time Spent: 3.5h > Remaining Estimate: 0h > > When SSL connection errors occur, they tend to flood the log with stack > traces and lack the identity of the remote client IP. Instead, > PreV5Handlers.decode() could catch SSLHandshakeException and provide a brief, > more informative WARN level message instead of the verbose and mostly > unhelpful stack trace. > I.e., > {code:java} > [WARN ] [epollEventLoopGroup-5-5] cluster_id=3 ip_address=10.0.0.1 > PreV5Handlers.java:261 - SSLHandshakeException in client networking with peer > 10.0.0.10:9042 error:10d7:SSL > routines:OPENSSL_internal:SSL_HANDSHAKE_FAILURE {code} > instead of the current ones which flood the logs: > {code:java} > 2023-09-12 00:00:25,368 [WARN ] [epollEventLoopGroup-5-5] cluster_id=3 > ip_address=10.0.0.1 PreV5Handlers.java:261 - Unknown exception in client > networking > io.netty.handler.codec.DecoderException: javax.net.ssl.SSLHandshakeException: > error:10d7:SSL routines:OPENSSL_internal:SSL_HANDSHAKE_FAILURE > at > io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:478) > at > io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:276) > at > io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379) > at > io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:365) > at > io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:357) > at > io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1410) > at > io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379) > at > io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:365) > at > io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:919) > at > io.netty.channel.epoll.AbstractEpollStreamChannel$EpollStreamUnsafe.epollInReady(AbstractEpollStreamChannel.java:795) > at > io.netty.channel.epoll.EpollEventLoop.processReady(EpollEventLoop.java:480) > at io.netty.channel.epoll.EpollEventLoop.run(EpollEventLoop.java:378) > at > io.netty.util.concurrent.SingleThreadEventExecutor$4.run(SingleThreadEventExecutor.java:989) > at > io.netty.util.internal.ThreadExecutorMap$2.run(ThreadExecutorMap.java:74) > at > io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30) > at java.base/java.lang.Thread.run(Thread.java:834) > Caused by: javax.net.ssl.SSLHandshakeException: error:10d7:SSL > routines:OPENSSL_internal:SSL_HANDSHAKE_FAILURE > at > io.netty.handler.ssl.ReferenceCountedOpenSslEngine.shutdownWithError(ReferenceCountedOpenSslEngine.java:1031) > at > io.netty.handler.ssl.ReferenceCountedOpenSslEngine.sslReadErrorResult(ReferenceCountedOpenSslEngine.java:1321) > at > io.netty.handler.ssl.ReferenceCountedOpenSslEngine.unwrap(ReferenceCountedOpenSslEngine.java:1270) > at > io.netty.handler.ssl.ReferenceCountedOpenSslEngine.unwrap(ReferenceCountedOpenSslEngine.java:1346) > at > io.netty.handler.ssl.ReferenceCountedOpenSslEngine.unwrap(ReferenceCountedOpenSslEngine.java:1389) > at > io.netty.handler.ssl.SslHandler$SslEngineType$1.unwrap(SslHandler.java:206) > at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1387) > at > io.netty.handler.ssl.SslHandler.decodeNonJdkCompatible(SslHandler.java:1294) > at io.netty.handler.ssl.SslHandler.decode(SslHandler.java:1331) > at > io.netty.handler.codec.ByteToMessageDecoder.decodeRemovalReentryProtection(ByteToMessageDecoder.java:508) > at > io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:447) > ... 15 common frames omitted {code} -- This message was sent by Atlassian Jira (v8.20.10#820010) - To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail:
[jira] [Commented] (CASSANDRA-18839) Catch SSLHandshakeExceptions exceptions
[ https://issues.apache.org/jira/browse/CASSANDRA-18839?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17803515#comment-17803515 ] Stefan Miklosovic commented on CASSANDRA-18839: --- [~maedhroz] no stress with the review though ... as an improvement, this will practically go in after 5.0 GA. > Catch SSLHandshakeExceptions exceptions > --- > > Key: CASSANDRA-18839 > URL: https://issues.apache.org/jira/browse/CASSANDRA-18839 > Project: Cassandra > Issue Type: Improvement > Components: Messaging/Client >Reporter: Brad Schoening >Assignee: James Hu >Priority: Low > Fix For: 4.0.x, 4.1.x, 5.0.x, 5.x > > Time Spent: 3h 20m > Remaining Estimate: 0h > > When SSL connection errors occur, they tend to flood the log with stack > traces and lack the identity of the remote client IP. Instead, > PreV5Handlers.decode() could catch SSLHandshakeException and provide a brief, > more informative WARN level message instead of the verbose and mostly > unhelpful stack trace. > I.e., > {code:java} > [WARN ] [epollEventLoopGroup-5-5] cluster_id=3 ip_address=10.0.0.1 > PreV5Handlers.java:261 - SSLHandshakeException in client networking with peer > 10.0.0.10:9042 error:10d7:SSL > routines:OPENSSL_internal:SSL_HANDSHAKE_FAILURE {code} > instead of the current ones which flood the logs: > {code:java} > 2023-09-12 00:00:25,368 [WARN ] [epollEventLoopGroup-5-5] cluster_id=3 > ip_address=10.0.0.1 PreV5Handlers.java:261 - Unknown exception in client > networking > io.netty.handler.codec.DecoderException: javax.net.ssl.SSLHandshakeException: > error:10d7:SSL routines:OPENSSL_internal:SSL_HANDSHAKE_FAILURE > at > io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:478) > at > io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:276) > at > io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379) > at > io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:365) > at > io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:357) > at > io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1410) > at > io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379) > at > io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:365) > at > io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:919) > at > io.netty.channel.epoll.AbstractEpollStreamChannel$EpollStreamUnsafe.epollInReady(AbstractEpollStreamChannel.java:795) > at > io.netty.channel.epoll.EpollEventLoop.processReady(EpollEventLoop.java:480) > at io.netty.channel.epoll.EpollEventLoop.run(EpollEventLoop.java:378) > at > io.netty.util.concurrent.SingleThreadEventExecutor$4.run(SingleThreadEventExecutor.java:989) > at > io.netty.util.internal.ThreadExecutorMap$2.run(ThreadExecutorMap.java:74) > at > io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30) > at java.base/java.lang.Thread.run(Thread.java:834) > Caused by: javax.net.ssl.SSLHandshakeException: error:10d7:SSL > routines:OPENSSL_internal:SSL_HANDSHAKE_FAILURE > at > io.netty.handler.ssl.ReferenceCountedOpenSslEngine.shutdownWithError(ReferenceCountedOpenSslEngine.java:1031) > at > io.netty.handler.ssl.ReferenceCountedOpenSslEngine.sslReadErrorResult(ReferenceCountedOpenSslEngine.java:1321) > at > io.netty.handler.ssl.ReferenceCountedOpenSslEngine.unwrap(ReferenceCountedOpenSslEngine.java:1270) > at > io.netty.handler.ssl.ReferenceCountedOpenSslEngine.unwrap(ReferenceCountedOpenSslEngine.java:1346) > at > io.netty.handler.ssl.ReferenceCountedOpenSslEngine.unwrap(ReferenceCountedOpenSslEngine.java:1389) > at > io.netty.handler.ssl.SslHandler$SslEngineType$1.unwrap(SslHandler.java:206) > at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1387) > at > io.netty.handler.ssl.SslHandler.decodeNonJdkCompatible(SslHandler.java:1294) > at io.netty.handler.ssl.SslHandler.decode(SslHandler.java:1331) > at > io.netty.handler.codec.ByteToMessageDecoder.decodeRemovalReentryProtection(ByteToMessageDecoder.java:508) > at > io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:447) > ... 15 common frames omitted {code} -- This message was sent by Atlassian Jira (v8.20.10#820010) - To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail:
[jira] [Commented] (CASSANDRA-18839) Catch SSLHandshakeExceptions exceptions
[ https://issues.apache.org/jira/browse/CASSANDRA-18839?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17803448#comment-17803448 ] Stefan Miklosovic commented on CASSANDRA-18839: --- As I looked into trunk's PR again, I think that what was there is wrong, because we were not distinguishing between SSLHandshakeException and SSLException. The fact that an exception is an instance of SSLException does not necessarily mean that it is SSLHandshakeException. So we might increase handshake metrics when an exception was not a handshake one. If we indeed want to make a distinction between SSLHandshakeException and more general version of it, SSLException, I think this makes more sense: https://github.com/apache/cassandra/pull/3018/commits/96f0f64dc7c36de97c1c18321cea1542937c8c66 For older branches, just acting on SSLException is fine because we are not trying to update and "handshake exception metrics" when we detect it. > Catch SSLHandshakeExceptions exceptions > --- > > Key: CASSANDRA-18839 > URL: https://issues.apache.org/jira/browse/CASSANDRA-18839 > Project: Cassandra > Issue Type: Improvement > Components: Messaging/Client >Reporter: Brad Schoening >Assignee: James Hu >Priority: Low > Fix For: 4.0.x, 4.1.x, 5.0.x, 5.x > > Time Spent: 3h 20m > Remaining Estimate: 0h > > When SSL connection errors occur, they tend to flood the log with stack > traces and lack the identity of the remote client IP. Instead, > PreV5Handlers.decode() could catch SSLHandshakeException and provide a brief, > more informative WARN level message instead of the verbose and mostly > unhelpful stack trace. > I.e., > {code:java} > [WARN ] [epollEventLoopGroup-5-5] cluster_id=3 ip_address=10.0.0.1 > PreV5Handlers.java:261 - SSLHandshakeException in client networking with peer > 10.0.0.10:9042 error:10d7:SSL > routines:OPENSSL_internal:SSL_HANDSHAKE_FAILURE {code} > instead of the current ones which flood the logs: > {code:java} > 2023-09-12 00:00:25,368 [WARN ] [epollEventLoopGroup-5-5] cluster_id=3 > ip_address=10.0.0.1 PreV5Handlers.java:261 - Unknown exception in client > networking > io.netty.handler.codec.DecoderException: javax.net.ssl.SSLHandshakeException: > error:10d7:SSL routines:OPENSSL_internal:SSL_HANDSHAKE_FAILURE > at > io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:478) > at > io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:276) > at > io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379) > at > io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:365) > at > io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:357) > at > io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1410) > at > io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379) > at > io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:365) > at > io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:919) > at > io.netty.channel.epoll.AbstractEpollStreamChannel$EpollStreamUnsafe.epollInReady(AbstractEpollStreamChannel.java:795) > at > io.netty.channel.epoll.EpollEventLoop.processReady(EpollEventLoop.java:480) > at io.netty.channel.epoll.EpollEventLoop.run(EpollEventLoop.java:378) > at > io.netty.util.concurrent.SingleThreadEventExecutor$4.run(SingleThreadEventExecutor.java:989) > at > io.netty.util.internal.ThreadExecutorMap$2.run(ThreadExecutorMap.java:74) > at > io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30) > at java.base/java.lang.Thread.run(Thread.java:834) > Caused by: javax.net.ssl.SSLHandshakeException: error:10d7:SSL > routines:OPENSSL_internal:SSL_HANDSHAKE_FAILURE > at > io.netty.handler.ssl.ReferenceCountedOpenSslEngine.shutdownWithError(ReferenceCountedOpenSslEngine.java:1031) > at > io.netty.handler.ssl.ReferenceCountedOpenSslEngine.sslReadErrorResult(ReferenceCountedOpenSslEngine.java:1321) > at > io.netty.handler.ssl.ReferenceCountedOpenSslEngine.unwrap(ReferenceCountedOpenSslEngine.java:1270) > at > io.netty.handler.ssl.ReferenceCountedOpenSslEngine.unwrap(ReferenceCountedOpenSslEngine.java:1346) > at > io.netty.handler.ssl.ReferenceCountedOpenSslEngine.unwrap(ReferenceCountedOpenSslEngine.java:1389) > at > io.netty.handler.ssl.SslHandler$SslEngineType$1.unwrap(SslHandler.java:206) > at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1387) > at >
[jira] [Commented] (CASSANDRA-18839) Catch SSLHandshakeExceptions exceptions
[ https://issues.apache.org/jira/browse/CASSANDRA-18839?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17801805#comment-17801805 ] Stefan Miklosovic commented on CASSANDRA-18839: --- [4.0 PR|https://github.com/apache/cassandra/pull/3015] [4.1 PR|https://github.com/apache/cassandra/pull/3016] [5.0 PR|https://github.com/apache/cassandra/pull/3017] [trunk PR|https://github.com/apache/cassandra/pull/3018] I created all branches. Patch from trunk applied quite cleanly to all older branches but 4.0. It is colliding with this (1). In 4.0, I just logged that and excluded call to ExceptionHandlers.logClientNetworkingExceptions because it does not exist there yet. As agreed, metrics are not anywhere but in trunk. [~brandon.williams] does this make sense to you before I start to build it all? (1) https://github.com/apache/cassandra/commit/d220d24994400d4342f5281f1a51514a6ae8c2fd > Catch SSLHandshakeExceptions exceptions > --- > > Key: CASSANDRA-18839 > URL: https://issues.apache.org/jira/browse/CASSANDRA-18839 > Project: Cassandra > Issue Type: Improvement > Components: Messaging/Client >Reporter: Brad Schoening >Assignee: James Hu >Priority: Low > Fix For: 4.0.x, 4.1.x, 5.0 > > Time Spent: 3h 20m > Remaining Estimate: 0h > > When SSL connection errors occur, they tend to flood the log with stack > traces and lack the identity of the remote client IP. Instead, > PreV5Handlers.decode() could catch SSLHandshakeException and provide a brief, > more informative WARN level message instead of the verbose and mostly > unhelpful stack trace. > I.e., > {code:java} > [WARN ] [epollEventLoopGroup-5-5] cluster_id=3 ip_address=10.0.0.1 > PreV5Handlers.java:261 - SSLHandshakeException in client networking with peer > 10.0.0.10:9042 error:10d7:SSL > routines:OPENSSL_internal:SSL_HANDSHAKE_FAILURE {code} > instead of the current ones which flood the logs: > {code:java} > 2023-09-12 00:00:25,368 [WARN ] [epollEventLoopGroup-5-5] cluster_id=3 > ip_address=10.0.0.1 PreV5Handlers.java:261 - Unknown exception in client > networking > io.netty.handler.codec.DecoderException: javax.net.ssl.SSLHandshakeException: > error:10d7:SSL routines:OPENSSL_internal:SSL_HANDSHAKE_FAILURE > at > io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:478) > at > io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:276) > at > io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379) > at > io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:365) > at > io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:357) > at > io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1410) > at > io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379) > at > io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:365) > at > io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:919) > at > io.netty.channel.epoll.AbstractEpollStreamChannel$EpollStreamUnsafe.epollInReady(AbstractEpollStreamChannel.java:795) > at > io.netty.channel.epoll.EpollEventLoop.processReady(EpollEventLoop.java:480) > at io.netty.channel.epoll.EpollEventLoop.run(EpollEventLoop.java:378) > at > io.netty.util.concurrent.SingleThreadEventExecutor$4.run(SingleThreadEventExecutor.java:989) > at > io.netty.util.internal.ThreadExecutorMap$2.run(ThreadExecutorMap.java:74) > at > io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30) > at java.base/java.lang.Thread.run(Thread.java:834) > Caused by: javax.net.ssl.SSLHandshakeException: error:10d7:SSL > routines:OPENSSL_internal:SSL_HANDSHAKE_FAILURE > at > io.netty.handler.ssl.ReferenceCountedOpenSslEngine.shutdownWithError(ReferenceCountedOpenSslEngine.java:1031) > at > io.netty.handler.ssl.ReferenceCountedOpenSslEngine.sslReadErrorResult(ReferenceCountedOpenSslEngine.java:1321) > at > io.netty.handler.ssl.ReferenceCountedOpenSslEngine.unwrap(ReferenceCountedOpenSslEngine.java:1270) > at > io.netty.handler.ssl.ReferenceCountedOpenSslEngine.unwrap(ReferenceCountedOpenSslEngine.java:1346) > at > io.netty.handler.ssl.ReferenceCountedOpenSslEngine.unwrap(ReferenceCountedOpenSslEngine.java:1389) > at > io.netty.handler.ssl.SslHandler$SslEngineType$1.unwrap(SslHandler.java:206) > at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1387) > at >
