Tommy Stendahl created CASSANDRA-14842: ------------------------------------------
Summary: SSL connection problems when upgrading to 4.0 Key: CASSANDRA-14842 URL: https://issues.apache.org/jira/browse/CASSANDRA-14842 Project: Cassandra Issue Type: Bug Reporter: Tommy Stendahl While testing to upgrade from 3.0.15 to 4.0 the old nodes fails to connect to the 4.0 node, I get this exception on the 4.0 node: {noformat} 2018-10-22T11:57:44.366+0200 ERROR [MessagingService-NettyInbound-Thread-3-8] InboundHandshakeHandler.java:300 Failed to properly handshake with peer /10.216.193.246:58296. Closing the channel. io.netty.handler.codec.DecoderException: javax.net.ssl.SSLHandshakeException: SSLv2Hello is disabled at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:459) at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:265) at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:362) at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:348) at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:340) at io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1434) at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:362) at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:348) at io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:965) at io.netty.channel.epoll.AbstractEpollStreamChannel$EpollStreamUnsafe.epollInReady(AbstractEpollStreamChannel.java:808) at io.netty.channel.epoll.EpollEventLoop.processReady(EpollEventLoop.java:417) at io.netty.channel.epoll.EpollEventLoop.run(EpollEventLoop.java:317) at io.netty.util.concurrent.SingleThreadEventExecutor$5.run(SingleThreadEventExecutor.java:884) at io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30) at java.lang.Thread.run(Thread.java:748) Caused by: javax.net.ssl.SSLHandshakeException: SSLv2Hello is disabled at sun.security.ssl.InputRecord.handleUnknownRecord(InputRecord.java:637) at sun.security.ssl.InputRecord.read(InputRecord.java:527) at sun.security.ssl.EngineInputRecord.read(EngineInputRecord.java:382) at sun.security.ssl.SSLEngineImpl.readRecord(SSLEngineImpl.java:962) at sun.security.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:907) at sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:781) at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:624) at io.netty.handler.ssl.SslHandler$SslEngineType$3.unwrap(SslHandler.java:294) at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1275) at io.netty.handler.ssl.SslHandler.decodeJdkCompatible(SslHandler.java:1177) at io.netty.handler.ssl.SslHandler.decode(SslHandler.java:1221) at io.netty.handler.codec.ByteToMessageDecoder.decodeRemovalReentryProtection(ByteToMessageDecoder.java:489) at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:428) ... 14 common frames omitted{noformat} In the server encryption options on the 4.0 node I have both "enabled and "enable_legacy_ssl_storage_port" set to true so it should accept incoming connections on the "ssl_storage_port". I have also tried to upgrade from 3.11.3 to 4.0 and this was also unsuccessful. the 4.0 node does not establish any connection to the old nodes but I can't find any errors in the logs. -- This message was sent by Atlassian JIRA (v7.6.3#76005) --------------------------------------------------------------------- To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org