[jira] [Commented] (CASSANDRA-10735) Support netty openssl (netty-tcnative) for client encryption

Niten Aggarwal (JIRA) Tue, 16 Apr 2019 16:33:53 -0700


    [ 
https://issues.apache.org/jira/browse/CASSANDRA-10735?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16819595#comment-16819595
 ]


Niten Aggarwal commented on CASSANDRA-10735:
--------------------------------------------

Hi @Jason,

I tried upgrading my driver to 4.0 with SSL and getting below exception. 
Truststore is valid becaise if i change password, it gives me authentication 
error. I believe either it needs socket timeout setting?

Another question on this topic.. This Jira was suppose to solve " Support netty 
openssl (netty-tcnative) for client encryption" but as per configuration it 
only provides Default JDK ssl. How to enable SSL for openSSL?? If we have to 
write our custom SSL handler, I believe that's not the intent of Jira??

 

16:22:04.624 [s0-admin-1] WARN  c.d.o.d.i.c.c.ControlConnection - [s0] Error 
connecting to idpcsbmdevdpl002.vci.att.com/135.198.127.60:7011, trying next node
com.datastax.oss.driver.api.core.connection.ConnectionInitException: 
[s0|control|id: 0x8f1cc575, L:/135.165.156.72:62524 - 
R:idpcsbmdevdpl002.vci.att.com/135.198.127.60:7011] init query STARTUP: error 
writing 
    at 
com.datastax.oss.driver.internal.core.channel.ProtocolInitHandler$InitRequest.fail(ProtocolInitHandler.java:297)
    at 
com.datastax.oss.driver.internal.core.channel.ChannelHandlerRequest.writeListener(ChannelHandlerRequest.java:74)
    at 
io.netty.util.concurrent.DefaultPromise.notifyListener0(DefaultPromise.java:502)
    at 
io.netty.util.concurrent.DefaultPromise.notifyListeners0(DefaultPromise.java:495)
    at 
io.netty.util.concurrent.DefaultPromise.notifyListenersNow(DefaultPromise.java:474)
    at 
io.netty.util.concurrent.DefaultPromise.notifyListeners(DefaultPromise.java:415)
    at 
io.netty.util.concurrent.DefaultPromise.setValue0(DefaultPromise.java:540)
    at 
io.netty.util.concurrent.DefaultPromise.setFailure0(DefaultPromise.java:533)
    at 
io.netty.util.concurrent.DefaultPromise.tryFailure(DefaultPromise.java:114)
    at 
io.netty.util.internal.PromiseNotificationUtil.tryFailure(PromiseNotificationUtil.java:64)
    at 
io.netty.channel.DelegatingChannelPromiseNotifier.operationComplete(DelegatingChannelPromiseNotifier.java:57)
    at 
io.netty.channel.DelegatingChannelPromiseNotifier.operationComplete(DelegatingChannelPromiseNotifier.java:31)
    at 
io.netty.util.concurrent.DefaultPromise.notifyListener0(DefaultPromise.java:502)
    at 
io.netty.util.concurrent.DefaultPromise.notifyListenersNow(DefaultPromise.java:476)
    at 
io.netty.util.concurrent.DefaultPromise.notifyListeners(DefaultPromise.java:415)
    at 
io.netty.util.concurrent.DefaultPromise.setValue0(DefaultPromise.java:540)
    at 
io.netty.util.concurrent.DefaultPromise.setFailure0(DefaultPromise.java:533)
    at 
io.netty.util.concurrent.DefaultPromise.tryFailure(DefaultPromise.java:114)
    at 
io.netty.util.internal.PromiseNotificationUtil.tryFailure(PromiseNotificationUtil.java:64)
    at 
io.netty.channel.DelegatingChannelPromiseNotifier.operationComplete(DelegatingChannelPromiseNotifier.java:57)
    at 
io.netty.channel.DelegatingChannelPromiseNotifier.operationComplete(DelegatingChannelPromiseNotifier.java:31)
    at 
io.netty.util.concurrent.DefaultPromise.notifyListener0(DefaultPromise.java:502)
    at 
io.netty.util.concurrent.DefaultPromise.notifyListenersNow(DefaultPromise.java:476)
    at 
io.netty.util.concurrent.DefaultPromise.notifyListeners(DefaultPromise.java:415)
    at 
io.netty.util.concurrent.DefaultPromise.setValue0(DefaultPromise.java:540)
    at 
io.netty.util.concurrent.DefaultPromise.setFailure0(DefaultPromise.java:533)
    at 
io.netty.util.concurrent.DefaultPromise.tryFailure(DefaultPromise.java:114)
    at io.netty.handler.ssl.SslHandler.wrap(SslHandler.java:847)
    at io.netty.handler.ssl.SslHandler.wrapAndFlush(SslHandler.java:810)
    at 
io.netty.handler.ssl.SslHandler.handleUnwrapThrowable(SslHandler.java:1255)
    at io.netty.handler.ssl.SslHandler.decodeJdkCompatible(SslHandler.java:1231)
    at io.netty.handler.ssl.SslHandler.decode(SslHandler.java:1272)
    at 
io.netty.handler.codec.ByteToMessageDecoder.decodeRemovalReentryProtection(ByteToMessageDecoder.java:502)
    at 
io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:441)
    at 
io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:278)
    at 
io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:359)
    at 
io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:345)
    at 
io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:337)
    at 
io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1408)
    at 
io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:359)
    at 
io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:345)
    at 
io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:930)
    at 
io.netty.channel.nio.AbstractNioByteChannel$NioByteUnsafe.read(AbstractNioByteChannel.java:163)
    at 
io.netty.channel.nio.NioEventLoop.processSelectedKey(NioEventLoop.java:677)
    at 
io.netty.channel.nio.NioEventLoop.processSelectedKeysOptimized(NioEventLoop.java:612)
    at 
io.netty.channel.nio.NioEventLoop.processSelectedKeys(NioEventLoop.java:529)
    at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:491)
    at 
io.netty.util.concurrent.SingleThreadEventExecutor$5.run(SingleThreadEventExecutor.java:905)
    at 
io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30)
    at java.lang.Thread.run(Thread.java:748)
Caused by: javax.net.ssl.SSLException: SSLEngine closed already
    at io.netty.handler.ssl.SslHandler.wrap(...)(Unknown Source)

> Support netty openssl (netty-tcnative) for client encryption
> ------------------------------------------------------------
>
>                 Key: CASSANDRA-10735
>                 URL: https://issues.apache.org/jira/browse/CASSANDRA-10735
>             Project: Cassandra
>          Issue Type: Improvement
>            Reporter: Andy Tolbert
>            Assignee: Jason Brown
>            Priority: Normal
>             Fix For: 4.0
>
>         Attachments: netty-ssl-trunk.tgz, nettyssl-bench.tgz, 
> nettysslbench.png, nettysslbench_small.png, sslbench12-03.png
>
>
> The java-driver recently added support for using netty openssl via 
> [netty-tcnative|http://netty.io/wiki/forked-tomcat-native.html] in 
> [JAVA-841|https://datastax-oss.atlassian.net/browse/JAVA-841], this shows a 
> very measured improvement (numbers incoming on that ticket).   It seems 
> likely that this can offer improvement if implemented C* side as well.
> Since netty-tcnative has platform specific requirements, this should not be 
> made the default, but rather be an option that one can use.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org
For additional commands, e-mail: commits-h...@cassandra.apache.org

[jira] [Commented] (CASSANDRA-10735) Support netty openssl (netty-tcnative) for client encryption

Reply via email to