[jira] [Commented] (CASSANDRA-18839) Catch SSLHandshakeExceptions exceptions
[ https://issues.apache.org/jira/browse/CASSANDRA-18839?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17798475#comment-17798475 ] Maxwell Guo commented on CASSANDRA-18839: - [~jameshu15869]any update on this ? I think we are almost reaching the finish line > Catch SSLHandshakeExceptions exceptions > --- > > Key: CASSANDRA-18839 > URL: https://issues.apache.org/jira/browse/CASSANDRA-18839 > Project: Cassandra > Issue Type: Improvement > Components: Messaging/Client >Reporter: Brad Schoening >Assignee: James Hu >Priority: Low > Fix For: 4.0.x, 4.1.x, 5.0 > > Time Spent: 2h 40m > Remaining Estimate: 0h > > When SSL connection errors occur, they tend to flood the log with stack > traces and lack the identity of the remote client IP. Instead, > PreV5Handlers.decode() could catch SSLHandshakeException and provide a brief, > more informative WARN level message instead of the verbose and mostly > unhelpful stack trace. > I.e., > {code:java} > [WARN ] [epollEventLoopGroup-5-5] cluster_id=3 ip_address=10.0.0.1 > PreV5Handlers.java:261 - SSLHandshakeException in client networking with peer > 10.0.0.10:9042 error:10d7:SSL > routines:OPENSSL_internal:SSL_HANDSHAKE_FAILURE {code} > instead of the current ones which flood the logs: > {code:java} > 2023-09-12 00:00:25,368 [WARN ] [epollEventLoopGroup-5-5] cluster_id=3 > ip_address=10.0.0.1 PreV5Handlers.java:261 - Unknown exception in client > networking > io.netty.handler.codec.DecoderException: javax.net.ssl.SSLHandshakeException: > error:10d7:SSL routines:OPENSSL_internal:SSL_HANDSHAKE_FAILURE > at > io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:478) > at > io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:276) > at > io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379) > at > io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:365) > at > io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:357) > at > io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1410) > at > io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379) > at > io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:365) > at > io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:919) > at > io.netty.channel.epoll.AbstractEpollStreamChannel$EpollStreamUnsafe.epollInReady(AbstractEpollStreamChannel.java:795) > at > io.netty.channel.epoll.EpollEventLoop.processReady(EpollEventLoop.java:480) > at io.netty.channel.epoll.EpollEventLoop.run(EpollEventLoop.java:378) > at > io.netty.util.concurrent.SingleThreadEventExecutor$4.run(SingleThreadEventExecutor.java:989) > at > io.netty.util.internal.ThreadExecutorMap$2.run(ThreadExecutorMap.java:74) > at > io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30) > at java.base/java.lang.Thread.run(Thread.java:834) > Caused by: javax.net.ssl.SSLHandshakeException: error:10d7:SSL > routines:OPENSSL_internal:SSL_HANDSHAKE_FAILURE > at > io.netty.handler.ssl.ReferenceCountedOpenSslEngine.shutdownWithError(ReferenceCountedOpenSslEngine.java:1031) > at > io.netty.handler.ssl.ReferenceCountedOpenSslEngine.sslReadErrorResult(ReferenceCountedOpenSslEngine.java:1321) > at > io.netty.handler.ssl.ReferenceCountedOpenSslEngine.unwrap(ReferenceCountedOpenSslEngine.java:1270) > at > io.netty.handler.ssl.ReferenceCountedOpenSslEngine.unwrap(ReferenceCountedOpenSslEngine.java:1346) > at > io.netty.handler.ssl.ReferenceCountedOpenSslEngine.unwrap(ReferenceCountedOpenSslEngine.java:1389) > at > io.netty.handler.ssl.SslHandler$SslEngineType$1.unwrap(SslHandler.java:206) > at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1387) > at > io.netty.handler.ssl.SslHandler.decodeNonJdkCompatible(SslHandler.java:1294) > at io.netty.handler.ssl.SslHandler.decode(SslHandler.java:1331) > at > io.netty.handler.codec.ByteToMessageDecoder.decodeRemovalReentryProtection(ByteToMessageDecoder.java:508) > at > io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:447) > ... 15 common frames omitted {code} -- This message was sent by Atlassian Jira (v8.20.10#820010) - To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org
[jira] [Commented] (CASSANDRA-18839) Catch SSLHandshakeExceptions exceptions
[ https://issues.apache.org/jira/browse/CASSANDRA-18839?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17794754#comment-17794754 ] Stefan Miklosovic commented on CASSANDRA-18839: --- Right ... going without the new metric in all branches but trunk would work. [~jameshu15869] can you please prepare all other branches from 4.0 without metric and we add it just in trunk branch? > Catch SSLHandshakeExceptions exceptions > --- > > Key: CASSANDRA-18839 > URL: https://issues.apache.org/jira/browse/CASSANDRA-18839 > Project: Cassandra > Issue Type: Improvement > Components: Messaging/Client >Reporter: Brad Schoening >Assignee: James Hu >Priority: Low > Fix For: 4.0.x, 4.1.x, 5.0 > > Time Spent: 2h 40m > Remaining Estimate: 0h > > When SSL connection errors occur, they tend to flood the log with stack > traces and lack the identity of the remote client IP. Instead, > PreV5Handlers.decode() could catch SSLHandshakeException and provide a brief, > more informative WARN level message instead of the verbose and mostly > unhelpful stack trace. > I.e., > {code:java} > [WARN ] [epollEventLoopGroup-5-5] cluster_id=3 ip_address=10.0.0.1 > PreV5Handlers.java:261 - SSLHandshakeException in client networking with peer > 10.0.0.10:9042 error:10d7:SSL > routines:OPENSSL_internal:SSL_HANDSHAKE_FAILURE {code} > instead of the current ones which flood the logs: > {code:java} > 2023-09-12 00:00:25,368 [WARN ] [epollEventLoopGroup-5-5] cluster_id=3 > ip_address=10.0.0.1 PreV5Handlers.java:261 - Unknown exception in client > networking > io.netty.handler.codec.DecoderException: javax.net.ssl.SSLHandshakeException: > error:10d7:SSL routines:OPENSSL_internal:SSL_HANDSHAKE_FAILURE > at > io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:478) > at > io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:276) > at > io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379) > at > io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:365) > at > io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:357) > at > io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1410) > at > io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379) > at > io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:365) > at > io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:919) > at > io.netty.channel.epoll.AbstractEpollStreamChannel$EpollStreamUnsafe.epollInReady(AbstractEpollStreamChannel.java:795) > at > io.netty.channel.epoll.EpollEventLoop.processReady(EpollEventLoop.java:480) > at io.netty.channel.epoll.EpollEventLoop.run(EpollEventLoop.java:378) > at > io.netty.util.concurrent.SingleThreadEventExecutor$4.run(SingleThreadEventExecutor.java:989) > at > io.netty.util.internal.ThreadExecutorMap$2.run(ThreadExecutorMap.java:74) > at > io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30) > at java.base/java.lang.Thread.run(Thread.java:834) > Caused by: javax.net.ssl.SSLHandshakeException: error:10d7:SSL > routines:OPENSSL_internal:SSL_HANDSHAKE_FAILURE > at > io.netty.handler.ssl.ReferenceCountedOpenSslEngine.shutdownWithError(ReferenceCountedOpenSslEngine.java:1031) > at > io.netty.handler.ssl.ReferenceCountedOpenSslEngine.sslReadErrorResult(ReferenceCountedOpenSslEngine.java:1321) > at > io.netty.handler.ssl.ReferenceCountedOpenSslEngine.unwrap(ReferenceCountedOpenSslEngine.java:1270) > at > io.netty.handler.ssl.ReferenceCountedOpenSslEngine.unwrap(ReferenceCountedOpenSslEngine.java:1346) > at > io.netty.handler.ssl.ReferenceCountedOpenSslEngine.unwrap(ReferenceCountedOpenSslEngine.java:1389) > at > io.netty.handler.ssl.SslHandler$SslEngineType$1.unwrap(SslHandler.java:206) > at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1387) > at > io.netty.handler.ssl.SslHandler.decodeNonJdkCompatible(SslHandler.java:1294) > at io.netty.handler.ssl.SslHandler.decode(SslHandler.java:1331) > at > io.netty.handler.codec.ByteToMessageDecoder.decodeRemovalReentryProtection(ByteToMessageDecoder.java:508) > at > io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:447) > ... 15 common frames omitted {code} -- This message was sent by Atlassian Jira (v8.20.10#820010) - To unsubscribe,
[jira] [Commented] (CASSANDRA-18839) Catch SSLHandshakeExceptions exceptions
[ https://issues.apache.org/jira/browse/CASSANDRA-18839?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17794739#comment-17794739 ] Brandon Williams commented on CASSANDRA-18839: -- My only concern with doing this in stable branches in a point release is the metrics. I don't want to accidentally create alerts for SslHandshakeExceptions for people who aren't concerned about this issue at all. > Catch SSLHandshakeExceptions exceptions > --- > > Key: CASSANDRA-18839 > URL: https://issues.apache.org/jira/browse/CASSANDRA-18839 > Project: Cassandra > Issue Type: Improvement > Components: Messaging/Client >Reporter: Brad Schoening >Assignee: James Hu >Priority: Low > Fix For: 4.0.x, 4.1.x, 5.0 > > Time Spent: 2h 40m > Remaining Estimate: 0h > > When SSL connection errors occur, they tend to flood the log with stack > traces and lack the identity of the remote client IP. Instead, > PreV5Handlers.decode() could catch SSLHandshakeException and provide a brief, > more informative WARN level message instead of the verbose and mostly > unhelpful stack trace. > I.e., > {code:java} > [WARN ] [epollEventLoopGroup-5-5] cluster_id=3 ip_address=10.0.0.1 > PreV5Handlers.java:261 - SSLHandshakeException in client networking with peer > 10.0.0.10:9042 error:10d7:SSL > routines:OPENSSL_internal:SSL_HANDSHAKE_FAILURE {code} > instead of the current ones which flood the logs: > {code:java} > 2023-09-12 00:00:25,368 [WARN ] [epollEventLoopGroup-5-5] cluster_id=3 > ip_address=10.0.0.1 PreV5Handlers.java:261 - Unknown exception in client > networking > io.netty.handler.codec.DecoderException: javax.net.ssl.SSLHandshakeException: > error:10d7:SSL routines:OPENSSL_internal:SSL_HANDSHAKE_FAILURE > at > io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:478) > at > io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:276) > at > io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379) > at > io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:365) > at > io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:357) > at > io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1410) > at > io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379) > at > io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:365) > at > io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:919) > at > io.netty.channel.epoll.AbstractEpollStreamChannel$EpollStreamUnsafe.epollInReady(AbstractEpollStreamChannel.java:795) > at > io.netty.channel.epoll.EpollEventLoop.processReady(EpollEventLoop.java:480) > at io.netty.channel.epoll.EpollEventLoop.run(EpollEventLoop.java:378) > at > io.netty.util.concurrent.SingleThreadEventExecutor$4.run(SingleThreadEventExecutor.java:989) > at > io.netty.util.internal.ThreadExecutorMap$2.run(ThreadExecutorMap.java:74) > at > io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30) > at java.base/java.lang.Thread.run(Thread.java:834) > Caused by: javax.net.ssl.SSLHandshakeException: error:10d7:SSL > routines:OPENSSL_internal:SSL_HANDSHAKE_FAILURE > at > io.netty.handler.ssl.ReferenceCountedOpenSslEngine.shutdownWithError(ReferenceCountedOpenSslEngine.java:1031) > at > io.netty.handler.ssl.ReferenceCountedOpenSslEngine.sslReadErrorResult(ReferenceCountedOpenSslEngine.java:1321) > at > io.netty.handler.ssl.ReferenceCountedOpenSslEngine.unwrap(ReferenceCountedOpenSslEngine.java:1270) > at > io.netty.handler.ssl.ReferenceCountedOpenSslEngine.unwrap(ReferenceCountedOpenSslEngine.java:1346) > at > io.netty.handler.ssl.ReferenceCountedOpenSslEngine.unwrap(ReferenceCountedOpenSslEngine.java:1389) > at > io.netty.handler.ssl.SslHandler$SslEngineType$1.unwrap(SslHandler.java:206) > at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1387) > at > io.netty.handler.ssl.SslHandler.decodeNonJdkCompatible(SslHandler.java:1294) > at io.netty.handler.ssl.SslHandler.decode(SslHandler.java:1331) > at > io.netty.handler.codec.ByteToMessageDecoder.decodeRemovalReentryProtection(ByteToMessageDecoder.java:508) > at > io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:447) > ... 15 common frames omitted {code} -- This message was sent by Atlassian Jira (v8.20.10#820010) - To
[jira] [Commented] (CASSANDRA-18839) Catch SSLHandshakeExceptions exceptions
[ https://issues.apache.org/jira/browse/CASSANDRA-18839?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17794663#comment-17794663 ] Stefan Miklosovic commented on CASSANDRA-18839: --- [~brandon.williams] I am thinking about the versions we want to see this is. Is this really happening to 4.0+? > Catch SSLHandshakeExceptions exceptions > --- > > Key: CASSANDRA-18839 > URL: https://issues.apache.org/jira/browse/CASSANDRA-18839 > Project: Cassandra > Issue Type: Improvement > Components: Messaging/Client >Reporter: Brad Schoening >Assignee: James Hu >Priority: Low > Fix For: 4.0.x, 4.1.x, 5.0 > > Time Spent: 2h 40m > Remaining Estimate: 0h > > When SSL connection errors occur, they tend to flood the log with stack > traces and lack the identity of the remote client IP. Instead, > PreV5Handlers.decode() could catch SSLHandshakeException and provide a brief, > more informative WARN level message instead of the verbose and mostly > unhelpful stack trace. > I.e., > {code:java} > [WARN ] [epollEventLoopGroup-5-5] cluster_id=3 ip_address=10.0.0.1 > PreV5Handlers.java:261 - SSLHandshakeException in client networking with peer > 10.0.0.10:9042 error:10d7:SSL > routines:OPENSSL_internal:SSL_HANDSHAKE_FAILURE {code} > instead of the current ones which flood the logs: > {code:java} > 2023-09-12 00:00:25,368 [WARN ] [epollEventLoopGroup-5-5] cluster_id=3 > ip_address=10.0.0.1 PreV5Handlers.java:261 - Unknown exception in client > networking > io.netty.handler.codec.DecoderException: javax.net.ssl.SSLHandshakeException: > error:10d7:SSL routines:OPENSSL_internal:SSL_HANDSHAKE_FAILURE > at > io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:478) > at > io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:276) > at > io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379) > at > io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:365) > at > io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:357) > at > io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1410) > at > io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379) > at > io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:365) > at > io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:919) > at > io.netty.channel.epoll.AbstractEpollStreamChannel$EpollStreamUnsafe.epollInReady(AbstractEpollStreamChannel.java:795) > at > io.netty.channel.epoll.EpollEventLoop.processReady(EpollEventLoop.java:480) > at io.netty.channel.epoll.EpollEventLoop.run(EpollEventLoop.java:378) > at > io.netty.util.concurrent.SingleThreadEventExecutor$4.run(SingleThreadEventExecutor.java:989) > at > io.netty.util.internal.ThreadExecutorMap$2.run(ThreadExecutorMap.java:74) > at > io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30) > at java.base/java.lang.Thread.run(Thread.java:834) > Caused by: javax.net.ssl.SSLHandshakeException: error:10d7:SSL > routines:OPENSSL_internal:SSL_HANDSHAKE_FAILURE > at > io.netty.handler.ssl.ReferenceCountedOpenSslEngine.shutdownWithError(ReferenceCountedOpenSslEngine.java:1031) > at > io.netty.handler.ssl.ReferenceCountedOpenSslEngine.sslReadErrorResult(ReferenceCountedOpenSslEngine.java:1321) > at > io.netty.handler.ssl.ReferenceCountedOpenSslEngine.unwrap(ReferenceCountedOpenSslEngine.java:1270) > at > io.netty.handler.ssl.ReferenceCountedOpenSslEngine.unwrap(ReferenceCountedOpenSslEngine.java:1346) > at > io.netty.handler.ssl.ReferenceCountedOpenSslEngine.unwrap(ReferenceCountedOpenSslEngine.java:1389) > at > io.netty.handler.ssl.SslHandler$SslEngineType$1.unwrap(SslHandler.java:206) > at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1387) > at > io.netty.handler.ssl.SslHandler.decodeNonJdkCompatible(SslHandler.java:1294) > at io.netty.handler.ssl.SslHandler.decode(SslHandler.java:1331) > at > io.netty.handler.codec.ByteToMessageDecoder.decodeRemovalReentryProtection(ByteToMessageDecoder.java:508) > at > io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:447) > ... 15 common frames omitted {code} -- This message was sent by Atlassian Jira (v8.20.10#820010) - To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail:
