Re: Random SSL unsupported record version
Hello late last week we went to git and built the 1.8 snapshot versions. We are still seeing the same random exception. -- View this message in context: http://apache-ignite-users.70518.x6.nabble.com/Random-SSL-unsupported-record-version-tp8236p8674.html Sent from the Apache Ignite Users mailing list archive at Nabble.com.
Re: Random SSL unsupported record version
Hi, I think I found the reason for this error. Here is the ticket that you can watch: https://issues.apache.org/jira/browse/IGNITE-4110 -Val -- View this message in context: http://apache-ignite-users.70518.x6.nabble.com/Random-SSL-unsupported-record-version-tp8236p8487.html Sent from the Apache Ignite Users mailing list archive at Nabble.com.
Re: Random SSL unsupported record version
I apologize yes it is. It does have more information than the previous post. The last suggestion from the group was to change the key size. I created certificates at 1024 and still have the same issue. -- View this message in context: http://apache-ignite-users.70518.x6.nabble.com/Random-SSL-unsupported-record-version-tp8406p8445.html Sent from the Apache Ignite Users mailing list archive at Nabble.com.
Re: Random SSL unsupported record version
Hi, Isn't this thread a duplicate of this one? http://apache-ignite-users.70518.x6.nabble.com/Random-SSL-unsupported-record-version-td8236.html -Val -- View this message in context: http://apache-ignite-users.70518.x6.nabble.com/Random-SSL-unsupported-record-version-tp8406p8422.html Sent from the Apache Ignite Users mailing list archive at Nabble.com.
Random SSL unsupported record version
org.apache.ignite.internal.util.nio.ssl.BlockingSslHandler.unwrap0(BlockingSslHandler.java:397) at org.apache.ignite.internal.util.nio.ssl.BlockingSslHandler.unwrapHandshake(BlockingSslHandler.java:363) at org.apache.ignite.internal.util.nio.ssl.BlockingSslHandler.handshake(BlockingSslHandler.java:149) at org.apache.ignite.spi.communication.tcp.TcpCommunicationSpi.safeHandshake(TcpCommunicationSpi.java:2578) ... 64 more Suppressed: class org.apache.ignite.IgniteCheckedException: Failed to connect to address: /0:0:0:0:0:0:0:1%lo:47100 at org.apache.ignite.spi.communication.tcp.TcpCommunicationSpi.createTcpClient(TcpCommunicationSpi.java:2504) ... 63 more Caused by: class org.apache.ignite.IgniteCheckedException: Remote node ID is not as expected [expected=e0cd4a40-6cc2-49f2-9536-b3453713f649, rcvd=e55562b0-c39f-4550-9d94-255fde805e52] at org.apache.ignite.spi.communication.tcp.TcpCommunicationSpi.safeHandshake(TcpCommunicationSpi.java:2614) at org.apache.ignite.spi.communication.tcp.TcpCommunicationSpi.createTcpClient(TcpCommunicationSpi.java:2371) ... 63 more Suppressed: class org.apache.ignite.IgniteCheckedException: Failed to connect to address: /127.0.0.1:47100 at org.apache.ignite.spi.communication.tcp.TcpCommunicationSpi.createTcpClient(TcpCommunicationSpi.java:2504) ... 63 more Caused by: class org.apache.ignite.IgniteCheckedException: Remote node ID is not as expected [expected=e0cd4a40-6cc2-49f2-9536-b3453713f649, rcvd=e55562b0-c39f-4550-9d94-255fde805e52] at org.apache.ignite.spi.communication.tcp.TcpCommunicationSpi.safeHandshake(TcpCommunicationSpi.java:2614) at org.apache.ignite.spi.communication.tcp.TcpCommunicationSpi.createTcpClient(TcpCommunicationSpi.java:2371) ... 63 more -- View this message in context: http://apache-ignite-users.70518.x6.nabble.com/Random-SSL-unsupported-record-version-tp8406.html Sent from the Apache Ignite Users mailing list archive at Nabble.com.
Re: Random SSL unsupported record version
at org.apache.ignite.internal.util.nio.ssl.BlockingSslHandler.unwrapHandshake(BlockingSslHandler.java:363) at org.apache.ignite.internal.util.nio.ssl.BlockingSslHandler.handshake(BlockingSslHandler.java:149) at org.apache.ignite.spi.communication.tcp.TcpCommunicationSpi.safeHandshake(TcpCommunicationSpi.java:2578) ... 34 more Suppressed: class org.apache.ignite.IgniteCheckedException: Failed to connect to address: /0:0:0:0:0:0:0:1%lo:47100 at org.apache.ignite.spi.communication.tcp.TcpCommunicationSpi.createTcpClient(TcpCommunicationSpi.java:2504) ... 33 more Caused by: class org.apache.ignite.IgniteCheckedException: Remote node ID is not as expected [expected=5b963622-e822-4f96-a584-497852c9ef98, rcvd=02ba0cfc-b7d6-4c74-9a92-45bcb45c7ec9] at org.apache.ignite.spi.communication.tcp.TcpCommunicationSpi.safeHandshake(TcpCommunicationSpi.java:2614) at org.apache.ignite.spi.communication.tcp.TcpCommunicationSpi.createTcpClient(TcpCommunicationSpi.java:2371) ... 33 more Suppressed: class org.apache.ignite.IgniteCheckedException: Failed to connect to address: /127.0.0.1:47100 at org.apache.ignite.spi.communication.tcp.TcpCommunicationSpi.createTcpClient(TcpCommunicationSpi.java:2504) ... 33 more Caused by: class org.apache.ignite.IgniteCheckedException: Remote node ID is not as expected [expected=5b963622-e822-4f96-a584-497852c9ef98, rcvd=02ba0cfc-b7d6-4c74-9a92-45bcb45c7ec9] at org.apache.ignite.spi.communication.tcp.TcpCommunicationSpi.safeHandshake(TcpCommunicationSpi.java:2614) at org.apache.ignite.spi.communication.tcp.TcpCommunicationSpi.createTcpClient(TcpCommunicationSpi.java:2371) ... 33 more -- View this message in context: http://apache-ignite-users.70518.x6.nabble.com/Random-SSL-unsupported-record-version-tp8236p8349.html Sent from the Apache Ignite Users mailing list archive at Nabble.com.
