Night Gryphon created NIFI-13369: ------------------------------------ Summary: 2.0.0-M3 Zookeeper TLS connection issue Key: NIFI-13369 URL: https://issues.apache.org/jira/browse/NIFI-13369 Project: Apache NiFi Issue Type: Bug Components: Core Framework, Security Affects Versions: 2.0.0-M3 Environment: Ubuntu 22.04. NiFi: OpenJDK-21 Zookeeper: OpenJDK-11 Reporter: Night Gryphon
After upgrading from 2.0.0-M2 to M3 NiFi can't connect existing Zookeeper cluster using SSL/TLS. That blocks upgrade to M3. Looks like TLS version mismatch but NiFi don't have corresponding setting for zookeeper client TLS version. Below is the error log {code:java} 2024-06-05 20:21:14,543 INFO [epollEventLoopGroup-2-1] o.apache.zookeeper.ClientCnxnSocketNetty SSL handler added for channel: [id: 0x5e8f288a] 2024-06-05 20:21:14,544 INFO [epollEventLoopGroup-2-1] o.apache.zookeeper.ClientCnxnSocketNetty channel is connected: [id: 0x5e8f288a, L:/10.10.0.145:14916 - R:zk3.nifi-test/10.10.0.14 3:2182] 2024-06-05 20:21:14,549 ERROR [epollEventLoopGroup-2-1] o.apache.zookeeper.ClientCnxnSocketNetty Unexpected throwable io.netty.handler.codec.DecoderException: javax.net.ssl.SSLHandshakeException: Received fatal alert: protocol_version at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:500) at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:290) at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:444) at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:420) at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:412) at io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1410) at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:440) at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:420) at io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:919) at io.netty.channel.epoll.AbstractEpollStreamChannel$EpollStreamUnsafe.epollInReady(AbstractEpollStreamChannel.java:801) at io.netty.channel.epoll.EpollEventLoop.processReady(EpollEventLoop.java:501) at io.netty.channel.epoll.EpollEventLoop.run(EpollEventLoop.java:399) at io.netty.util.concurrent.SingleThreadEventExecutor$4.run(SingleThreadEventExecutor.java:997) at io.netty.util.internal.ThreadExecutorMap$2.run(ThreadExecutorMap.java:74) at io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30) at java.base/java.lang.Thread.run(Thread.java:1583) Caused by: javax.net.ssl.SSLHandshakeException: Received fatal alert: protocol_version at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:130) at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:117) at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:365) at java.base/sun.security.ssl.Alert$AlertConsumer.consume(Alert.java:287) at java.base/sun.security.ssl.TransportContext.dispatch(TransportContext.java:204) at java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:172) at java.base/sun.security.ssl.SSLEngineImpl.decode(SSLEngineImpl.java:736) at java.base/sun.security.ssl.SSLEngineImpl.readRecord(SSLEngineImpl.java:691) at java.base/sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:506) at java.base/sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:482) at java.base/javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:679) at io.netty.handler.ssl.SslHandler$SslEngineType$3.unwrap(SslHandler.java:310) at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1445) at io.netty.handler.ssl.SslHandler.decodeJdkCompatible(SslHandler.java:1338) at io.netty.handler.ssl.SslHandler.decode(SslHandler.java:1387) at io.netty.handler.codec.ByteToMessageDecoder.decodeRemovalReentryProtection(ByteToMessageDecoder.java:530) at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:469) ... 15 common frames omitted 2024-06-05 20:21:14,549 INFO [epollEventLoopGroup-2-1] o.apache.zookeeper.ClientCnxnSocketNetty channel is told closing 2024-06-05 20:21:14,549 INFO [epollEventLoopGroup-2-1] o.apache.zookeeper.ClientCnxnSocketNetty channel is disconnected: [id: 0x5e8f288a, L:/10.10.0.145:14916 ! R:zk3.nifi-test/10.10.0 .143:2182] {code} -- This message was sent by Atlassian Jira (v8.20.10#820010)