[jira] [Commented] (CASSANDRA-18839) Catch SSLHandshakeExceptions exceptions
[ https://issues.apache.org/jira/browse/CASSANDRA-18839?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17794446#comment-17794446 ] Stefan Miklosovic commented on CASSANDRA-18839: --- Thank you for your contribution! I am running the builds for trunk. > Catch SSLHandshakeExceptions exceptions > --- > > Key: CASSANDRA-18839 > URL: https://issues.apache.org/jira/browse/CASSANDRA-18839 > Project: Cassandra > Issue Type: Improvement > Components: Messaging/Client >Reporter: Brad Schoening >Assignee: James Hu >Priority: Low > Fix For: 4.0.x, 4.1.x, 5.0 > > Time Spent: 1.5h > Remaining Estimate: 0h > > When SSL connection errors occur, they tend to flood the log with stack > traces and lack the identity of the remote client IP. Instead, > PreV5Handlers.decode() could catch SSLHandshakeException and provide a brief, > more informative WARN level message instead of the verbose and mostly > unhelpful stack trace. > I.e., > {code:java} > [WARN ] [epollEventLoopGroup-5-5] cluster_id=3 ip_address=10.0.0.1 > PreV5Handlers.java:261 - SSLHandshakeException in client networking with peer > 10.0.0.10:9042 error:10d7:SSL > routines:OPENSSL_internal:SSL_HANDSHAKE_FAILURE {code} > instead of the current ones which flood the logs: > {code:java} > 2023-09-12 00:00:25,368 [WARN ] [epollEventLoopGroup-5-5] cluster_id=3 > ip_address=10.0.0.1 PreV5Handlers.java:261 - Unknown exception in client > networking > io.netty.handler.codec.DecoderException: javax.net.ssl.SSLHandshakeException: > error:10d7:SSL routines:OPENSSL_internal:SSL_HANDSHAKE_FAILURE > at > io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:478) > at > io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:276) > at > io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379) > at > io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:365) > at > io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:357) > at > io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1410) > at > io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379) > at > io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:365) > at > io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:919) > at > io.netty.channel.epoll.AbstractEpollStreamChannel$EpollStreamUnsafe.epollInReady(AbstractEpollStreamChannel.java:795) > at > io.netty.channel.epoll.EpollEventLoop.processReady(EpollEventLoop.java:480) > at io.netty.channel.epoll.EpollEventLoop.run(EpollEventLoop.java:378) > at > io.netty.util.concurrent.SingleThreadEventExecutor$4.run(SingleThreadEventExecutor.java:989) > at > io.netty.util.internal.ThreadExecutorMap$2.run(ThreadExecutorMap.java:74) > at > io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30) > at java.base/java.lang.Thread.run(Thread.java:834) > Caused by: javax.net.ssl.SSLHandshakeException: error:10d7:SSL > routines:OPENSSL_internal:SSL_HANDSHAKE_FAILURE > at > io.netty.handler.ssl.ReferenceCountedOpenSslEngine.shutdownWithError(ReferenceCountedOpenSslEngine.java:1031) > at > io.netty.handler.ssl.ReferenceCountedOpenSslEngine.sslReadErrorResult(ReferenceCountedOpenSslEngine.java:1321) > at > io.netty.handler.ssl.ReferenceCountedOpenSslEngine.unwrap(ReferenceCountedOpenSslEngine.java:1270) > at > io.netty.handler.ssl.ReferenceCountedOpenSslEngine.unwrap(ReferenceCountedOpenSslEngine.java:1346) > at > io.netty.handler.ssl.ReferenceCountedOpenSslEngine.unwrap(ReferenceCountedOpenSslEngine.java:1389) > at > io.netty.handler.ssl.SslHandler$SslEngineType$1.unwrap(SslHandler.java:206) > at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1387) > at > io.netty.handler.ssl.SslHandler.decodeNonJdkCompatible(SslHandler.java:1294) > at io.netty.handler.ssl.SslHandler.decode(SslHandler.java:1331) > at > io.netty.handler.codec.ByteToMessageDecoder.decodeRemovalReentryProtection(ByteToMessageDecoder.java:508) > at > io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:447) > ... 15 common frames omitted {code} -- This message was sent by Atlassian Jira (v8.20.10#820010) - To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org
[jira] [Commented] (CASSANDRA-18839) Catch SSLHandshakeExceptions exceptions
[ https://issues.apache.org/jira/browse/CASSANDRA-18839?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17793460#comment-17793460 ] James Hu commented on CASSANDRA-18839: -- The closest thing i found was org.apache.cassandra.net.HandshakeTest, though it does not seem to trigger this specific exception (I used -tls1_1 to trigger the exception). I'm not familiar with using SSL in Java, but can try look for some way to add a test if necessary. > Catch SSLHandshakeExceptions exceptions > --- > > Key: CASSANDRA-18839 > URL: https://issues.apache.org/jira/browse/CASSANDRA-18839 > Project: Cassandra > Issue Type: Improvement > Components: Messaging/Client >Reporter: Brad Schoening >Assignee: James Hu >Priority: Low > Fix For: 4.0.x, 4.1.x, 5.0 > > Time Spent: 50m > Remaining Estimate: 0h > > When SSL connection errors occur, they tend to flood the log with stack > traces and lack the identity of the remote client IP. Instead, > PreV5Handlers.decode() could catch SSLHandshakeException and provide a brief, > more informative WARN level message instead of the verbose and mostly > unhelpful stack trace. > I.e., > {code:java} > [WARN ] [epollEventLoopGroup-5-5] cluster_id=3 ip_address=10.0.0.1 > PreV5Handlers.java:261 - SSLHandshakeException in client networking with peer > 10.0.0.10:9042 error:10d7:SSL > routines:OPENSSL_internal:SSL_HANDSHAKE_FAILURE {code} > instead of the current ones which flood the logs: > {code:java} > 2023-09-12 00:00:25,368 [WARN ] [epollEventLoopGroup-5-5] cluster_id=3 > ip_address=10.0.0.1 PreV5Handlers.java:261 - Unknown exception in client > networking > io.netty.handler.codec.DecoderException: javax.net.ssl.SSLHandshakeException: > error:10d7:SSL routines:OPENSSL_internal:SSL_HANDSHAKE_FAILURE > at > io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:478) > at > io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:276) > at > io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379) > at > io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:365) > at > io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:357) > at > io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1410) > at > io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379) > at > io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:365) > at > io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:919) > at > io.netty.channel.epoll.AbstractEpollStreamChannel$EpollStreamUnsafe.epollInReady(AbstractEpollStreamChannel.java:795) > at > io.netty.channel.epoll.EpollEventLoop.processReady(EpollEventLoop.java:480) > at io.netty.channel.epoll.EpollEventLoop.run(EpollEventLoop.java:378) > at > io.netty.util.concurrent.SingleThreadEventExecutor$4.run(SingleThreadEventExecutor.java:989) > at > io.netty.util.internal.ThreadExecutorMap$2.run(ThreadExecutorMap.java:74) > at > io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30) > at java.base/java.lang.Thread.run(Thread.java:834) > Caused by: javax.net.ssl.SSLHandshakeException: error:10d7:SSL > routines:OPENSSL_internal:SSL_HANDSHAKE_FAILURE > at > io.netty.handler.ssl.ReferenceCountedOpenSslEngine.shutdownWithError(ReferenceCountedOpenSslEngine.java:1031) > at > io.netty.handler.ssl.ReferenceCountedOpenSslEngine.sslReadErrorResult(ReferenceCountedOpenSslEngine.java:1321) > at > io.netty.handler.ssl.ReferenceCountedOpenSslEngine.unwrap(ReferenceCountedOpenSslEngine.java:1270) > at > io.netty.handler.ssl.ReferenceCountedOpenSslEngine.unwrap(ReferenceCountedOpenSslEngine.java:1346) > at > io.netty.handler.ssl.ReferenceCountedOpenSslEngine.unwrap(ReferenceCountedOpenSslEngine.java:1389) > at > io.netty.handler.ssl.SslHandler$SslEngineType$1.unwrap(SslHandler.java:206) > at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1387) > at > io.netty.handler.ssl.SslHandler.decodeNonJdkCompatible(SslHandler.java:1294) > at io.netty.handler.ssl.SslHandler.decode(SslHandler.java:1331) > at > io.netty.handler.codec.ByteToMessageDecoder.decodeRemovalReentryProtection(ByteToMessageDecoder.java:508) > at > io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:447) > ... 15 common frames omitted {code} -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (CASSANDRA-18839) Catch SSLHandshakeExceptions exceptions
[ https://issues.apache.org/jira/browse/CASSANDRA-18839?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17793447#comment-17793447 ] Stefan Miklosovic commented on CASSANDRA-18839: --- Leave out the metric for now, we will get to it upon more formal review. Try to find some tests if they exist. If they do not I guess we will just go without ... I put some comment on the PR. > Catch SSLHandshakeExceptions exceptions > --- > > Key: CASSANDRA-18839 > URL: https://issues.apache.org/jira/browse/CASSANDRA-18839 > Project: Cassandra > Issue Type: Improvement > Components: Messaging/Client >Reporter: Brad Schoening >Assignee: James Hu >Priority: Low > Fix For: 4.0.x, 4.1.x, 5.0 > > Time Spent: 50m > Remaining Estimate: 0h > > When SSL connection errors occur, they tend to flood the log with stack > traces and lack the identity of the remote client IP. Instead, > PreV5Handlers.decode() could catch SSLHandshakeException and provide a brief, > more informative WARN level message instead of the verbose and mostly > unhelpful stack trace. > I.e., > {code:java} > [WARN ] [epollEventLoopGroup-5-5] cluster_id=3 ip_address=10.0.0.1 > PreV5Handlers.java:261 - SSLHandshakeException in client networking with peer > 10.0.0.10:9042 error:10d7:SSL > routines:OPENSSL_internal:SSL_HANDSHAKE_FAILURE {code} > instead of the current ones which flood the logs: > {code:java} > 2023-09-12 00:00:25,368 [WARN ] [epollEventLoopGroup-5-5] cluster_id=3 > ip_address=10.0.0.1 PreV5Handlers.java:261 - Unknown exception in client > networking > io.netty.handler.codec.DecoderException: javax.net.ssl.SSLHandshakeException: > error:10d7:SSL routines:OPENSSL_internal:SSL_HANDSHAKE_FAILURE > at > io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:478) > at > io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:276) > at > io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379) > at > io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:365) > at > io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:357) > at > io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1410) > at > io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379) > at > io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:365) > at > io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:919) > at > io.netty.channel.epoll.AbstractEpollStreamChannel$EpollStreamUnsafe.epollInReady(AbstractEpollStreamChannel.java:795) > at > io.netty.channel.epoll.EpollEventLoop.processReady(EpollEventLoop.java:480) > at io.netty.channel.epoll.EpollEventLoop.run(EpollEventLoop.java:378) > at > io.netty.util.concurrent.SingleThreadEventExecutor$4.run(SingleThreadEventExecutor.java:989) > at > io.netty.util.internal.ThreadExecutorMap$2.run(ThreadExecutorMap.java:74) > at > io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30) > at java.base/java.lang.Thread.run(Thread.java:834) > Caused by: javax.net.ssl.SSLHandshakeException: error:10d7:SSL > routines:OPENSSL_internal:SSL_HANDSHAKE_FAILURE > at > io.netty.handler.ssl.ReferenceCountedOpenSslEngine.shutdownWithError(ReferenceCountedOpenSslEngine.java:1031) > at > io.netty.handler.ssl.ReferenceCountedOpenSslEngine.sslReadErrorResult(ReferenceCountedOpenSslEngine.java:1321) > at > io.netty.handler.ssl.ReferenceCountedOpenSslEngine.unwrap(ReferenceCountedOpenSslEngine.java:1270) > at > io.netty.handler.ssl.ReferenceCountedOpenSslEngine.unwrap(ReferenceCountedOpenSslEngine.java:1346) > at > io.netty.handler.ssl.ReferenceCountedOpenSslEngine.unwrap(ReferenceCountedOpenSslEngine.java:1389) > at > io.netty.handler.ssl.SslHandler$SslEngineType$1.unwrap(SslHandler.java:206) > at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1387) > at > io.netty.handler.ssl.SslHandler.decodeNonJdkCompatible(SslHandler.java:1294) > at io.netty.handler.ssl.SslHandler.decode(SslHandler.java:1331) > at > io.netty.handler.codec.ByteToMessageDecoder.decodeRemovalReentryProtection(ByteToMessageDecoder.java:508) > at > io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:447) > ... 15 common frames omitted {code} -- This message was sent by Atlassian Jira (v8.20.10#820010) - To unsubscribe, e-mail:
[jira] [Commented] (CASSANDRA-18839) Catch SSLHandshakeExceptions exceptions
[ https://issues.apache.org/jira/browse/CASSANDRA-18839?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17793130#comment-17793130 ] Maxwell Guo commented on CASSANDRA-18839: - I'm not particularly insistent on adding one more metric for this exception. I just saw [protocolException|https://github.com/apache/cassandra/blob/trunk/src/java/org/apache/cassandra/metrics/ClientMetrics.java#L51] and mentioned it by the way. we can also put it into unknownException, if my review was accepted. :D > Catch SSLHandshakeExceptions exceptions > --- > > Key: CASSANDRA-18839 > URL: https://issues.apache.org/jira/browse/CASSANDRA-18839 > Project: Cassandra > Issue Type: Improvement > Components: Messaging/Client >Reporter: Brad Schoening >Assignee: James Hu >Priority: Low > Fix For: 4.0.x, 4.1.x, 5.0 > > Time Spent: 20m > Remaining Estimate: 0h > > When SSL connection errors occur, they tend to flood the log with stack > traces and lack the identity of the remote client IP. Instead, > PreV5Handlers.decode() could catch SSLHandshakeException and provide a brief, > more informative WARN level message instead of the verbose and mostly > unhelpful stack trace. > I.e., > {code:java} > [WARN ] [epollEventLoopGroup-5-5] cluster_id=3 ip_address=10.0.0.1 > PreV5Handlers.java:261 - SSLHandshakeException in client networking with peer > 10.0.0.10:9042 error:10d7:SSL > routines:OPENSSL_internal:SSL_HANDSHAKE_FAILURE {code} > instead of the current ones which flood the logs: > {code:java} > 2023-09-12 00:00:25,368 [WARN ] [epollEventLoopGroup-5-5] cluster_id=3 > ip_address=10.0.0.1 PreV5Handlers.java:261 - Unknown exception in client > networking > io.netty.handler.codec.DecoderException: javax.net.ssl.SSLHandshakeException: > error:10d7:SSL routines:OPENSSL_internal:SSL_HANDSHAKE_FAILURE > at > io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:478) > at > io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:276) > at > io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379) > at > io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:365) > at > io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:357) > at > io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1410) > at > io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379) > at > io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:365) > at > io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:919) > at > io.netty.channel.epoll.AbstractEpollStreamChannel$EpollStreamUnsafe.epollInReady(AbstractEpollStreamChannel.java:795) > at > io.netty.channel.epoll.EpollEventLoop.processReady(EpollEventLoop.java:480) > at io.netty.channel.epoll.EpollEventLoop.run(EpollEventLoop.java:378) > at > io.netty.util.concurrent.SingleThreadEventExecutor$4.run(SingleThreadEventExecutor.java:989) > at > io.netty.util.internal.ThreadExecutorMap$2.run(ThreadExecutorMap.java:74) > at > io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30) > at java.base/java.lang.Thread.run(Thread.java:834) > Caused by: javax.net.ssl.SSLHandshakeException: error:10d7:SSL > routines:OPENSSL_internal:SSL_HANDSHAKE_FAILURE > at > io.netty.handler.ssl.ReferenceCountedOpenSslEngine.shutdownWithError(ReferenceCountedOpenSslEngine.java:1031) > at > io.netty.handler.ssl.ReferenceCountedOpenSslEngine.sslReadErrorResult(ReferenceCountedOpenSslEngine.java:1321) > at > io.netty.handler.ssl.ReferenceCountedOpenSslEngine.unwrap(ReferenceCountedOpenSslEngine.java:1270) > at > io.netty.handler.ssl.ReferenceCountedOpenSslEngine.unwrap(ReferenceCountedOpenSslEngine.java:1346) > at > io.netty.handler.ssl.ReferenceCountedOpenSslEngine.unwrap(ReferenceCountedOpenSslEngine.java:1389) > at > io.netty.handler.ssl.SslHandler$SslEngineType$1.unwrap(SslHandler.java:206) > at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1387) > at > io.netty.handler.ssl.SslHandler.decodeNonJdkCompatible(SslHandler.java:1294) > at io.netty.handler.ssl.SslHandler.decode(SslHandler.java:1331) > at > io.netty.handler.codec.ByteToMessageDecoder.decodeRemovalReentryProtection(ByteToMessageDecoder.java:508) > at > io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:447) > ... 15 common frames omitted {code} -- This message was sent by Atlassian Jira
