Re: Random SSL unsupported record version
Hello late last week we went to git and built the 1.8 snapshot versions. We are still seeing the same random exception. -- View this message in context: http://apache-ignite-users.70518.x6.nabble.com/Random-SSL-unsupported-record-version-tp8236p8674.html Sent from the Apache Ignite Users mailing list archive at Nabble.com.
Re: Random SSL unsupported record version
Hi, I think I found the reason for this error. Here is the ticket that you can watch: https://issues.apache.org/jira/browse/IGNITE-4110 -Val -- View this message in context: http://apache-ignite-users.70518.x6.nabble.com/Random-SSL-unsupported-record-version-tp8236p8487.html Sent from the Apache Ignite Users mailing list archive at Nabble.com.
Re: Random SSL unsupported record version
I apologize yes it is. It does have more information than the previous post. The last suggestion from the group was to change the key size. I created certificates at 1024 and still have the same issue. -- View this message in context: http://apache-ignite-users.70518.x6.nabble.com/Random-SSL-unsupported-record-version-tp8406p8445.html Sent from the Apache Ignite Users mailing list archive at Nabble.com.
Re: Random SSL unsupported record version
Hi, Isn't this thread a duplicate of this one? http://apache-ignite-users.70518.x6.nabble.com/Random-SSL-unsupported-record-version-td8236.html -Val -- View this message in context: http://apache-ignite-users.70518.x6.nabble.com/Random-SSL-unsupported-record-version-tp8406p8422.html Sent from the Apache Ignite Users mailing list archive at Nabble.com.
Random SSL unsupported record version
org.apache.ignite.internal.util.nio.ssl.BlockingSslHandler.unwrap0(BlockingSslHandler.java:397) at org.apache.ignite.internal.util.nio.ssl.BlockingSslHandler.unwrapHandshake(BlockingSslHandler.java:363) at org.apache.ignite.internal.util.nio.ssl.BlockingSslHandler.handshake(BlockingSslHandler.java:149) at org.apache.ignite.spi.communication.tcp.TcpCommunicationSpi.safeHandshake(TcpCommunicationSpi.java:2578) ... 64 more Suppressed: class org.apache.ignite.IgniteCheckedException: Failed to connect to address: /0:0:0:0:0:0:0:1%lo:47100 at org.apache.ignite.spi.communication.tcp.TcpCommunicationSpi.createTcpClient(TcpCommunicationSpi.java:2504) ... 63 more Caused by: class org.apache.ignite.IgniteCheckedException: Remote node ID is not as expected [expected=e0cd4a40-6cc2-49f2-9536-b3453713f649, rcvd=e55562b0-c39f-4550-9d94-255fde805e52] at org.apache.ignite.spi.communication.tcp.TcpCommunicationSpi.safeHandshake(TcpCommunicationSpi.java:2614) at org.apache.ignite.spi.communication.tcp.TcpCommunicationSpi.createTcpClient(TcpCommunicationSpi.java:2371) ... 63 more Suppressed: class org.apache.ignite.IgniteCheckedException: Failed to connect to address: /127.0.0.1:47100 at org.apache.ignite.spi.communication.tcp.TcpCommunicationSpi.createTcpClient(TcpCommunicationSpi.java:2504) ... 63 more Caused by: class org.apache.ignite.IgniteCheckedException: Remote node ID is not as expected [expected=e0cd4a40-6cc2-49f2-9536-b3453713f649, rcvd=e55562b0-c39f-4550-9d94-255fde805e52] at org.apache.ignite.spi.communication.tcp.TcpCommunicationSpi.safeHandshake(TcpCommunicationSpi.java:2614) at org.apache.ignite.spi.communication.tcp.TcpCommunicationSpi.createTcpClient(TcpCommunicationSpi.java:2371) ... 63 more -- View this message in context: http://apache-ignite-users.70518.x6.nabble.com/Random-SSL-unsupported-record-version-tp8406.html Sent from the Apache Ignite Users mailing list archive at Nabble.com.
Re: Random SSL unsupported record version
at org.apache.ignite.internal.util.nio.ssl.BlockingSslHandler.unwrapHandshake(BlockingSslHandler.java:363) at org.apache.ignite.internal.util.nio.ssl.BlockingSslHandler.handshake(BlockingSslHandler.java:149) at org.apache.ignite.spi.communication.tcp.TcpCommunicationSpi.safeHandshake(TcpCommunicationSpi.java:2578) ... 34 more Suppressed: class org.apache.ignite.IgniteCheckedException: Failed to connect to address: /0:0:0:0:0:0:0:1%lo:47100 at org.apache.ignite.spi.communication.tcp.TcpCommunicationSpi.createTcpClient(TcpCommunicationSpi.java:2504) ... 33 more Caused by: class org.apache.ignite.IgniteCheckedException: Remote node ID is not as expected [expected=5b963622-e822-4f96-a584-497852c9ef98, rcvd=02ba0cfc-b7d6-4c74-9a92-45bcb45c7ec9] at org.apache.ignite.spi.communication.tcp.TcpCommunicationSpi.safeHandshake(TcpCommunicationSpi.java:2614) at org.apache.ignite.spi.communication.tcp.TcpCommunicationSpi.createTcpClient(TcpCommunicationSpi.java:2371) ... 33 more Suppressed: class org.apache.ignite.IgniteCheckedException: Failed to connect to address: /127.0.0.1:47100 at org.apache.ignite.spi.communication.tcp.TcpCommunicationSpi.createTcpClient(TcpCommunicationSpi.java:2504) ... 33 more Caused by: class org.apache.ignite.IgniteCheckedException: Remote node ID is not as expected [expected=5b963622-e822-4f96-a584-497852c9ef98, rcvd=02ba0cfc-b7d6-4c74-9a92-45bcb45c7ec9] at org.apache.ignite.spi.communication.tcp.TcpCommunicationSpi.safeHandshake(TcpCommunicationSpi.java:2614) at org.apache.ignite.spi.communication.tcp.TcpCommunicationSpi.createTcpClient(TcpCommunicationSpi.java:2371) ... 33 more -- View this message in context: http://apache-ignite-users.70518.x6.nabble.com/Random-SSL-unsupported-record-version-tp8236p8349.html Sent from the Apache Ignite Users mailing list archive at Nabble.com.