Re: Random SSL unsupported record version
Well like I said the certificates I am using were from the ignite distribution. So if you used keytool to generate then I am assuming it is 1024. Are you saying I should try to create certificates that are less than 1024? Is this a bug in Ignite or java itself? -- View this message in context: http://apache-ignite-users.70518.x6.nabble.com/Random-SSL-unsupported-record-version-tp8236p8305.html Sent from the Apache Ignite Users mailing list archive at Nabble.com.
Re: Random SSL unsupported record version
Hi, I meant RSA (or other algorithm you use) key length in bytes. By default keytool uses 1024, but in case of longer keys you can get such an exception. -Val -- View this message in context: http://apache-ignite-users.70518.x6.nabble.com/Random-SSL-unsupported-record-version-tp8236p8300.html Sent from the Apache Ignite Users mailing list archive at Nabble.com.
Re: Random SSL unsupported record version
If you are referring the actual values being serialized they look like this.
The key for image page is the UUID
public abstract class ImagePage implements Serializable
{
private static final long serialVersionUID = 1L;
private UUID id;
/** Will be indexed on it's own and also participate in the group index
for page access. */
@QuerySqlField(index = true, orderedGroups = {@QuerySqlField.Group(name =
"doc_page_idx", order = 0, descending = true)})
private String documentId;
/** Will participate in the group index sorted in ascending order. */
@QuerySqlField(orderedGroups = {@QuerySqlField.Group(name =
"doc_page_idx", order = 1)})
private Integer pageNumber;
private String pageFormat;
private byte[] image;
public ImagePage (String documentId, byte[] image, String pageFormat,
Integer pageNumber)
{
this.id = UUID.randomUUID();
this.documentId = documentId;
this.image = image;
this.pageFormat = pageFormat;
this.pageNumber = pageNumber;
}
--
I do see this message when attempting to serialize the DateTime object
WARNING: Class "org.joda.time.chrono.ISOChronology$Stub" cannot be
serialized using BinaryMarshaller because it either implements
Externalizable interface or have writeObject/readObject methods.
OptimizedMarshaller will be used instead and class instances will be
deserialized on the server. Please ensure that all nodes have this class in
classpath. To enable binary serialization either implement Binarylizable
interface or set explicit serializer using
BinaryTypeConfiguration.setSerializer() method.
public class ConversionStatus implements Serializable
{
private static final long serialVersionUID = 2793398355157434057L;
private static final int TIMEOUT_MINUTES = 3;
private Integer pageCount = null;
private ConversionStatusEnum conversionStatusEnum =
ConversionStatusEnum.NOT_REQUESTED;
private DateTime timeoutTime = null;
--
View this message in context:
http://apache-ignite-users.70518.x6.nabble.com/Random-SSL-unsupported-record-version-tp8236p8289.html
Sent from the Apache Ignite Users mailing list archive at Nabble.com.
Re: Random SSL unsupported record version
The certificates I am using are the ones that shipped with the distribution. I changed the keystore password for client.jks server.jks and trust.jks. I also changed the keypass as well. I am using a 12 character key. -- View this message in context: http://apache-ignite-users.70518.x6.nabble.com/Random-SSL-unsupported-record-version-tp8236p8288.html Sent from the Apache Ignite Users mailing list archive at Nabble.com.
Re: Random SSL unsupported record version
Hi, Looks like there is an issue with SSL support when long keys are used. I'm investigating it right now. How long are the keys you're using? -Val -- View this message in context: http://apache-ignite-users.70518.x6.nabble.com/Random-SSL-unsupported-record-version-tp8236p8278.html Sent from the Apache Ignite Users mailing list archive at Nabble.com.
Random SSL unsupported record version
This is happening randomly but seeing this exception during cache updates
Caused by: javax.net.ssl.SSLException: Unsupported record version
Unknown-10.6
This is what the configuration looks like. Using default values for Key
algorithm and protocols. All apps running under Java 1.8. Verbose output
from keytool shows certificate fingerprints:
MD5
SHA1
SHA256
Signature Algorithm: SHA1withRSA
private SslContextFactory initializeSecurity ()
{
SslContextFactory sslFactory = new SslContextFactory();
EncryptionHelper helper = new EncryptionHelper(seed);
char[] decrypted = helper.decrypt(keystoreValue).toCharArray();
if (isClientMode()) {
sslFactory.setKeyStoreFilePath(getKeystorePath() + "/" +
"ignite-client.jks");
sslFactory.setKeyStorePassword(decrypted);
sslFactory.setTrustManagers(SslContextFactory.getDisabledTrustManager());
} else {
sslFactory.setKeyStoreFilePath(getKeystorePath() + "/" +
"ignite-server.jks");
sslFactory.setKeyStorePassword(decrypted);
sslFactory.setTrustStoreFilePath(getKeystorePath() + "/" +
"ignite-trust.jks");
sslFactory.setTrustStorePassword(decrypted);
}
return sslFactory;
}
--
View this message in context:
http://apache-ignite-users.70518.x6.nabble.com/Random-SSL-unsupported-record-version-tp8236.html
Sent from the Apache Ignite Users mailing list archive at Nabble.com.