[jira] [Commented] (CASSANDRA-18839) Catch SSLHandshakeExceptions exceptions
[ https://issues.apache.org/jira/browse/CASSANDRA-18839?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17793126#comment-17793126 ] Brad Schoening commented on CASSANDRA-18839: [~maxwellguo] we see these exclusively from "white hat" cyber security probes ensuring disallowed ciphers and old SSL protocols are not functional. I'm not sure metrics here would be very useful. > Catch SSLHandshakeExceptions exceptions > --- > > Key: CASSANDRA-18839 > URL: https://issues.apache.org/jira/browse/CASSANDRA-18839 > Project: Cassandra > Issue Type: Improvement > Components: Messaging/Client >Reporter: Brad Schoening >Assignee: James Hu >Priority: Low > Fix For: 4.0.x, 4.1.x, 5.0 > > Time Spent: 20m > Remaining Estimate: 0h > > When SSL connection errors occur, they tend to flood the log with stack > traces and lack the identity of the remote client IP. Instead, > PreV5Handlers.decode() could catch SSLHandshakeException and provide a brief, > more informative WARN level message instead of the verbose and mostly > unhelpful stack trace. > I.e., > {code:java} > [WARN ] [epollEventLoopGroup-5-5] cluster_id=3 ip_address=10.0.0.1 > PreV5Handlers.java:261 - SSLHandshakeException in client networking with peer > 10.0.0.10:9042 error:10d7:SSL > routines:OPENSSL_internal:SSL_HANDSHAKE_FAILURE {code} > instead of the current ones which flood the logs: > {code:java} > 2023-09-12 00:00:25,368 [WARN ] [epollEventLoopGroup-5-5] cluster_id=3 > ip_address=10.0.0.1 PreV5Handlers.java:261 - Unknown exception in client > networking > io.netty.handler.codec.DecoderException: javax.net.ssl.SSLHandshakeException: > error:10d7:SSL routines:OPENSSL_internal:SSL_HANDSHAKE_FAILURE > at > io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:478) > at > io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:276) > at > io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379) > at > io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:365) > at > io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:357) > at > io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1410) > at > io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379) > at > io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:365) > at > io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:919) > at > io.netty.channel.epoll.AbstractEpollStreamChannel$EpollStreamUnsafe.epollInReady(AbstractEpollStreamChannel.java:795) > at > io.netty.channel.epoll.EpollEventLoop.processReady(EpollEventLoop.java:480) > at io.netty.channel.epoll.EpollEventLoop.run(EpollEventLoop.java:378) > at > io.netty.util.concurrent.SingleThreadEventExecutor$4.run(SingleThreadEventExecutor.java:989) > at > io.netty.util.internal.ThreadExecutorMap$2.run(ThreadExecutorMap.java:74) > at > io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30) > at java.base/java.lang.Thread.run(Thread.java:834) > Caused by: javax.net.ssl.SSLHandshakeException: error:10d7:SSL > routines:OPENSSL_internal:SSL_HANDSHAKE_FAILURE > at > io.netty.handler.ssl.ReferenceCountedOpenSslEngine.shutdownWithError(ReferenceCountedOpenSslEngine.java:1031) > at > io.netty.handler.ssl.ReferenceCountedOpenSslEngine.sslReadErrorResult(ReferenceCountedOpenSslEngine.java:1321) > at > io.netty.handler.ssl.ReferenceCountedOpenSslEngine.unwrap(ReferenceCountedOpenSslEngine.java:1270) > at > io.netty.handler.ssl.ReferenceCountedOpenSslEngine.unwrap(ReferenceCountedOpenSslEngine.java:1346) > at > io.netty.handler.ssl.ReferenceCountedOpenSslEngine.unwrap(ReferenceCountedOpenSslEngine.java:1389) > at > io.netty.handler.ssl.SslHandler$SslEngineType$1.unwrap(SslHandler.java:206) > at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1387) > at > io.netty.handler.ssl.SslHandler.decodeNonJdkCompatible(SslHandler.java:1294) > at io.netty.handler.ssl.SslHandler.decode(SslHandler.java:1331) > at > io.netty.handler.codec.ByteToMessageDecoder.decodeRemovalReentryProtection(ByteToMessageDecoder.java:508) > at > io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:447) > ... 15 common frames omitted {code} -- This message was sent by Atlassian Jira (v8.20.10#820010) - To unsubscribe, e-mail:
[jira] [Commented] (CASSANDRA-18839) Catch SSLHandshakeExceptions exceptions
[ https://issues.apache.org/jira/browse/CASSANDRA-18839?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17793083#comment-17793083 ] Maxwell Guo commented on CASSANDRA-18839: - I have left some comments , I think we can also add a metric for this exception , not only left a warn log. Besides, should we also add some test for this patch? > Catch SSLHandshakeExceptions exceptions > --- > > Key: CASSANDRA-18839 > URL: https://issues.apache.org/jira/browse/CASSANDRA-18839 > Project: Cassandra > Issue Type: Improvement > Components: Messaging/Client >Reporter: Brad Schoening >Assignee: James Hu >Priority: Low > Fix For: 4.0.x, 4.1.x, 5.0 > > Time Spent: 20m > Remaining Estimate: 0h > > When SSL connection errors occur, they tend to flood the log with stack > traces and lack the identity of the remote client IP. Instead, > PreV5Handlers.decode() could catch SSLHandshakeException and provide a brief, > more informative WARN level message instead of the verbose and mostly > unhelpful stack trace. > I.e., > {code:java} > [WARN ] [epollEventLoopGroup-5-5] cluster_id=3 ip_address=10.0.0.1 > PreV5Handlers.java:261 - SSLHandshakeException in client networking with peer > 10.0.0.10:9042 error:10d7:SSL > routines:OPENSSL_internal:SSL_HANDSHAKE_FAILURE {code} > instead of the current ones which flood the logs: > {code:java} > 2023-09-12 00:00:25,368 [WARN ] [epollEventLoopGroup-5-5] cluster_id=3 > ip_address=10.0.0.1 PreV5Handlers.java:261 - Unknown exception in client > networking > io.netty.handler.codec.DecoderException: javax.net.ssl.SSLHandshakeException: > error:10d7:SSL routines:OPENSSL_internal:SSL_HANDSHAKE_FAILURE > at > io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:478) > at > io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:276) > at > io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379) > at > io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:365) > at > io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:357) > at > io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1410) > at > io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379) > at > io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:365) > at > io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:919) > at > io.netty.channel.epoll.AbstractEpollStreamChannel$EpollStreamUnsafe.epollInReady(AbstractEpollStreamChannel.java:795) > at > io.netty.channel.epoll.EpollEventLoop.processReady(EpollEventLoop.java:480) > at io.netty.channel.epoll.EpollEventLoop.run(EpollEventLoop.java:378) > at > io.netty.util.concurrent.SingleThreadEventExecutor$4.run(SingleThreadEventExecutor.java:989) > at > io.netty.util.internal.ThreadExecutorMap$2.run(ThreadExecutorMap.java:74) > at > io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30) > at java.base/java.lang.Thread.run(Thread.java:834) > Caused by: javax.net.ssl.SSLHandshakeException: error:10d7:SSL > routines:OPENSSL_internal:SSL_HANDSHAKE_FAILURE > at > io.netty.handler.ssl.ReferenceCountedOpenSslEngine.shutdownWithError(ReferenceCountedOpenSslEngine.java:1031) > at > io.netty.handler.ssl.ReferenceCountedOpenSslEngine.sslReadErrorResult(ReferenceCountedOpenSslEngine.java:1321) > at > io.netty.handler.ssl.ReferenceCountedOpenSslEngine.unwrap(ReferenceCountedOpenSslEngine.java:1270) > at > io.netty.handler.ssl.ReferenceCountedOpenSslEngine.unwrap(ReferenceCountedOpenSslEngine.java:1346) > at > io.netty.handler.ssl.ReferenceCountedOpenSslEngine.unwrap(ReferenceCountedOpenSslEngine.java:1389) > at > io.netty.handler.ssl.SslHandler$SslEngineType$1.unwrap(SslHandler.java:206) > at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1387) > at > io.netty.handler.ssl.SslHandler.decodeNonJdkCompatible(SslHandler.java:1294) > at io.netty.handler.ssl.SslHandler.decode(SslHandler.java:1331) > at > io.netty.handler.codec.ByteToMessageDecoder.decodeRemovalReentryProtection(ByteToMessageDecoder.java:508) > at > io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:447) > ... 15 common frames omitted {code} -- This message was sent by Atlassian Jira (v8.20.10#820010) - To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For
[jira] [Commented] (CASSANDRA-18839) Catch SSLHandshakeExceptions exceptions
[ https://issues.apache.org/jira/browse/CASSANDRA-18839?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17793076#comment-17793076 ] James Hu commented on CASSANDRA-18839: -- [~stefan.miklosovic] Bump > Catch SSLHandshakeExceptions exceptions > --- > > Key: CASSANDRA-18839 > URL: https://issues.apache.org/jira/browse/CASSANDRA-18839 > Project: Cassandra > Issue Type: Improvement > Components: Messaging/Client >Reporter: Brad Schoening >Assignee: James Hu >Priority: Low > Fix For: 4.0.x, 4.1.x, 5.0 > > Time Spent: 10m > Remaining Estimate: 0h > > When SSL connection errors occur, they tend to flood the log with stack > traces and lack the identity of the remote client IP. Instead, > PreV5Handlers.decode() could catch SSLHandshakeException and provide a brief, > more informative WARN level message instead of the verbose and mostly > unhelpful stack trace. > I.e., > {code:java} > [WARN ] [epollEventLoopGroup-5-5] cluster_id=3 ip_address=10.0.0.1 > PreV5Handlers.java:261 - SSLHandshakeException in client networking with peer > 10.0.0.10:9042 error:10d7:SSL > routines:OPENSSL_internal:SSL_HANDSHAKE_FAILURE {code} > instead of the current ones which flood the logs: > {code:java} > 2023-09-12 00:00:25,368 [WARN ] [epollEventLoopGroup-5-5] cluster_id=3 > ip_address=10.0.0.1 PreV5Handlers.java:261 - Unknown exception in client > networking > io.netty.handler.codec.DecoderException: javax.net.ssl.SSLHandshakeException: > error:10d7:SSL routines:OPENSSL_internal:SSL_HANDSHAKE_FAILURE > at > io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:478) > at > io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:276) > at > io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379) > at > io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:365) > at > io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:357) > at > io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1410) > at > io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379) > at > io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:365) > at > io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:919) > at > io.netty.channel.epoll.AbstractEpollStreamChannel$EpollStreamUnsafe.epollInReady(AbstractEpollStreamChannel.java:795) > at > io.netty.channel.epoll.EpollEventLoop.processReady(EpollEventLoop.java:480) > at io.netty.channel.epoll.EpollEventLoop.run(EpollEventLoop.java:378) > at > io.netty.util.concurrent.SingleThreadEventExecutor$4.run(SingleThreadEventExecutor.java:989) > at > io.netty.util.internal.ThreadExecutorMap$2.run(ThreadExecutorMap.java:74) > at > io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30) > at java.base/java.lang.Thread.run(Thread.java:834) > Caused by: javax.net.ssl.SSLHandshakeException: error:10d7:SSL > routines:OPENSSL_internal:SSL_HANDSHAKE_FAILURE > at > io.netty.handler.ssl.ReferenceCountedOpenSslEngine.shutdownWithError(ReferenceCountedOpenSslEngine.java:1031) > at > io.netty.handler.ssl.ReferenceCountedOpenSslEngine.sslReadErrorResult(ReferenceCountedOpenSslEngine.java:1321) > at > io.netty.handler.ssl.ReferenceCountedOpenSslEngine.unwrap(ReferenceCountedOpenSslEngine.java:1270) > at > io.netty.handler.ssl.ReferenceCountedOpenSslEngine.unwrap(ReferenceCountedOpenSslEngine.java:1346) > at > io.netty.handler.ssl.ReferenceCountedOpenSslEngine.unwrap(ReferenceCountedOpenSslEngine.java:1389) > at > io.netty.handler.ssl.SslHandler$SslEngineType$1.unwrap(SslHandler.java:206) > at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1387) > at > io.netty.handler.ssl.SslHandler.decodeNonJdkCompatible(SslHandler.java:1294) > at io.netty.handler.ssl.SslHandler.decode(SslHandler.java:1331) > at > io.netty.handler.codec.ByteToMessageDecoder.decodeRemovalReentryProtection(ByteToMessageDecoder.java:508) > at > io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:447) > ... 15 common frames omitted {code} -- This message was sent by Atlassian Jira (v8.20.10#820010) - To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org
[jira] [Commented] (CASSANDRA-18839) Catch SSLHandshakeExceptions exceptions
[ https://issues.apache.org/jira/browse/CASSANDRA-18839?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17790344#comment-17790344 ] James Hu commented on CASSANDRA-18839: -- CircleCI link: https://app.circleci.com/pipelines/github/jameshu15869/cassandra?branch=CASSANDRA-18839 > Catch SSLHandshakeExceptions exceptions > --- > > Key: CASSANDRA-18839 > URL: https://issues.apache.org/jira/browse/CASSANDRA-18839 > Project: Cassandra > Issue Type: Improvement > Components: Messaging/Client >Reporter: Brad Schoening >Assignee: James Hu >Priority: Low > Fix For: 4.0.x, 4.1.x, 5.0 > > Time Spent: 10m > Remaining Estimate: 0h > > When SSL connection errors occur, they tend to flood the log with stack > traces and lack the identity of the remote client IP. Instead, > PreV5Handlers.decode() could catch SSLHandshakeException and provide a brief, > more informative WARN level message instead of the verbose and mostly > unhelpful stack trace. > I.e., > {code:java} > [WARN ] [epollEventLoopGroup-5-5] cluster_id=3 ip_address=10.0.0.1 > PreV5Handlers.java:261 - SSLHandshakeException in client networking with peer > 10.0.0.10:9042 error:10d7:SSL > routines:OPENSSL_internal:SSL_HANDSHAKE_FAILURE {code} > instead of the current ones which flood the logs: > {code:java} > 2023-09-12 00:00:25,368 [WARN ] [epollEventLoopGroup-5-5] cluster_id=3 > ip_address=10.0.0.1 PreV5Handlers.java:261 - Unknown exception in client > networking > io.netty.handler.codec.DecoderException: javax.net.ssl.SSLHandshakeException: > error:10d7:SSL routines:OPENSSL_internal:SSL_HANDSHAKE_FAILURE > at > io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:478) > at > io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:276) > at > io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379) > at > io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:365) > at > io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:357) > at > io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1410) > at > io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379) > at > io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:365) > at > io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:919) > at > io.netty.channel.epoll.AbstractEpollStreamChannel$EpollStreamUnsafe.epollInReady(AbstractEpollStreamChannel.java:795) > at > io.netty.channel.epoll.EpollEventLoop.processReady(EpollEventLoop.java:480) > at io.netty.channel.epoll.EpollEventLoop.run(EpollEventLoop.java:378) > at > io.netty.util.concurrent.SingleThreadEventExecutor$4.run(SingleThreadEventExecutor.java:989) > at > io.netty.util.internal.ThreadExecutorMap$2.run(ThreadExecutorMap.java:74) > at > io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30) > at java.base/java.lang.Thread.run(Thread.java:834) > Caused by: javax.net.ssl.SSLHandshakeException: error:10d7:SSL > routines:OPENSSL_internal:SSL_HANDSHAKE_FAILURE > at > io.netty.handler.ssl.ReferenceCountedOpenSslEngine.shutdownWithError(ReferenceCountedOpenSslEngine.java:1031) > at > io.netty.handler.ssl.ReferenceCountedOpenSslEngine.sslReadErrorResult(ReferenceCountedOpenSslEngine.java:1321) > at > io.netty.handler.ssl.ReferenceCountedOpenSslEngine.unwrap(ReferenceCountedOpenSslEngine.java:1270) > at > io.netty.handler.ssl.ReferenceCountedOpenSslEngine.unwrap(ReferenceCountedOpenSslEngine.java:1346) > at > io.netty.handler.ssl.ReferenceCountedOpenSslEngine.unwrap(ReferenceCountedOpenSslEngine.java:1389) > at > io.netty.handler.ssl.SslHandler$SslEngineType$1.unwrap(SslHandler.java:206) > at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1387) > at > io.netty.handler.ssl.SslHandler.decodeNonJdkCompatible(SslHandler.java:1294) > at io.netty.handler.ssl.SslHandler.decode(SslHandler.java:1331) > at > io.netty.handler.codec.ByteToMessageDecoder.decodeRemovalReentryProtection(ByteToMessageDecoder.java:508) > at > io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:447) > ... 15 common frames omitted {code} -- This message was sent by Atlassian Jira (v8.20.10#820010) - To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org
