Thanks again Koji for replying and understanding my concern, I did apply the changes you suggested but still i'm getting same SSLHandshake error. I believe the Site2Site Remote Listener doesn't run a server socket with the hostname we specify in *'nifi.remote.input.host'* in nifi.properties instead it uses wildcard ipaddress *0.0.0.0* to bind serversocket to all network interfaces to listen for incoming request from site-to-site client, please check this line of code - link for code line in socketremotelisterner class <https://github.com/apache/nifi/blob/master/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-site-to-site/src/main/java/org/apache/nifi/remote/SocketRemoteSiteListener.java#L97> . Since the serversocket is listening on all network interfaces and it waits for the client to accept the connection, it runs a continuous while loop waiting to accept the connection from client, please check this segment of code as well https://github.com/apache/nifi/blob/master/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-site-to-site/src/main/java/org/apache/nifi/remote/SocketRemoteSiteListener.java#L123-L129 <https://github.com/apache/nifi/blob/master/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-site-to-site/src/main/java/org/apache/nifi/remote/SocketRemoteSiteListener.java#L123-L129> . In kubernetes, some anonymous client is able to get through the connection to serversocket and while performing handshake its throwing the SSLHandshake error.
This anonymous client has hostname which as ip-10-200-25-3.compute.internal with randorm port and thats how the socketremotelisterner tries to creates SSLsocketchannel with this anonymous client and it throws the error. Please see the attached image i created explaining the root cause for this error, Please do suggest if I'm correct or wrong. <http://apache-nifi-developer-list.39713.n7.nabble.com/file/t869/s2s-error.png> Thanks again, Nadeem -- Sent from: http://apache-nifi-developer-list.39713.n7.nabble.com/