This is an automated email from the ASF dual-hosted git repository.
jiangtian pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/iotdb.git
The following commit(s) were added to refs/heads/master by this push:
new 2d9afef27d2 Throw exception when client with ssl try to connect with
server without ssl (#16504)
2d9afef27d2 is described below
commit 2d9afef27d2becdf309b37328d521e47ab1a5f9e
Author: Haonan <[email protected]>
AuthorDate: Sun Sep 28 16:07:33 2025 +0800
Throw exception when client with ssl try to connect with server without ssl
(#16504)
---
example/jdbc/pom.xml | 8 +++++
.../apache/iotdb/rpc/TElasticFramedTransport.java | 17 +++++++++-
.../iotdb/rpc/TElasticFramedTransportTest.java | 37 ++++++++++++++++++++++
3 files changed, 61 insertions(+), 1 deletion(-)
diff --git a/example/jdbc/pom.xml b/example/jdbc/pom.xml
index 54899831be4..83f397d63ef 100644
--- a/example/jdbc/pom.xml
+++ b/example/jdbc/pom.xml
@@ -39,5 +39,13 @@
<artifactId>iotdb-jdbc</artifactId>
<version>${project.version}</version>
</dependency>
+ <dependency>
+ <groupId>org.slf4j</groupId>
+ <artifactId>slf4j-api</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>ch.qos.logback</groupId>
+ <artifactId>logback-classic</artifactId>
+ </dependency>
</dependencies>
</project>
diff --git
a/iotdb-client/service-rpc/src/main/java/org/apache/iotdb/rpc/TElasticFramedTransport.java
b/iotdb-client/service-rpc/src/main/java/org/apache/iotdb/rpc/TElasticFramedTransport.java
index 5cc626fff2f..05a6a83117d 100644
---
a/iotdb-client/service-rpc/src/main/java/org/apache/iotdb/rpc/TElasticFramedTransport.java
+++
b/iotdb-client/service-rpc/src/main/java/org/apache/iotdb/rpc/TElasticFramedTransport.java
@@ -149,13 +149,28 @@ public class TElasticFramedTransport extends TTransport {
TTransportException.CORRUPTED_DATA,
"Singular frame size ("
+ size
- + ") detected, you may be sending HTTP GET/POST requests to
the Thrift-RPC port, please confirm that you are using the right port");
+ + ") detected, you may be sending HTTP GET/POST requests to
the Thrift-RPC port, "
+ + "please confirm that you are using the right port");
} else {
throw new TTransportException(
TTransportException.CORRUPTED_DATA,
"Frame size (" + size + ") larger than protect max size (" +
thriftMaxFrameSize + ")!");
}
}
+
+ int high24 = size >>> 8;
+ if (high24 >= 0x160300 && high24 <= 0x160303 && (i32buf[3] & 0xFF) <=
0x02) {
+ // The typical TLS ClientHello requests start with 0x160300 ~ 0x160303
+ // The 4th byte is typically in [0x00, 0x01, 0x02].
+ close();
+ throw new TTransportException(
+ TTransportException.CORRUPTED_DATA,
+ "Singular frame size ("
+ + size
+ + ") detected, you may be sending TLS ClientHello requests to
the Non-SSL Thrift-RPC"
+ + " port, please confirm that you are using the right
configuration");
+ }
+
readBuffer.fill(underlying, size);
}
diff --git
a/iotdb-client/service-rpc/src/test/java/org/apache/iotdb/rpc/TElasticFramedTransportTest.java
b/iotdb-client/service-rpc/src/test/java/org/apache/iotdb/rpc/TElasticFramedTransportTest.java
index 086dc338250..d9e99ec8232 100644
---
a/iotdb-client/service-rpc/src/test/java/org/apache/iotdb/rpc/TElasticFramedTransportTest.java
+++
b/iotdb-client/service-rpc/src/test/java/org/apache/iotdb/rpc/TElasticFramedTransportTest.java
@@ -67,5 +67,42 @@ public class TElasticFramedTransportTest {
"Singular frame size (1347375956) detected, you may be sending HTTP
GET/POST requests to the Thrift-RPC port, please confirm that you are using the
right port",
e.getMessage());
}
+
+ try {
+ TElasticFramedTransport transport =
+ new TElasticFramedTransport(
+ new
TByteBuffer(ByteBuffer.wrap(getTypicalTLSClientHelloByteArray())),
+ 128 * 1024 * 1024,
+ 512 * 1024 * 1024,
+ false);
+ transport.open();
+ transport.read(ByteBuffer.allocate(4096));
+ fail("Exception expected");
+ } catch (TTransportException e) {
+ assertEquals(
+ "Singular frame size (369296129) detected, you may be sending TLS
ClientHello requests to the Non-SSL Thrift-RPC port, please confirm that you
are using the right configuration",
+ e.getMessage());
+ }
+ }
+
+ private static byte[] getTypicalTLSClientHelloByteArray() {
+ String clientHelloHex =
+
"16030301B3010001AF0303CEC349A4962AFCE0390D4E33D24050D1BF6B1CA63B190A25"
+ +
"BCFB83D87A3E352C20187B978A0EB2F554EC0E41A4CA34B850B2CE472EAB7B3F58443DE7CDBE901412004A13"
+ +
"0213011303C02CC02BCCA9C030CCA8C02F009FCCAA00A3009E00A2C024C028C023C027006B006A00670040C0"
+ +
"0AC014C009C0130039003800330032009D009C003D003C0035002F00FF0100011C000500050100000000000A"
+ +
"00160014001D001700180019001E01000101010201030104000B000201000011000900070200040000000000"
+ +
"17000000230000000D002C002A040305030603080708080804080508060809080A080B040105010601040203"
+ +
"0303010302020302010202002B00050403040303002D000201010032002C002A040305030603080708080804"
+ +
"080508060809080A080B04010501060104020303030103020203020102020033006B0069001D002097B98B24"
+ +
"B9A97EB7C913BDB8B363E79C9D47935264B2CF83BF422571FBD41C360017004104FC839279D372DCB60680D2"
+ +
"81B3DC8D3B88F6231A880A3650FD45322A79C9EA14CE073C0B71FC0AF9683BFC6DA95EB23B4122EC9E09EB7F"
+ + "88FF565415DDF44367";
+ byte[] bytes = new byte[clientHelloHex.length() / 2];
+ for (int i = 0; i < clientHelloHex.length(); i += 2) {
+ int value = Integer.parseInt(clientHelloHex.substring(i, i + 2), 16);
+ bytes[i / 2] = (byte) value;
+ }
+ return bytes;
}
}