Re: Random SSL unsupported record version
Well like I said the certificates I am using were from the ignite distribution. So if you used keytool to generate then I am assuming it is 1024. Are you saying I should try to create certificates that are less than 1024? Is this a bug in Ignite or java itself? -- View this message in context: http://apache-ignite-users.70518.x6.nabble.com/Random-SSL-unsupported-record-version-tp8236p8305.html Sent from the Apache Ignite Users mailing list archive at Nabble.com.
Re: Random SSL unsupported record version
Hi, I meant RSA (or other algorithm you use) key length in bytes. By default keytool uses 1024, but in case of longer keys you can get such an exception. -Val -- View this message in context: http://apache-ignite-users.70518.x6.nabble.com/Random-SSL-unsupported-record-version-tp8236p8300.html Sent from the Apache Ignite Users mailing list archive at Nabble.com.
Re: Random SSL unsupported record version
If you are referring the actual values being serialized they look like this. The key for image page is the UUID public abstract class ImagePage implements Serializable { private static final long serialVersionUID = 1L; private UUID id; /** Will be indexed on it's own and also participate in the group index for page access. */ @QuerySqlField(index = true, orderedGroups = {@QuerySqlField.Group(name = "doc_page_idx", order = 0, descending = true)}) private String documentId; /** Will participate in the group index sorted in ascending order. */ @QuerySqlField(orderedGroups = {@QuerySqlField.Group(name = "doc_page_idx", order = 1)}) private Integer pageNumber; private String pageFormat; private byte[] image; public ImagePage (String documentId, byte[] image, String pageFormat, Integer pageNumber) { this.id = UUID.randomUUID(); this.documentId = documentId; this.image = image; this.pageFormat = pageFormat; this.pageNumber = pageNumber; } -- I do see this message when attempting to serialize the DateTime object WARNING: Class "org.joda.time.chrono.ISOChronology$Stub" cannot be serialized using BinaryMarshaller because it either implements Externalizable interface or have writeObject/readObject methods. OptimizedMarshaller will be used instead and class instances will be deserialized on the server. Please ensure that all nodes have this class in classpath. To enable binary serialization either implement Binarylizable interface or set explicit serializer using BinaryTypeConfiguration.setSerializer() method. public class ConversionStatus implements Serializable { private static final long serialVersionUID = 2793398355157434057L; private static final int TIMEOUT_MINUTES = 3; private Integer pageCount = null; private ConversionStatusEnum conversionStatusEnum = ConversionStatusEnum.NOT_REQUESTED; private DateTime timeoutTime = null; -- View this message in context: http://apache-ignite-users.70518.x6.nabble.com/Random-SSL-unsupported-record-version-tp8236p8289.html Sent from the Apache Ignite Users mailing list archive at Nabble.com.
Re: Random SSL unsupported record version
The certificates I am using are the ones that shipped with the distribution. I changed the keystore password for client.jks server.jks and trust.jks. I also changed the keypass as well. I am using a 12 character key. -- View this message in context: http://apache-ignite-users.70518.x6.nabble.com/Random-SSL-unsupported-record-version-tp8236p8288.html Sent from the Apache Ignite Users mailing list archive at Nabble.com.
Re: Random SSL unsupported record version
Hi, Looks like there is an issue with SSL support when long keys are used. I'm investigating it right now. How long are the keys you're using? -Val -- View this message in context: http://apache-ignite-users.70518.x6.nabble.com/Random-SSL-unsupported-record-version-tp8236p8278.html Sent from the Apache Ignite Users mailing list archive at Nabble.com.
Random SSL unsupported record version
This is happening randomly but seeing this exception during cache updates Caused by: javax.net.ssl.SSLException: Unsupported record version Unknown-10.6 This is what the configuration looks like. Using default values for Key algorithm and protocols. All apps running under Java 1.8. Verbose output from keytool shows certificate fingerprints: MD5 SHA1 SHA256 Signature Algorithm: SHA1withRSA private SslContextFactory initializeSecurity () { SslContextFactory sslFactory = new SslContextFactory(); EncryptionHelper helper = new EncryptionHelper(seed); char[] decrypted = helper.decrypt(keystoreValue).toCharArray(); if (isClientMode()) { sslFactory.setKeyStoreFilePath(getKeystorePath() + "/" + "ignite-client.jks"); sslFactory.setKeyStorePassword(decrypted); sslFactory.setTrustManagers(SslContextFactory.getDisabledTrustManager()); } else { sslFactory.setKeyStoreFilePath(getKeystorePath() + "/" + "ignite-server.jks"); sslFactory.setKeyStorePassword(decrypted); sslFactory.setTrustStoreFilePath(getKeystorePath() + "/" + "ignite-trust.jks"); sslFactory.setTrustStorePassword(decrypted); } return sslFactory; } -- View this message in context: http://apache-ignite-users.70518.x6.nabble.com/Random-SSL-unsupported-record-version-tp8236.html Sent from the Apache Ignite Users mailing list archive at Nabble.com.