[jira] [Created] (NIFI-13369) 2.0.0-M3 Zookeeper TLS connection issue

Wed, 05 Jun 2024 12:15:38 -0700 

Night Gryphon created NIFI-13369:
------------------------------------

             Summary: 2.0.0-M3 Zookeeper TLS connection issue
                 Key: NIFI-13369
                 URL: https://issues.apache.org/jira/browse/NIFI-13369
             Project: Apache NiFi
          Issue Type: Bug
          Components: Core Framework, Security
    Affects Versions: 2.0.0-M3
         Environment: Ubuntu 22.04. 
NiFi: OpenJDK-21
Zookeeper: OpenJDK-11
            Reporter: Night Gryphon


After upgrading from 2.0.0-M2 to M3 NiFi can't connect existing Zookeeper 
cluster using SSL/TLS. That blocks upgrade to M3.

Looks like TLS version mismatch but NiFi don't have corresponding setting for 
zookeeper client TLS version.

Below is the error log
{code:java}
2024-06-05 20:21:14,543 INFO [epollEventLoopGroup-2-1] 
o.apache.zookeeper.ClientCnxnSocketNetty SSL handler added for channel: [id: 
0x5e8f288a]
2024-06-05 20:21:14,544 INFO [epollEventLoopGroup-2-1] 
o.apache.zookeeper.ClientCnxnSocketNetty channel is connected: [id: 0x5e8f288a, 
L:/10.10.0.145:14916 - R:zk3.nifi-test/10.10.0.14
3:2182]
2024-06-05 20:21:14,549 ERROR [epollEventLoopGroup-2-1] 
o.apache.zookeeper.ClientCnxnSocketNetty Unexpected throwable
io.netty.handler.codec.DecoderException: javax.net.ssl.SSLHandshakeException: 
Received fatal alert: protocol_version
    at 
io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:500)
    at 
io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:290)
    at 
io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:444)
    at 
io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:420)
    at 
io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:412)
    at 
io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1410)
    at 
io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:440)
    at 
io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:420)
    at 
io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:919)
    at 
io.netty.channel.epoll.AbstractEpollStreamChannel$EpollStreamUnsafe.epollInReady(AbstractEpollStreamChannel.java:801)
    at 
io.netty.channel.epoll.EpollEventLoop.processReady(EpollEventLoop.java:501)
    at io.netty.channel.epoll.EpollEventLoop.run(EpollEventLoop.java:399)
    at 
io.netty.util.concurrent.SingleThreadEventExecutor$4.run(SingleThreadEventExecutor.java:997)
    at io.netty.util.internal.ThreadExecutorMap$2.run(ThreadExecutorMap.java:74)
    at 
io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30)
    at java.base/java.lang.Thread.run(Thread.java:1583)
Caused by: javax.net.ssl.SSLHandshakeException: Received fatal alert: 
protocol_version
    at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:130)
    at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:117)
    at 
java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:365)
    at java.base/sun.security.ssl.Alert$AlertConsumer.consume(Alert.java:287)
    at 
java.base/sun.security.ssl.TransportContext.dispatch(TransportContext.java:204)
    at java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:172)
    at java.base/sun.security.ssl.SSLEngineImpl.decode(SSLEngineImpl.java:736)
    at 
java.base/sun.security.ssl.SSLEngineImpl.readRecord(SSLEngineImpl.java:691)
    at java.base/sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:506)
    at java.base/sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:482)
    at java.base/javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:679)
    at 
io.netty.handler.ssl.SslHandler$SslEngineType$3.unwrap(SslHandler.java:310)
    at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1445)
    at io.netty.handler.ssl.SslHandler.decodeJdkCompatible(SslHandler.java:1338)
    at io.netty.handler.ssl.SslHandler.decode(SslHandler.java:1387)
    at 
io.netty.handler.codec.ByteToMessageDecoder.decodeRemovalReentryProtection(ByteToMessageDecoder.java:530)
    at 
io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:469)
    ... 15 common frames omitted
2024-06-05 20:21:14,549 INFO [epollEventLoopGroup-2-1] 
o.apache.zookeeper.ClientCnxnSocketNetty channel is told closing
2024-06-05 20:21:14,549 INFO [epollEventLoopGroup-2-1] 
o.apache.zookeeper.ClientCnxnSocketNetty channel is disconnected: [id: 
0x5e8f288a, L:/10.10.0.145:14916 ! R:zk3.nifi-test/10.10.0
.143:2182]
 {code}



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to