[
https://issues.apache.org/jira/browse/ZOOKEEPER-4861?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Jerry Chung updated ZOOKEEPER-4861:
-----------------------------------
Description:
TLS is not established after the following warning message:
{{2024-09-06 20:55:34,307 [myid:] - WARN
[epollEventLoopGroup-4-1:o.a.z.s.NettyServerCnxnFactory$CnxnChannelHandler@302]
- Exception }}
{\{caught }}
{{{}io.netty.handler.codec.DecoderException:
javax.net.ssl.SSLHandshakeException: The client supported protocol versions
[TLSv1.2] are n{}}}{{{}ot accepted by server preferences [TLS13] {{}}}}
{\{ at
io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:499)
}}
{\{ at
io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:290)
}}
{\{ at
io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:444)
}}
{\{ at
io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:420)
}}
{\{ at
io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:412)
}}
{\{ at
io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1410)
}}
{\{ at
io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:440)
}}
{{ at
io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:420)}}
During the startup, zookeeper logs:
{{2024-09-06 20:54:49,778 [myid:] - INFO [main:o.a.z.c.X509Util@110] - Default
TLS protocol is TLSv1.3, supported TLS protocols are [ {{TLSv1.3, TLSv1.2,
TLSv1.1, TLSv1, SSLv3, SSLv2Hello]}}}}
This was noticed on the following environment:
* Zookeeper Client (3.9.0) - Zookeeper Server (3.9.1): When Zookeeper server
is running with Java 21. Client java version does not matter. This works with
Java 17.
* Zookeeper Client (3.9.1) - Zookeeper Server (3.9.2): It happens for Java 17
and Java 21
was:
TLS is not established after the following warning message:
{{2024-09-06 20:55:34,307 [myid:] - WARN
[epollEventLoopGroup-4-1:o.a.z.s.NettyServerCnxnFactory$CnxnChannelHandler@302]
- Exception }}
{{caught }}
{{{}io.netty.handler.codec.DecoderException:
javax.net.ssl.SSLHandshakeException: The client supported protocol versions
[TLSv1.2] are n{}}}{{{}ot accepted by server preferences [TLS13] {}}}
{{ at
io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:499)
}}
{{ at
io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:290)
}}
{{ at
io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:444)
}}
{{ at
io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:420)
}}
{{ at
io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:412)
}}
{{ at
io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1410)
}}
{{ at
io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:440)
}}
{{ at
io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:420)}}
During the startup, zookeeper logs:
{{2024-09-06 20:54:49,778 [myid:] - INFO [main:o.a.z.c.X509Util@110] - Default
TLS protocol is TLSv1.3, supported TLS protocols are [ }}
{{TLSv1.3, TLSv1.2, TLSv1.1, TLSv1, SSLv3, SSLv2Hello] }}
This was noticed on the following environment:
* Zookeeper Client (3.9.0) - Zookeeper Server (3.9.1): When Zookeeper server
is running with Java 21. Client java version does not matter. This works with
Java 17.
* Zookeeper Client (3.9.1) - Zookeeper Server (3.9.2): It happens for Java 17
and Java 21
> TLS compatibility issue
> -----------------------
>
> Key: ZOOKEEPER-4861
> URL: https://issues.apache.org/jira/browse/ZOOKEEPER-4861
> Project: ZooKeeper
> Issue Type: Bug
> Components: server
> Affects Versions: 3.9.0, 3.9.1, 3.9.2
> Reporter: Jerry Chung
> Priority: Major
>
> TLS is not established after the following warning message:
> {{2024-09-06 20:55:34,307 [myid:] - WARN
> [epollEventLoopGroup-4-1:o.a.z.s.NettyServerCnxnFactory$CnxnChannelHandler@302]
> - Exception }}
> {\{caught }}
> {{{}io.netty.handler.codec.DecoderException:
> javax.net.ssl.SSLHandshakeException: The client supported protocol versions
> [TLSv1.2] are n{}}}{{{}ot accepted by server preferences [TLS13] {{}}}}
> {\{ at
> io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:499)
> }}
> {\{ at
> io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:290)
> }}
> {\{ at
> io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:444)
> }}
> {\{ at
> io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:420)
> }}
> {\{ at
> io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:412)
> }}
> {\{ at
> io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1410)
> }}
> {\{ at
> io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:440)
> }}
> {{ at
> io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:420)}}
> During the startup, zookeeper logs:
> {{2024-09-06 20:54:49,778 [myid:] - INFO [main:o.a.z.c.X509Util@110] -
> Default TLS protocol is TLSv1.3, supported TLS protocols are [ {{TLSv1.3,
> TLSv1.2, TLSv1.1, TLSv1, SSLv3, SSLv2Hello]}}}}
>
> This was noticed on the following environment:
> * Zookeeper Client (3.9.0) - Zookeeper Server (3.9.1): When Zookeeper server
> is running with Java 21. Client java version does not matter. This works with
> Java 17.
> * Zookeeper Client (3.9.1) - Zookeeper Server (3.9.2): It happens for Java
> 17 and Java 21
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