[jira] [Commented] (CASSANDRA-18839) Catch SSLHandshakeExceptions exceptions
[ https://issues.apache.org/jira/browse/CASSANDRA-18839?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17789907#comment-17789907 ] Brad Schoening commented on CASSANDRA-18839: [~jameshu15869] that's great. Branch patches are fairly easy, but let's start with CI on trunk (5.x). [~stefan.miklosovic] may be able to kick that off. > Catch SSLHandshakeExceptions exceptions > --- > > Key: CASSANDRA-18839 > URL: https://issues.apache.org/jira/browse/CASSANDRA-18839 > Project: Cassandra > Issue Type: Improvement > Components: Messaging/Client >Reporter: Brad Schoening >Assignee: James Hu >Priority: Low > Fix For: 4.0.x, 4.1.x, 5.0 > > Time Spent: 10m > Remaining Estimate: 0h > > When SSL connection errors occur, they tend to flood the log with stack > traces and lack the identity of the remote client IP. Instead, > PreV5Handlers.decode() could catch SSLHandshakeException and provide a brief, > more informative WARN level message instead of the verbose and mostly > unhelpful stack trace. > I.e., > {code:java} > [WARN ] [epollEventLoopGroup-5-5] cluster_id=3 ip_address=10.0.0.1 > PreV5Handlers.java:261 - SSLHandshakeException in client networking with peer > 10.0.0.10:9042 error:10d7:SSL > routines:OPENSSL_internal:SSL_HANDSHAKE_FAILURE {code} > instead of the current ones which flood the logs: > {code:java} > 2023-09-12 00:00:25,368 [WARN ] [epollEventLoopGroup-5-5] cluster_id=3 > ip_address=10.0.0.1 PreV5Handlers.java:261 - Unknown exception in client > networking > io.netty.handler.codec.DecoderException: javax.net.ssl.SSLHandshakeException: > error:10d7:SSL routines:OPENSSL_internal:SSL_HANDSHAKE_FAILURE > at > io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:478) > at > io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:276) > at > io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379) > at > io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:365) > at > io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:357) > at > io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1410) > at > io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379) > at > io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:365) > at > io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:919) > at > io.netty.channel.epoll.AbstractEpollStreamChannel$EpollStreamUnsafe.epollInReady(AbstractEpollStreamChannel.java:795) > at > io.netty.channel.epoll.EpollEventLoop.processReady(EpollEventLoop.java:480) > at io.netty.channel.epoll.EpollEventLoop.run(EpollEventLoop.java:378) > at > io.netty.util.concurrent.SingleThreadEventExecutor$4.run(SingleThreadEventExecutor.java:989) > at > io.netty.util.internal.ThreadExecutorMap$2.run(ThreadExecutorMap.java:74) > at > io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30) > at java.base/java.lang.Thread.run(Thread.java:834) > Caused by: javax.net.ssl.SSLHandshakeException: error:10d7:SSL > routines:OPENSSL_internal:SSL_HANDSHAKE_FAILURE > at > io.netty.handler.ssl.ReferenceCountedOpenSslEngine.shutdownWithError(ReferenceCountedOpenSslEngine.java:1031) > at > io.netty.handler.ssl.ReferenceCountedOpenSslEngine.sslReadErrorResult(ReferenceCountedOpenSslEngine.java:1321) > at > io.netty.handler.ssl.ReferenceCountedOpenSslEngine.unwrap(ReferenceCountedOpenSslEngine.java:1270) > at > io.netty.handler.ssl.ReferenceCountedOpenSslEngine.unwrap(ReferenceCountedOpenSslEngine.java:1346) > at > io.netty.handler.ssl.ReferenceCountedOpenSslEngine.unwrap(ReferenceCountedOpenSslEngine.java:1389) > at > io.netty.handler.ssl.SslHandler$SslEngineType$1.unwrap(SslHandler.java:206) > at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1387) > at > io.netty.handler.ssl.SslHandler.decodeNonJdkCompatible(SslHandler.java:1294) > at io.netty.handler.ssl.SslHandler.decode(SslHandler.java:1331) > at > io.netty.handler.codec.ByteToMessageDecoder.decodeRemovalReentryProtection(ByteToMessageDecoder.java:508) > at > io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:447) > ... 15 common frames omitted {code} -- This message was sent by Atlassian Jira (v8.20.10#820010) - To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For
[jira] [Commented] (CASSANDRA-18839) Catch SSLHandshakeExceptions exceptions
[ https://issues.apache.org/jira/browse/CASSANDRA-18839?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17789834#comment-17789834 ] James Hu commented on CASSANDRA-18839: -- [~bschoeni] Please disregard my last message, I realized I was trying to catch the exception in the totally incorrect place. Now I'm getting the desired output: {code:java} WARN [epollEventLoopGroup-5-3] 2023-11-26 14:16:12,279 PreV5Handlers.java:336 - SSLException in client networking with peer /127.0.0.1:51212 io.netty.handler.ssl.ReferenceCountedOpenSslEngine$OpenSslHandshakeException: error:142e:SSL routines:OPENSSL_internal:TLSV1_ALERT_PROTOCOL_VERSION {code} I'm not familiar with how to do branch patches. Should I just open separate PRs into 5.0, 4.0, and 4.1? In addition, are CircleCI tests run automatically for each PR? The page on the Cassandra page is a little unclear > Catch SSLHandshakeExceptions exceptions > --- > > Key: CASSANDRA-18839 > URL: https://issues.apache.org/jira/browse/CASSANDRA-18839 > Project: Cassandra > Issue Type: Improvement > Components: Messaging/Client >Reporter: Brad Schoening >Assignee: James Hu >Priority: Low > Fix For: 4.0.x, 4.1.x, 5.0 > > Time Spent: 10m > Remaining Estimate: 0h > > When SSL connection errors occur, they tend to flood the log with stack > traces and lack the identity of the remote client IP. Instead, > PreV5Handlers.decode() could catch SSLHandshakeException and provide a brief, > more informative WARN level message instead of the verbose and mostly > unhelpful stack trace. > I.e., > {code:java} > [WARN ] [epollEventLoopGroup-5-5] cluster_id=3 ip_address=10.0.0.1 > PreV5Handlers.java:261 - SSLHandshakeException in client networking with peer > 10.0.0.10:9042 error:10d7:SSL > routines:OPENSSL_internal:SSL_HANDSHAKE_FAILURE {code} > instead of the current ones which flood the logs: > {code:java} > 2023-09-12 00:00:25,368 [WARN ] [epollEventLoopGroup-5-5] cluster_id=3 > ip_address=10.0.0.1 PreV5Handlers.java:261 - Unknown exception in client > networking > io.netty.handler.codec.DecoderException: javax.net.ssl.SSLHandshakeException: > error:10d7:SSL routines:OPENSSL_internal:SSL_HANDSHAKE_FAILURE > at > io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:478) > at > io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:276) > at > io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379) > at > io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:365) > at > io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:357) > at > io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1410) > at > io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379) > at > io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:365) > at > io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:919) > at > io.netty.channel.epoll.AbstractEpollStreamChannel$EpollStreamUnsafe.epollInReady(AbstractEpollStreamChannel.java:795) > at > io.netty.channel.epoll.EpollEventLoop.processReady(EpollEventLoop.java:480) > at io.netty.channel.epoll.EpollEventLoop.run(EpollEventLoop.java:378) > at > io.netty.util.concurrent.SingleThreadEventExecutor$4.run(SingleThreadEventExecutor.java:989) > at > io.netty.util.internal.ThreadExecutorMap$2.run(ThreadExecutorMap.java:74) > at > io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30) > at java.base/java.lang.Thread.run(Thread.java:834) > Caused by: javax.net.ssl.SSLHandshakeException: error:10d7:SSL > routines:OPENSSL_internal:SSL_HANDSHAKE_FAILURE > at > io.netty.handler.ssl.ReferenceCountedOpenSslEngine.shutdownWithError(ReferenceCountedOpenSslEngine.java:1031) > at > io.netty.handler.ssl.ReferenceCountedOpenSslEngine.sslReadErrorResult(ReferenceCountedOpenSslEngine.java:1321) > at > io.netty.handler.ssl.ReferenceCountedOpenSslEngine.unwrap(ReferenceCountedOpenSslEngine.java:1270) > at > io.netty.handler.ssl.ReferenceCountedOpenSslEngine.unwrap(ReferenceCountedOpenSslEngine.java:1346) > at > io.netty.handler.ssl.ReferenceCountedOpenSslEngine.unwrap(ReferenceCountedOpenSslEngine.java:1389) > at > io.netty.handler.ssl.SslHandler$SslEngineType$1.unwrap(SslHandler.java:206) > at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1387) > at > io.netty.handler.ssl.SslHandler.decodeNonJdkCompatible(SslHandler.java:1294)
[jira] [Commented] (CASSANDRA-18839) Catch SSLHandshakeExceptions exceptions
[ https://issues.apache.org/jira/browse/CASSANDRA-18839?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17789816#comment-17789816 ] James Hu commented on CASSANDRA-18839: -- [~bschoeni] Yes, I'm currently running with enabled = true and optional = true. I am using a sample keystore and truststore from the test directory since Cassandra would throw errors without passing a keystore. > Catch SSLHandshakeExceptions exceptions > --- > > Key: CASSANDRA-18839 > URL: https://issues.apache.org/jira/browse/CASSANDRA-18839 > Project: Cassandra > Issue Type: Improvement > Components: Messaging/Client >Reporter: Brad Schoening >Assignee: James Hu >Priority: Low > Fix For: 4.0.x, 4.1.x, 5.0 > > Time Spent: 10m > Remaining Estimate: 0h > > When SSL connection errors occur, they tend to flood the log with stack > traces and lack the identity of the remote client IP. Instead, > PreV5Handlers.decode() could catch SSLHandshakeException and provide a brief, > more informative WARN level message instead of the verbose and mostly > unhelpful stack trace. > I.e., > {code:java} > [WARN ] [epollEventLoopGroup-5-5] cluster_id=3 ip_address=10.0.0.1 > PreV5Handlers.java:261 - SSLHandshakeException in client networking with peer > 10.0.0.10:9042 error:10d7:SSL > routines:OPENSSL_internal:SSL_HANDSHAKE_FAILURE {code} > instead of the current ones which flood the logs: > {code:java} > 2023-09-12 00:00:25,368 [WARN ] [epollEventLoopGroup-5-5] cluster_id=3 > ip_address=10.0.0.1 PreV5Handlers.java:261 - Unknown exception in client > networking > io.netty.handler.codec.DecoderException: javax.net.ssl.SSLHandshakeException: > error:10d7:SSL routines:OPENSSL_internal:SSL_HANDSHAKE_FAILURE > at > io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:478) > at > io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:276) > at > io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379) > at > io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:365) > at > io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:357) > at > io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1410) > at > io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379) > at > io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:365) > at > io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:919) > at > io.netty.channel.epoll.AbstractEpollStreamChannel$EpollStreamUnsafe.epollInReady(AbstractEpollStreamChannel.java:795) > at > io.netty.channel.epoll.EpollEventLoop.processReady(EpollEventLoop.java:480) > at io.netty.channel.epoll.EpollEventLoop.run(EpollEventLoop.java:378) > at > io.netty.util.concurrent.SingleThreadEventExecutor$4.run(SingleThreadEventExecutor.java:989) > at > io.netty.util.internal.ThreadExecutorMap$2.run(ThreadExecutorMap.java:74) > at > io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30) > at java.base/java.lang.Thread.run(Thread.java:834) > Caused by: javax.net.ssl.SSLHandshakeException: error:10d7:SSL > routines:OPENSSL_internal:SSL_HANDSHAKE_FAILURE > at > io.netty.handler.ssl.ReferenceCountedOpenSslEngine.shutdownWithError(ReferenceCountedOpenSslEngine.java:1031) > at > io.netty.handler.ssl.ReferenceCountedOpenSslEngine.sslReadErrorResult(ReferenceCountedOpenSslEngine.java:1321) > at > io.netty.handler.ssl.ReferenceCountedOpenSslEngine.unwrap(ReferenceCountedOpenSslEngine.java:1270) > at > io.netty.handler.ssl.ReferenceCountedOpenSslEngine.unwrap(ReferenceCountedOpenSslEngine.java:1346) > at > io.netty.handler.ssl.ReferenceCountedOpenSslEngine.unwrap(ReferenceCountedOpenSslEngine.java:1389) > at > io.netty.handler.ssl.SslHandler$SslEngineType$1.unwrap(SslHandler.java:206) > at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1387) > at > io.netty.handler.ssl.SslHandler.decodeNonJdkCompatible(SslHandler.java:1294) > at io.netty.handler.ssl.SslHandler.decode(SslHandler.java:1331) > at > io.netty.handler.codec.ByteToMessageDecoder.decodeRemovalReentryProtection(ByteToMessageDecoder.java:508) > at > io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:447) > ... 15 common frames omitted {code} -- This message was sent by Atlassian Jira (v8.20.10#820010) - To unsubscribe, e-mail:
[jira] [Commented] (CASSANDRA-18839) Catch SSLHandshakeExceptions exceptions
[ https://issues.apache.org/jira/browse/CASSANDRA-18839?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17789815#comment-17789815 ] Brad Schoening commented on CASSANDRA-18839: [~jameshu15869] did you configure your cassandra.yaml with SSL in [client_encryption_options title|https://cassandra.apache.org/doc/3.11/cassandra/operating/security.html#client-to-node-encryption]? > Catch SSLHandshakeExceptions exceptions > --- > > Key: CASSANDRA-18839 > URL: https://issues.apache.org/jira/browse/CASSANDRA-18839 > Project: Cassandra > Issue Type: Improvement > Components: Messaging/Client >Reporter: Brad Schoening >Assignee: James Hu >Priority: Low > Fix For: 4.0.x, 4.1.x, 5.0 > > Time Spent: 10m > Remaining Estimate: 0h > > When SSL connection errors occur, they tend to flood the log with stack > traces and lack the identity of the remote client IP. Instead, > PreV5Handlers.decode() could catch SSLHandshakeException and provide a brief, > more informative WARN level message instead of the verbose and mostly > unhelpful stack trace. > I.e., > {code:java} > [WARN ] [epollEventLoopGroup-5-5] cluster_id=3 ip_address=10.0.0.1 > PreV5Handlers.java:261 - SSLHandshakeException in client networking with peer > 10.0.0.10:9042 error:10d7:SSL > routines:OPENSSL_internal:SSL_HANDSHAKE_FAILURE {code} > instead of the current ones which flood the logs: > {code:java} > 2023-09-12 00:00:25,368 [WARN ] [epollEventLoopGroup-5-5] cluster_id=3 > ip_address=10.0.0.1 PreV5Handlers.java:261 - Unknown exception in client > networking > io.netty.handler.codec.DecoderException: javax.net.ssl.SSLHandshakeException: > error:10d7:SSL routines:OPENSSL_internal:SSL_HANDSHAKE_FAILURE > at > io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:478) > at > io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:276) > at > io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379) > at > io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:365) > at > io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:357) > at > io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1410) > at > io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379) > at > io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:365) > at > io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:919) > at > io.netty.channel.epoll.AbstractEpollStreamChannel$EpollStreamUnsafe.epollInReady(AbstractEpollStreamChannel.java:795) > at > io.netty.channel.epoll.EpollEventLoop.processReady(EpollEventLoop.java:480) > at io.netty.channel.epoll.EpollEventLoop.run(EpollEventLoop.java:378) > at > io.netty.util.concurrent.SingleThreadEventExecutor$4.run(SingleThreadEventExecutor.java:989) > at > io.netty.util.internal.ThreadExecutorMap$2.run(ThreadExecutorMap.java:74) > at > io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30) > at java.base/java.lang.Thread.run(Thread.java:834) > Caused by: javax.net.ssl.SSLHandshakeException: error:10d7:SSL > routines:OPENSSL_internal:SSL_HANDSHAKE_FAILURE > at > io.netty.handler.ssl.ReferenceCountedOpenSslEngine.shutdownWithError(ReferenceCountedOpenSslEngine.java:1031) > at > io.netty.handler.ssl.ReferenceCountedOpenSslEngine.sslReadErrorResult(ReferenceCountedOpenSslEngine.java:1321) > at > io.netty.handler.ssl.ReferenceCountedOpenSslEngine.unwrap(ReferenceCountedOpenSslEngine.java:1270) > at > io.netty.handler.ssl.ReferenceCountedOpenSslEngine.unwrap(ReferenceCountedOpenSslEngine.java:1346) > at > io.netty.handler.ssl.ReferenceCountedOpenSslEngine.unwrap(ReferenceCountedOpenSslEngine.java:1389) > at > io.netty.handler.ssl.SslHandler$SslEngineType$1.unwrap(SslHandler.java:206) > at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1387) > at > io.netty.handler.ssl.SslHandler.decodeNonJdkCompatible(SslHandler.java:1294) > at io.netty.handler.ssl.SslHandler.decode(SslHandler.java:1331) > at > io.netty.handler.codec.ByteToMessageDecoder.decodeRemovalReentryProtection(ByteToMessageDecoder.java:508) > at > io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:447) > ... 15 common frames omitted {code} -- This message was sent by Atlassian Jira (v8.20.10#820010) - To unsubscribe, e-mail:
[jira] [Commented] (CASSANDRA-18839) Catch SSLHandshakeExceptions exceptions
[ https://issues.apache.org/jira/browse/CASSANDRA-18839?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17789587#comment-17789587 ] James Hu commented on CASSANDRA-18839: -- [~bschoeni] How were you able to produce the error from the original post? I've tried changing config settings in cassandra.yaml to open SSL but hit the following exception instead of SSLException (Command: openssl s_client -connect localhost:9042 -tls1_1): {code:java} io.netty.handler.codec.DecoderException: io.netty.handler.ssl.ReferenceCountedOpenSslEngine$OpenSslHandshakeException: error:142e:SSL routines:OPENSSL_internal:TLSV1_ALERT_PROTOCOL_VERSION{code} I've tried with "openssl s_client -connect localhost:9042 -cert invalid_cert.pem -key invalid_key.pem" but Cassandra keeps saying that TLS is disabled. > Catch SSLHandshakeExceptions exceptions > --- > > Key: CASSANDRA-18839 > URL: https://issues.apache.org/jira/browse/CASSANDRA-18839 > Project: Cassandra > Issue Type: Improvement > Components: Messaging/Client >Reporter: Brad Schoening >Assignee: James Hu >Priority: Low > Fix For: 4.0.x, 4.1.x, 5.0 > > Time Spent: 10m > Remaining Estimate: 0h > > When SSL connection errors occur, they tend to flood the log with stack > traces and lack the identity of the remote client IP. Instead, > PreV5Handlers.decode() could catch SSLHandshakeException and provide a brief, > more informative WARN level message instead of the verbose and mostly > unhelpful stack trace. > I.e., > {code:java} > [WARN ] [epollEventLoopGroup-5-5] cluster_id=3 ip_address=10.0.0.1 > PreV5Handlers.java:261 - SSLHandshakeException in client networking with peer > 10.0.0.10:9042 error:10d7:SSL > routines:OPENSSL_internal:SSL_HANDSHAKE_FAILURE {code} > instead of the current ones which flood the logs: > {code:java} > 2023-09-12 00:00:25,368 [WARN ] [epollEventLoopGroup-5-5] cluster_id=3 > ip_address=10.0.0.1 PreV5Handlers.java:261 - Unknown exception in client > networking > io.netty.handler.codec.DecoderException: javax.net.ssl.SSLHandshakeException: > error:10d7:SSL routines:OPENSSL_internal:SSL_HANDSHAKE_FAILURE > at > io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:478) > at > io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:276) > at > io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379) > at > io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:365) > at > io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:357) > at > io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1410) > at > io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379) > at > io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:365) > at > io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:919) > at > io.netty.channel.epoll.AbstractEpollStreamChannel$EpollStreamUnsafe.epollInReady(AbstractEpollStreamChannel.java:795) > at > io.netty.channel.epoll.EpollEventLoop.processReady(EpollEventLoop.java:480) > at io.netty.channel.epoll.EpollEventLoop.run(EpollEventLoop.java:378) > at > io.netty.util.concurrent.SingleThreadEventExecutor$4.run(SingleThreadEventExecutor.java:989) > at > io.netty.util.internal.ThreadExecutorMap$2.run(ThreadExecutorMap.java:74) > at > io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30) > at java.base/java.lang.Thread.run(Thread.java:834) > Caused by: javax.net.ssl.SSLHandshakeException: error:10d7:SSL > routines:OPENSSL_internal:SSL_HANDSHAKE_FAILURE > at > io.netty.handler.ssl.ReferenceCountedOpenSslEngine.shutdownWithError(ReferenceCountedOpenSslEngine.java:1031) > at > io.netty.handler.ssl.ReferenceCountedOpenSslEngine.sslReadErrorResult(ReferenceCountedOpenSslEngine.java:1321) > at > io.netty.handler.ssl.ReferenceCountedOpenSslEngine.unwrap(ReferenceCountedOpenSslEngine.java:1270) > at > io.netty.handler.ssl.ReferenceCountedOpenSslEngine.unwrap(ReferenceCountedOpenSslEngine.java:1346) > at > io.netty.handler.ssl.ReferenceCountedOpenSslEngine.unwrap(ReferenceCountedOpenSslEngine.java:1389) > at > io.netty.handler.ssl.SslHandler$SslEngineType$1.unwrap(SslHandler.java:206) > at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1387) > at > io.netty.handler.ssl.SslHandler.decodeNonJdkCompatible(SslHandler.java:1294) > at io.netty.handler.ssl.SslHandler.decode(SslHandler.java:1331) >
[jira] [Commented] (CASSANDRA-18839) Catch SSLHandshakeExceptions exceptions
[ https://issues.apache.org/jira/browse/CASSANDRA-18839?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17788200#comment-17788200 ] Brad Schoening commented on CASSANDRA-18839: [~jameshu15869] looks about right. Have you been able to test it? If you connect with an invalid certificate or obsolete SSL/Cypher it should log the error. openssl s_client maybe one way to test the handshake with maybe trying _-tls1_1._ > Catch SSLHandshakeExceptions exceptions > --- > > Key: CASSANDRA-18839 > URL: https://issues.apache.org/jira/browse/CASSANDRA-18839 > Project: Cassandra > Issue Type: Improvement > Components: Messaging/Client >Reporter: Brad Schoening >Assignee: James Hu >Priority: Low > Time Spent: 10m > Remaining Estimate: 0h > > When SSL connection errors occur, they tend to flood the log with stack > traces and lack the identity of the remote client IP. Instead, > PreV5Handlers.decode() could catch SSLHandshakeException and provide a brief, > more informative WARN level message instead of the verbose and mostly > unhelpful stack trace. > I.e., > {code:java} > [WARN ] [epollEventLoopGroup-5-5] cluster_id=3 ip_address=10.0.0.1 > PreV5Handlers.java:261 - SSLHandshakeException in client networking with peer > 10.0.0.10:9042 error:10d7:SSL > routines:OPENSSL_internal:SSL_HANDSHAKE_FAILURE {code} > instead of the current ones which flood the logs: > {code:java} > 2023-09-12 00:00:25,368 [WARN ] [epollEventLoopGroup-5-5] cluster_id=3 > ip_address=10.0.0.1 PreV5Handlers.java:261 - Unknown exception in client > networking > io.netty.handler.codec.DecoderException: javax.net.ssl.SSLHandshakeException: > error:10d7:SSL routines:OPENSSL_internal:SSL_HANDSHAKE_FAILURE > at > io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:478) > at > io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:276) > at > io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379) > at > io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:365) > at > io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:357) > at > io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1410) > at > io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379) > at > io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:365) > at > io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:919) > at > io.netty.channel.epoll.AbstractEpollStreamChannel$EpollStreamUnsafe.epollInReady(AbstractEpollStreamChannel.java:795) > at > io.netty.channel.epoll.EpollEventLoop.processReady(EpollEventLoop.java:480) > at io.netty.channel.epoll.EpollEventLoop.run(EpollEventLoop.java:378) > at > io.netty.util.concurrent.SingleThreadEventExecutor$4.run(SingleThreadEventExecutor.java:989) > at > io.netty.util.internal.ThreadExecutorMap$2.run(ThreadExecutorMap.java:74) > at > io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30) > at java.base/java.lang.Thread.run(Thread.java:834) > Caused by: javax.net.ssl.SSLHandshakeException: error:10d7:SSL > routines:OPENSSL_internal:SSL_HANDSHAKE_FAILURE > at > io.netty.handler.ssl.ReferenceCountedOpenSslEngine.shutdownWithError(ReferenceCountedOpenSslEngine.java:1031) > at > io.netty.handler.ssl.ReferenceCountedOpenSslEngine.sslReadErrorResult(ReferenceCountedOpenSslEngine.java:1321) > at > io.netty.handler.ssl.ReferenceCountedOpenSslEngine.unwrap(ReferenceCountedOpenSslEngine.java:1270) > at > io.netty.handler.ssl.ReferenceCountedOpenSslEngine.unwrap(ReferenceCountedOpenSslEngine.java:1346) > at > io.netty.handler.ssl.ReferenceCountedOpenSslEngine.unwrap(ReferenceCountedOpenSslEngine.java:1389) > at > io.netty.handler.ssl.SslHandler$SslEngineType$1.unwrap(SslHandler.java:206) > at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1387) > at > io.netty.handler.ssl.SslHandler.decodeNonJdkCompatible(SslHandler.java:1294) > at io.netty.handler.ssl.SslHandler.decode(SslHandler.java:1331) > at > io.netty.handler.codec.ByteToMessageDecoder.decodeRemovalReentryProtection(ByteToMessageDecoder.java:508) > at > io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:447) > ... 15 common frames omitted {code} -- This message was sent by Atlassian Jira (v8.20.10#820010) - To unsubscribe, e-mail:
[jira] [Commented] (CASSANDRA-18839) Catch SSLHandshakeExceptions exceptions
[ https://issues.apache.org/jira/browse/CASSANDRA-18839?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17788177#comment-17788177 ] James Hu commented on CASSANDRA-18839: -- [~bschoeni] I've opened a PR at [https://github.com/apache/cassandra/pull/2924.] Would you be able to review the patch and provide any feedback? This is my first PR in Cassandra so I am open to any revisions on the PR or logistics. > Catch SSLHandshakeExceptions exceptions > --- > > Key: CASSANDRA-18839 > URL: https://issues.apache.org/jira/browse/CASSANDRA-18839 > Project: Cassandra > Issue Type: Improvement > Components: Messaging/Client >Reporter: Brad Schoening >Assignee: James Hu >Priority: Low > Time Spent: 10m > Remaining Estimate: 0h > > When SSL connection errors occur, they tend to flood the log with stack > traces and lack the identity of the remote client IP. Instead, > PreV5Handlers.decode() could catch SSLHandshakeException and provide a brief, > more informative WARN level message instead of the verbose and mostly > unhelpful stack trace. > I.e., > {code:java} > [WARN ] [epollEventLoopGroup-5-5] cluster_id=3 ip_address=10.0.0.1 > PreV5Handlers.java:261 - SSLHandshakeException in client networking with peer > 10.0.0.10:9042 error:10d7:SSL > routines:OPENSSL_internal:SSL_HANDSHAKE_FAILURE {code} > instead of the current ones which flood the logs: > {code:java} > 2023-09-12 00:00:25,368 [WARN ] [epollEventLoopGroup-5-5] cluster_id=3 > ip_address=10.0.0.1 PreV5Handlers.java:261 - Unknown exception in client > networking > io.netty.handler.codec.DecoderException: javax.net.ssl.SSLHandshakeException: > error:10d7:SSL routines:OPENSSL_internal:SSL_HANDSHAKE_FAILURE > at > io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:478) > at > io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:276) > at > io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379) > at > io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:365) > at > io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:357) > at > io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1410) > at > io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379) > at > io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:365) > at > io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:919) > at > io.netty.channel.epoll.AbstractEpollStreamChannel$EpollStreamUnsafe.epollInReady(AbstractEpollStreamChannel.java:795) > at > io.netty.channel.epoll.EpollEventLoop.processReady(EpollEventLoop.java:480) > at io.netty.channel.epoll.EpollEventLoop.run(EpollEventLoop.java:378) > at > io.netty.util.concurrent.SingleThreadEventExecutor$4.run(SingleThreadEventExecutor.java:989) > at > io.netty.util.internal.ThreadExecutorMap$2.run(ThreadExecutorMap.java:74) > at > io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30) > at java.base/java.lang.Thread.run(Thread.java:834) > Caused by: javax.net.ssl.SSLHandshakeException: error:10d7:SSL > routines:OPENSSL_internal:SSL_HANDSHAKE_FAILURE > at > io.netty.handler.ssl.ReferenceCountedOpenSslEngine.shutdownWithError(ReferenceCountedOpenSslEngine.java:1031) > at > io.netty.handler.ssl.ReferenceCountedOpenSslEngine.sslReadErrorResult(ReferenceCountedOpenSslEngine.java:1321) > at > io.netty.handler.ssl.ReferenceCountedOpenSslEngine.unwrap(ReferenceCountedOpenSslEngine.java:1270) > at > io.netty.handler.ssl.ReferenceCountedOpenSslEngine.unwrap(ReferenceCountedOpenSslEngine.java:1346) > at > io.netty.handler.ssl.ReferenceCountedOpenSslEngine.unwrap(ReferenceCountedOpenSslEngine.java:1389) > at > io.netty.handler.ssl.SslHandler$SslEngineType$1.unwrap(SslHandler.java:206) > at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1387) > at > io.netty.handler.ssl.SslHandler.decodeNonJdkCompatible(SslHandler.java:1294) > at io.netty.handler.ssl.SslHandler.decode(SslHandler.java:1331) > at > io.netty.handler.codec.ByteToMessageDecoder.decodeRemovalReentryProtection(ByteToMessageDecoder.java:508) > at > io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:447) > ... 15 common frames omitted {code} -- This message was sent by Atlassian Jira (v8.20.10#820010) - To unsubscribe, e-mail:
[jira] [Commented] (CASSANDRA-18839) Catch SSLHandshakeExceptions exceptions
[ https://issues.apache.org/jira/browse/CASSANDRA-18839?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17788169#comment-17788169 ] Brad Schoening commented on CASSANDRA-18839: Yes, it would be best to implement it there in exceptionCaught(). > Catch SSLHandshakeExceptions exceptions > --- > > Key: CASSANDRA-18839 > URL: https://issues.apache.org/jira/browse/CASSANDRA-18839 > Project: Cassandra > Issue Type: Improvement > Components: Messaging/Client >Reporter: Brad Schoening >Priority: Low > > When SSL connection errors occur, they tend to flood the log with stack > traces and lack the identity of the remote client IP. Instead, > PreV5Handlers.decode() could catch SSLHandshakeException and provide a brief, > more informative WARN level message instead of the verbose and mostly > unhelpful stack trace. > I.e., > {code:java} > [WARN ] [epollEventLoopGroup-5-5] cluster_id=3 ip_address=10.0.0.1 > PreV5Handlers.java:261 - SSLHandshakeException in client networking with peer > 10.0.0.10:9042 error:10d7:SSL > routines:OPENSSL_internal:SSL_HANDSHAKE_FAILURE {code} > instead of the current ones which flood the logs: > {code:java} > 2023-09-12 00:00:25,368 [WARN ] [epollEventLoopGroup-5-5] cluster_id=3 > ip_address=10.0.0.1 PreV5Handlers.java:261 - Unknown exception in client > networking > io.netty.handler.codec.DecoderException: javax.net.ssl.SSLHandshakeException: > error:10d7:SSL routines:OPENSSL_internal:SSL_HANDSHAKE_FAILURE > at > io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:478) > at > io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:276) > at > io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379) > at > io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:365) > at > io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:357) > at > io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1410) > at > io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379) > at > io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:365) > at > io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:919) > at > io.netty.channel.epoll.AbstractEpollStreamChannel$EpollStreamUnsafe.epollInReady(AbstractEpollStreamChannel.java:795) > at > io.netty.channel.epoll.EpollEventLoop.processReady(EpollEventLoop.java:480) > at io.netty.channel.epoll.EpollEventLoop.run(EpollEventLoop.java:378) > at > io.netty.util.concurrent.SingleThreadEventExecutor$4.run(SingleThreadEventExecutor.java:989) > at > io.netty.util.internal.ThreadExecutorMap$2.run(ThreadExecutorMap.java:74) > at > io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30) > at java.base/java.lang.Thread.run(Thread.java:834) > Caused by: javax.net.ssl.SSLHandshakeException: error:10d7:SSL > routines:OPENSSL_internal:SSL_HANDSHAKE_FAILURE > at > io.netty.handler.ssl.ReferenceCountedOpenSslEngine.shutdownWithError(ReferenceCountedOpenSslEngine.java:1031) > at > io.netty.handler.ssl.ReferenceCountedOpenSslEngine.sslReadErrorResult(ReferenceCountedOpenSslEngine.java:1321) > at > io.netty.handler.ssl.ReferenceCountedOpenSslEngine.unwrap(ReferenceCountedOpenSslEngine.java:1270) > at > io.netty.handler.ssl.ReferenceCountedOpenSslEngine.unwrap(ReferenceCountedOpenSslEngine.java:1346) > at > io.netty.handler.ssl.ReferenceCountedOpenSslEngine.unwrap(ReferenceCountedOpenSslEngine.java:1389) > at > io.netty.handler.ssl.SslHandler$SslEngineType$1.unwrap(SslHandler.java:206) > at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1387) > at > io.netty.handler.ssl.SslHandler.decodeNonJdkCompatible(SslHandler.java:1294) > at io.netty.handler.ssl.SslHandler.decode(SslHandler.java:1331) > at > io.netty.handler.codec.ByteToMessageDecoder.decodeRemovalReentryProtection(ByteToMessageDecoder.java:508) > at > io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:447) > ... 15 common frames omitted {code} -- This message was sent by Atlassian Jira (v8.20.10#820010) - To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org
[jira] [Commented] (CASSANDRA-18839) Catch SSLHandshakeExceptions exceptions
[ https://issues.apache.org/jira/browse/CASSANDRA-18839?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17788165#comment-17788165 ] James Hu commented on CASSANDRA-18839: -- [~bschoeni] Ah, I can see what you mean. With that said, does it make more sense to move this error check to ExceptionHandlers.exceptionCaught() in trunk since we still need the reference to ChannelHandlerContext ctx? {code:java} @Override public void exceptionCaught(final ChannelHandlerContext ctx, Throwable cause) { ... if (Throwables.anyCauseMatches(cause, t -> t instanceof SSLException)) { logger.warn("SSLException in client networking with peer {}", ctx.channel().remoteAddress(), cause); return; } ... logClientNetworkingExceptions(cause); } {code} > Catch SSLHandshakeExceptions exceptions > --- > > Key: CASSANDRA-18839 > URL: https://issues.apache.org/jira/browse/CASSANDRA-18839 > Project: Cassandra > Issue Type: Improvement > Components: Messaging/Client >Reporter: Brad Schoening >Priority: Low > > When SSL connection errors occur, they tend to flood the log with stack > traces and lack the identity of the remote client IP. Instead, > PreV5Handlers.decode() could catch SSLHandshakeException and provide a brief, > more informative WARN level message instead of the verbose and mostly > unhelpful stack trace. > I.e., > {code:java} > [WARN ] [epollEventLoopGroup-5-5] cluster_id=3 ip_address=10.0.0.1 > PreV5Handlers.java:261 - SSLHandshakeException in client networking with peer > 10.0.0.10:9042 error:10d7:SSL > routines:OPENSSL_internal:SSL_HANDSHAKE_FAILURE {code} > instead of the current ones which flood the logs: > {code:java} > 2023-09-12 00:00:25,368 [WARN ] [epollEventLoopGroup-5-5] cluster_id=3 > ip_address=10.0.0.1 PreV5Handlers.java:261 - Unknown exception in client > networking > io.netty.handler.codec.DecoderException: javax.net.ssl.SSLHandshakeException: > error:10d7:SSL routines:OPENSSL_internal:SSL_HANDSHAKE_FAILURE > at > io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:478) > at > io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:276) > at > io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379) > at > io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:365) > at > io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:357) > at > io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1410) > at > io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379) > at > io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:365) > at > io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:919) > at > io.netty.channel.epoll.AbstractEpollStreamChannel$EpollStreamUnsafe.epollInReady(AbstractEpollStreamChannel.java:795) > at > io.netty.channel.epoll.EpollEventLoop.processReady(EpollEventLoop.java:480) > at io.netty.channel.epoll.EpollEventLoop.run(EpollEventLoop.java:378) > at > io.netty.util.concurrent.SingleThreadEventExecutor$4.run(SingleThreadEventExecutor.java:989) > at > io.netty.util.internal.ThreadExecutorMap$2.run(ThreadExecutorMap.java:74) > at > io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30) > at java.base/java.lang.Thread.run(Thread.java:834) > Caused by: javax.net.ssl.SSLHandshakeException: error:10d7:SSL > routines:OPENSSL_internal:SSL_HANDSHAKE_FAILURE > at > io.netty.handler.ssl.ReferenceCountedOpenSslEngine.shutdownWithError(ReferenceCountedOpenSslEngine.java:1031) > at > io.netty.handler.ssl.ReferenceCountedOpenSslEngine.sslReadErrorResult(ReferenceCountedOpenSslEngine.java:1321) > at > io.netty.handler.ssl.ReferenceCountedOpenSslEngine.unwrap(ReferenceCountedOpenSslEngine.java:1270) > at > io.netty.handler.ssl.ReferenceCountedOpenSslEngine.unwrap(ReferenceCountedOpenSslEngine.java:1346) > at > io.netty.handler.ssl.ReferenceCountedOpenSslEngine.unwrap(ReferenceCountedOpenSslEngine.java:1389) > at > io.netty.handler.ssl.SslHandler$SslEngineType$1.unwrap(SslHandler.java:206) > at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1387) > at > io.netty.handler.ssl.SslHandler.decodeNonJdkCompatible(SslHandler.java:1294) > at io.netty.handler.ssl.SslHandler.decode(SslHandler.java:1331) > at > io.netty.handler.codec.ByteToMessageDecoder.decodeRemovalReentryProtection(ByteToMessageDecoder.java:508) > at >
[jira] [Commented] (CASSANDRA-18839) Catch SSLHandshakeExceptions exceptions
[ https://issues.apache.org/jira/browse/CASSANDRA-18839?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17788140#comment-17788140 ] Brad Schoening commented on CASSANDRA-18839: [~jameshu15869] This section of the code has changed somewhat from 4.0.x to trunk. The exception occurs on line 261 of PreV5Handlers.java in exceptionCaught() in the stack trace above, and has been moved to ExceptionHandlers.logClientNetworkingExceptions in trunk (5.x) which has added several new instanceof checks. These are done so as to 'not spam the logs once a bad client shows up' which is exactly the same issue I've seen with the SSL errors. So, using instanceof is correct here. Note that it might work best to handle the parent SSLException, as these SSL exceptions don't benefit from having a stack trace printed. > Catch SSLHandshakeExceptions exceptions > --- > > Key: CASSANDRA-18839 > URL: https://issues.apache.org/jira/browse/CASSANDRA-18839 > Project: Cassandra > Issue Type: Improvement > Components: Messaging/Client >Reporter: Brad Schoening >Priority: Low > > When SSL connection errors occur, they tend to flood the log with stack > traces and lack the identity of the remote client IP. Instead, > PreV5Handlers.decode() could catch SSLHandshakeException and provide a brief, > more informative WARN level message instead of the verbose and mostly > unhelpful stack trace. > I.e., > {code:java} > [WARN ] [epollEventLoopGroup-5-5] cluster_id=3 ip_address=10.0.0.1 > PreV5Handlers.java:261 - SSLHandshakeException in client networking with peer > 10.0.0.10:9042 error:10d7:SSL > routines:OPENSSL_internal:SSL_HANDSHAKE_FAILURE {code} > instead of the current ones which flood the logs: > {code:java} > 2023-09-12 00:00:25,368 [WARN ] [epollEventLoopGroup-5-5] cluster_id=3 > ip_address=10.0.0.1 PreV5Handlers.java:261 - Unknown exception in client > networking > io.netty.handler.codec.DecoderException: javax.net.ssl.SSLHandshakeException: > error:10d7:SSL routines:OPENSSL_internal:SSL_HANDSHAKE_FAILURE > at > io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:478) > at > io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:276) > at > io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379) > at > io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:365) > at > io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:357) > at > io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1410) > at > io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379) > at > io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:365) > at > io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:919) > at > io.netty.channel.epoll.AbstractEpollStreamChannel$EpollStreamUnsafe.epollInReady(AbstractEpollStreamChannel.java:795) > at > io.netty.channel.epoll.EpollEventLoop.processReady(EpollEventLoop.java:480) > at io.netty.channel.epoll.EpollEventLoop.run(EpollEventLoop.java:378) > at > io.netty.util.concurrent.SingleThreadEventExecutor$4.run(SingleThreadEventExecutor.java:989) > at > io.netty.util.internal.ThreadExecutorMap$2.run(ThreadExecutorMap.java:74) > at > io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30) > at java.base/java.lang.Thread.run(Thread.java:834) > Caused by: javax.net.ssl.SSLHandshakeException: error:10d7:SSL > routines:OPENSSL_internal:SSL_HANDSHAKE_FAILURE > at > io.netty.handler.ssl.ReferenceCountedOpenSslEngine.shutdownWithError(ReferenceCountedOpenSslEngine.java:1031) > at > io.netty.handler.ssl.ReferenceCountedOpenSslEngine.sslReadErrorResult(ReferenceCountedOpenSslEngine.java:1321) > at > io.netty.handler.ssl.ReferenceCountedOpenSslEngine.unwrap(ReferenceCountedOpenSslEngine.java:1270) > at > io.netty.handler.ssl.ReferenceCountedOpenSslEngine.unwrap(ReferenceCountedOpenSslEngine.java:1346) > at > io.netty.handler.ssl.ReferenceCountedOpenSslEngine.unwrap(ReferenceCountedOpenSslEngine.java:1389) > at > io.netty.handler.ssl.SslHandler$SslEngineType$1.unwrap(SslHandler.java:206) > at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1387) > at > io.netty.handler.ssl.SslHandler.decodeNonJdkCompatible(SslHandler.java:1294) > at io.netty.handler.ssl.SslHandler.decode(SslHandler.java:1331) > at >
[jira] [Commented] (CASSANDRA-18839) Catch SSLHandshakeExceptions exceptions
[ https://issues.apache.org/jira/browse/CASSANDRA-18839?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17787680#comment-17787680 ] James Hu commented on CASSANDRA-18839: -- IntelliJ says that SSLHandshakeException is never thrown in the corresponding try block. Is that intended behavior? If so, I put together the code below. Is ctx.channel().remoteAddress() what we were looking for in the log? I couldn't seem to find javadocs sites for Cassandra online - is there a way to generate the documentation to read/search through quickly? {code:java} try { ... } catch (Throwable ex) { source.release(); if (Throwables.anyCauseMatches(ex, t -> t instanceof SSLHandshakeException)) { logger.warn("SSLHandshakeException in client networking with peer {}", ctx.channel().remoteAddress(), ex); return; } // Remember the streamId throw ErrorMessage.wrap(ex, source.header.streamId); } {code} > Catch SSLHandshakeExceptions exceptions > --- > > Key: CASSANDRA-18839 > URL: https://issues.apache.org/jira/browse/CASSANDRA-18839 > Project: Cassandra > Issue Type: Improvement > Components: Messaging/Client >Reporter: Brad Schoening >Priority: Low > > When SSL connection errors occur, they tend to flood the log with stack > traces and lack the identity of the remote client IP. Instead, > PreV5Handlers.decode() could catch SSLHandshakeException and provide a brief, > more informative WARN level message instead of the verbose and mostly > unhelpful stack trace. > I.e., > {code:java} > [WARN ] [epollEventLoopGroup-5-5] cluster_id=3 ip_address=10.0.0.1 > PreV5Handlers.java:261 - SSLHandshakeException in client networking with peer > 10.0.0.10:9042 error:10d7:SSL > routines:OPENSSL_internal:SSL_HANDSHAKE_FAILURE {code} > instead of the current ones which flood the logs: > {code:java} > 2023-09-12 00:00:25,368 [WARN ] [epollEventLoopGroup-5-5] cluster_id=3 > ip_address=10.0.0.1 PreV5Handlers.java:261 - Unknown exception in client > networking > io.netty.handler.codec.DecoderException: javax.net.ssl.SSLHandshakeException: > error:10d7:SSL routines:OPENSSL_internal:SSL_HANDSHAKE_FAILURE > at > io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:478) > at > io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:276) > at > io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379) > at > io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:365) > at > io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:357) > at > io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1410) > at > io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379) > at > io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:365) > at > io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:919) > at > io.netty.channel.epoll.AbstractEpollStreamChannel$EpollStreamUnsafe.epollInReady(AbstractEpollStreamChannel.java:795) > at > io.netty.channel.epoll.EpollEventLoop.processReady(EpollEventLoop.java:480) > at io.netty.channel.epoll.EpollEventLoop.run(EpollEventLoop.java:378) > at > io.netty.util.concurrent.SingleThreadEventExecutor$4.run(SingleThreadEventExecutor.java:989) > at > io.netty.util.internal.ThreadExecutorMap$2.run(ThreadExecutorMap.java:74) > at > io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30) > at java.base/java.lang.Thread.run(Thread.java:834) > Caused by: javax.net.ssl.SSLHandshakeException: error:10d7:SSL > routines:OPENSSL_internal:SSL_HANDSHAKE_FAILURE > at > io.netty.handler.ssl.ReferenceCountedOpenSslEngine.shutdownWithError(ReferenceCountedOpenSslEngine.java:1031) > at > io.netty.handler.ssl.ReferenceCountedOpenSslEngine.sslReadErrorResult(ReferenceCountedOpenSslEngine.java:1321) > at > io.netty.handler.ssl.ReferenceCountedOpenSslEngine.unwrap(ReferenceCountedOpenSslEngine.java:1270) > at > io.netty.handler.ssl.ReferenceCountedOpenSslEngine.unwrap(ReferenceCountedOpenSslEngine.java:1346) > at > io.netty.handler.ssl.ReferenceCountedOpenSslEngine.unwrap(ReferenceCountedOpenSslEngine.java:1389) > at > io.netty.handler.ssl.SslHandler$SslEngineType$1.unwrap(SslHandler.java:206) > at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1387) > at > io.netty.handler.ssl.SslHandler.decodeNonJdkCompatible(SslHandler.java:1294) > at
[jira] [Commented] (CASSANDRA-18839) Catch SSLHandshakeExceptions exceptions
[ https://issues.apache.org/jira/browse/CASSANDRA-18839?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17787634#comment-17787634 ] Brad Schoening commented on CASSANDRA-18839: Catching SSLHandshakeException in decode() should be sufficient and moving source.release() to a new finally block. {code:java} try { ProtocolVersion version = getConnectionVersion(ctx); . } catch (SSLHandshakeException ex) { log a msg here and return } catch (Throwable ex) { source.release(); // Remember the streamId throw ErrorMessage.wrap(ex, source.header.streamId); } {code} > Catch SSLHandshakeExceptions exceptions > --- > > Key: CASSANDRA-18839 > URL: https://issues.apache.org/jira/browse/CASSANDRA-18839 > Project: Cassandra > Issue Type: Improvement > Components: Messaging/Client >Reporter: Brad Schoening >Priority: Low > > When SSL connection errors occur, they tend to flood the log with stack > traces and lack the identity of the remote client IP. Instead, > PreV5Handlers.decode() could catch SSLHandshakeException and provide a brief, > more informative WARN level message instead of the verbose and mostly > unhelpful stack trace. > I.e., > {code:java} > [WARN ] [epollEventLoopGroup-5-5] cluster_id=3 ip_address=10.0.0.1 > PreV5Handlers.java:261 - SSLHandshakeException in client networking with peer > 10.0.0.10:9042 error:10d7:SSL > routines:OPENSSL_internal:SSL_HANDSHAKE_FAILURE {code} > instead of the current ones which flood the logs: > {code:java} > 2023-09-12 00:00:25,368 [WARN ] [epollEventLoopGroup-5-5] cluster_id=3 > ip_address=10.0.0.1 PreV5Handlers.java:261 - Unknown exception in client > networking > io.netty.handler.codec.DecoderException: javax.net.ssl.SSLHandshakeException: > error:10d7:SSL routines:OPENSSL_internal:SSL_HANDSHAKE_FAILURE > at > io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:478) > at > io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:276) > at > io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379) > at > io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:365) > at > io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:357) > at > io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1410) > at > io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379) > at > io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:365) > at > io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:919) > at > io.netty.channel.epoll.AbstractEpollStreamChannel$EpollStreamUnsafe.epollInReady(AbstractEpollStreamChannel.java:795) > at > io.netty.channel.epoll.EpollEventLoop.processReady(EpollEventLoop.java:480) > at io.netty.channel.epoll.EpollEventLoop.run(EpollEventLoop.java:378) > at > io.netty.util.concurrent.SingleThreadEventExecutor$4.run(SingleThreadEventExecutor.java:989) > at > io.netty.util.internal.ThreadExecutorMap$2.run(ThreadExecutorMap.java:74) > at > io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30) > at java.base/java.lang.Thread.run(Thread.java:834) > Caused by: javax.net.ssl.SSLHandshakeException: error:10d7:SSL > routines:OPENSSL_internal:SSL_HANDSHAKE_FAILURE > at > io.netty.handler.ssl.ReferenceCountedOpenSslEngine.shutdownWithError(ReferenceCountedOpenSslEngine.java:1031) > at > io.netty.handler.ssl.ReferenceCountedOpenSslEngine.sslReadErrorResult(ReferenceCountedOpenSslEngine.java:1321) > at > io.netty.handler.ssl.ReferenceCountedOpenSslEngine.unwrap(ReferenceCountedOpenSslEngine.java:1270) > at > io.netty.handler.ssl.ReferenceCountedOpenSslEngine.unwrap(ReferenceCountedOpenSslEngine.java:1346) > at > io.netty.handler.ssl.ReferenceCountedOpenSslEngine.unwrap(ReferenceCountedOpenSslEngine.java:1389) > at > io.netty.handler.ssl.SslHandler$SslEngineType$1.unwrap(SslHandler.java:206) > at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1387) > at > io.netty.handler.ssl.SslHandler.decodeNonJdkCompatible(SslHandler.java:1294) > at io.netty.handler.ssl.SslHandler.decode(SslHandler.java:1331) > at > io.netty.handler.codec.ByteToMessageDecoder.decodeRemovalReentryProtection(ByteToMessageDecoder.java:508) > at >
[jira] [Commented] (CASSANDRA-18839) Catch SSLHandshakeExceptions exceptions
[ https://issues.apache.org/jira/browse/CASSANDRA-18839?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17787626#comment-17787626 ] James Hu commented on CASSANDRA-18839: -- [~bschoeni] Do you mean that an SSLHandshakeException handler should already be in PreV5Handlers.java? I didn't seem to see anything explicitly in that file. I was thinking it might make sense to add a case to logClientNetworkingExceptions() at [https://github.com/apache/cassandra/blob/ed5a22428355765df5da94151413fc59538afef5/src/java/org/apache/cassandra/transport/ExceptionHandlers.java#L113-L141] to catch/log the SSLHandshakeException. I'm still new to Cassandra dev and open source in general, so please let me know if I'm way off the mark here. {code:java} {code} > Catch SSLHandshakeExceptions exceptions > --- > > Key: CASSANDRA-18839 > URL: https://issues.apache.org/jira/browse/CASSANDRA-18839 > Project: Cassandra > Issue Type: Improvement > Components: Messaging/Client >Reporter: Brad Schoening >Priority: Low > > When SSL connection errors occur, they tend to flood the log with stack > traces and lack the identity of the remote client IP. Instead, > PreV5Handlers.decode() could catch SSLHandshakeException and provide a brief, > more informative WARN level message instead of the verbose and mostly > unhelpful stack trace. > I.e., > {code:java} > [WARN ] [epollEventLoopGroup-5-5] cluster_id=3 ip_address=10.0.0.1 > PreV5Handlers.java:261 - SSLHandshakeException in client networking with peer > 10.0.0.10:9042 error:10d7:SSL > routines:OPENSSL_internal:SSL_HANDSHAKE_FAILURE {code} > instead of the current ones which flood the logs: > {code:java} > 2023-09-12 00:00:25,368 [WARN ] [epollEventLoopGroup-5-5] cluster_id=3 > ip_address=10.0.0.1 PreV5Handlers.java:261 - Unknown exception in client > networking > io.netty.handler.codec.DecoderException: javax.net.ssl.SSLHandshakeException: > error:10d7:SSL routines:OPENSSL_internal:SSL_HANDSHAKE_FAILURE > at > io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:478) > at > io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:276) > at > io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379) > at > io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:365) > at > io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:357) > at > io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1410) > at > io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379) > at > io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:365) > at > io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:919) > at > io.netty.channel.epoll.AbstractEpollStreamChannel$EpollStreamUnsafe.epollInReady(AbstractEpollStreamChannel.java:795) > at > io.netty.channel.epoll.EpollEventLoop.processReady(EpollEventLoop.java:480) > at io.netty.channel.epoll.EpollEventLoop.run(EpollEventLoop.java:378) > at > io.netty.util.concurrent.SingleThreadEventExecutor$4.run(SingleThreadEventExecutor.java:989) > at > io.netty.util.internal.ThreadExecutorMap$2.run(ThreadExecutorMap.java:74) > at > io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30) > at java.base/java.lang.Thread.run(Thread.java:834) > Caused by: javax.net.ssl.SSLHandshakeException: error:10d7:SSL > routines:OPENSSL_internal:SSL_HANDSHAKE_FAILURE > at > io.netty.handler.ssl.ReferenceCountedOpenSslEngine.shutdownWithError(ReferenceCountedOpenSslEngine.java:1031) > at > io.netty.handler.ssl.ReferenceCountedOpenSslEngine.sslReadErrorResult(ReferenceCountedOpenSslEngine.java:1321) > at > io.netty.handler.ssl.ReferenceCountedOpenSslEngine.unwrap(ReferenceCountedOpenSslEngine.java:1270) > at > io.netty.handler.ssl.ReferenceCountedOpenSslEngine.unwrap(ReferenceCountedOpenSslEngine.java:1346) > at > io.netty.handler.ssl.ReferenceCountedOpenSslEngine.unwrap(ReferenceCountedOpenSslEngine.java:1389) > at > io.netty.handler.ssl.SslHandler$SslEngineType$1.unwrap(SslHandler.java:206) > at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1387) > at > io.netty.handler.ssl.SslHandler.decodeNonJdkCompatible(SslHandler.java:1294) > at io.netty.handler.ssl.SslHandler.decode(SslHandler.java:1331) > at > io.netty.handler.codec.ByteToMessageDecoder.decodeRemovalReentryProtection(ByteToMessageDecoder.java:508) > at >
[jira] [Commented] (CASSANDRA-18839) Catch SSLHandshakeExceptions exceptions
[ https://issues.apache.org/jira/browse/CASSANDRA-18839?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17787618#comment-17787618 ] Brad Schoening commented on CASSANDRA-18839: [~jameshu15869] Yes, this is still an open issue and that is the correct file. It should have a handler for SSLHandshakeException. > Catch SSLHandshakeExceptions exceptions > --- > > Key: CASSANDRA-18839 > URL: https://issues.apache.org/jira/browse/CASSANDRA-18839 > Project: Cassandra > Issue Type: Improvement > Components: Messaging/Client >Reporter: Brad Schoening >Priority: Low > > When SSL connection errors occur, they tend to flood the log with stack > traces and lack the identity of the remote client IP. Instead, > PreV5Handlers.decode() could catch SSLHandshakeException and provide a brief, > more informative WARN level message instead of the verbose and mostly > unhelpful stack trace. > I.e., > {code:java} > [WARN ] [epollEventLoopGroup-5-5] cluster_id=3 ip_address=10.0.0.1 > PreV5Handlers.java:261 - SSLHandshakeException in client networking with peer > 10.0.0.10:9042 error:10d7:SSL > routines:OPENSSL_internal:SSL_HANDSHAKE_FAILURE {code} > instead of the current ones which flood the logs: > {code:java} > 2023-09-12 00:00:25,368 [WARN ] [epollEventLoopGroup-5-5] cluster_id=3 > ip_address=10.0.0.1 PreV5Handlers.java:261 - Unknown exception in client > networking > io.netty.handler.codec.DecoderException: javax.net.ssl.SSLHandshakeException: > error:10d7:SSL routines:OPENSSL_internal:SSL_HANDSHAKE_FAILURE > at > io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:478) > at > io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:276) > at > io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379) > at > io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:365) > at > io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:357) > at > io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1410) > at > io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379) > at > io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:365) > at > io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:919) > at > io.netty.channel.epoll.AbstractEpollStreamChannel$EpollStreamUnsafe.epollInReady(AbstractEpollStreamChannel.java:795) > at > io.netty.channel.epoll.EpollEventLoop.processReady(EpollEventLoop.java:480) > at io.netty.channel.epoll.EpollEventLoop.run(EpollEventLoop.java:378) > at > io.netty.util.concurrent.SingleThreadEventExecutor$4.run(SingleThreadEventExecutor.java:989) > at > io.netty.util.internal.ThreadExecutorMap$2.run(ThreadExecutorMap.java:74) > at > io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30) > at java.base/java.lang.Thread.run(Thread.java:834) > Caused by: javax.net.ssl.SSLHandshakeException: error:10d7:SSL > routines:OPENSSL_internal:SSL_HANDSHAKE_FAILURE > at > io.netty.handler.ssl.ReferenceCountedOpenSslEngine.shutdownWithError(ReferenceCountedOpenSslEngine.java:1031) > at > io.netty.handler.ssl.ReferenceCountedOpenSslEngine.sslReadErrorResult(ReferenceCountedOpenSslEngine.java:1321) > at > io.netty.handler.ssl.ReferenceCountedOpenSslEngine.unwrap(ReferenceCountedOpenSslEngine.java:1270) > at > io.netty.handler.ssl.ReferenceCountedOpenSslEngine.unwrap(ReferenceCountedOpenSslEngine.java:1346) > at > io.netty.handler.ssl.ReferenceCountedOpenSslEngine.unwrap(ReferenceCountedOpenSslEngine.java:1389) > at > io.netty.handler.ssl.SslHandler$SslEngineType$1.unwrap(SslHandler.java:206) > at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1387) > at > io.netty.handler.ssl.SslHandler.decodeNonJdkCompatible(SslHandler.java:1294) > at io.netty.handler.ssl.SslHandler.decode(SslHandler.java:1331) > at > io.netty.handler.codec.ByteToMessageDecoder.decodeRemovalReentryProtection(ByteToMessageDecoder.java:508) > at > io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:447) > ... 15 common frames omitted {code} -- This message was sent by Atlassian Jira (v8.20.10#820010) - To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org
[jira] [Commented] (CASSANDRA-18839) Catch SSLHandshakeExceptions exceptions
[ https://issues.apache.org/jira/browse/CASSANDRA-18839?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17787604#comment-17787604 ] James Hu commented on CASSANDRA-18839: -- Hi, I'm new to the Cassandra dev community. Is this issue still open? If so, is the PreV5Handlers.decode() method referring to the one in PreV5Handlers.java[ (https://github.com/apache/cassandra/blob/ed5a22428355765df5da94151413fc59538afef5/src/java/org/apache/cassandra/transport/PreV5Handlers.java#L256-L277?|https://github.com/apache/cassandra/blob/ed5a22428355765df5da94151413fc59538afef5/src/java/org/apache/cassandra/transport/PreV5Handlers.java#L256-L277])? > Catch SSLHandshakeExceptions exceptions > --- > > Key: CASSANDRA-18839 > URL: https://issues.apache.org/jira/browse/CASSANDRA-18839 > Project: Cassandra > Issue Type: Improvement > Components: Messaging/Client >Reporter: Brad Schoening >Priority: Low > > When SSL connection errors occur, they tend to flood the log with stack > traces and lack the identity of the remote client IP. Instead, > PreV5Handlers.decode() could catch SSLHandshakeException and provide a brief, > more informative WARN level message instead of the verbose and mostly > unhelpful stack trace. > I.e., > {code:java} > [WARN ] [epollEventLoopGroup-5-5] cluster_id=3 ip_address=10.0.0.1 > PreV5Handlers.java:261 - SSLHandshakeException in client networking with peer > 10.0.0.10:9042 error:10d7:SSL > routines:OPENSSL_internal:SSL_HANDSHAKE_FAILURE {code} > instead of the current ones which flood the logs: > {code:java} > 2023-09-12 00:00:25,368 [WARN ] [epollEventLoopGroup-5-5] cluster_id=3 > ip_address=10.0.0.1 PreV5Handlers.java:261 - Unknown exception in client > networking > io.netty.handler.codec.DecoderException: javax.net.ssl.SSLHandshakeException: > error:10d7:SSL routines:OPENSSL_internal:SSL_HANDSHAKE_FAILURE > at > io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:478) > at > io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:276) > at > io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379) > at > io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:365) > at > io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:357) > at > io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1410) > at > io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379) > at > io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:365) > at > io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:919) > at > io.netty.channel.epoll.AbstractEpollStreamChannel$EpollStreamUnsafe.epollInReady(AbstractEpollStreamChannel.java:795) > at > io.netty.channel.epoll.EpollEventLoop.processReady(EpollEventLoop.java:480) > at io.netty.channel.epoll.EpollEventLoop.run(EpollEventLoop.java:378) > at > io.netty.util.concurrent.SingleThreadEventExecutor$4.run(SingleThreadEventExecutor.java:989) > at > io.netty.util.internal.ThreadExecutorMap$2.run(ThreadExecutorMap.java:74) > at > io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30) > at java.base/java.lang.Thread.run(Thread.java:834) > Caused by: javax.net.ssl.SSLHandshakeException: error:10d7:SSL > routines:OPENSSL_internal:SSL_HANDSHAKE_FAILURE > at > io.netty.handler.ssl.ReferenceCountedOpenSslEngine.shutdownWithError(ReferenceCountedOpenSslEngine.java:1031) > at > io.netty.handler.ssl.ReferenceCountedOpenSslEngine.sslReadErrorResult(ReferenceCountedOpenSslEngine.java:1321) > at > io.netty.handler.ssl.ReferenceCountedOpenSslEngine.unwrap(ReferenceCountedOpenSslEngine.java:1270) > at > io.netty.handler.ssl.ReferenceCountedOpenSslEngine.unwrap(ReferenceCountedOpenSslEngine.java:1346) > at > io.netty.handler.ssl.ReferenceCountedOpenSslEngine.unwrap(ReferenceCountedOpenSslEngine.java:1389) > at > io.netty.handler.ssl.SslHandler$SslEngineType$1.unwrap(SslHandler.java:206) > at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1387) > at > io.netty.handler.ssl.SslHandler.decodeNonJdkCompatible(SslHandler.java:1294) > at io.netty.handler.ssl.SslHandler.decode(SslHandler.java:1331) > at > io.netty.handler.codec.ByteToMessageDecoder.decodeRemovalReentryProtection(ByteToMessageDecoder.java:508) > at > io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:447) > ... 15 common frames omitted {code} -- This message was sent by