[ https://issues.apache.org/jira/browse/CASSANDRA-14842?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16662348#comment-16662348 ]
Tommy Stendahl edited comment on CASSANDRA-14842 at 10/25/18 11:38 AM: ----------------------------------------------------------------------- The issue when upgrading from 3.0.x still remains the same. I activated wire trace in {{NettyFactory.java}} to get some more logging. {noformat} 2018-10-24T15:13:31.724+0200 [MessagingService-NettyInbound-Thread-3-3] INFO i.n.u.internal.logging.Slf4JLogger:101 info [id: 0x68a0cdd6, L:/10.216.193.242:12701 - R:/10.216.193.243:60911] REGISTERED 2018-10-24T15:13:31.725+0200 [MessagingService-NettyInbound-Thread-3-3] INFO i.n.u.internal.logging.Slf4JLogger:101 info [id: 0x68a0cdd6, L:/10.216.193.242:12701 - R:/10.216.193.243:60911] ACTIVE 2018-10-24T15:13:31.725+0200 [MessagingService-NettyInbound-Thread-3-3] INFO i.n.u.internal.logging.Slf4JLogger:101 info [id: 0x68a0cdd6, L:/10.216.193.242:12701 - R:/10.216.193.243:60911] USER_EVENT: SslHandshakeCompletionEvent(javax.net.ssl.SSLHandshakeException: SSLv2Hello is disabled) 2018-10-24T15:13:31.725+0200 [MessagingService-NettyInbound-Thread-3-3] INFO i.n.u.internal.logging.Slf4JLogger:121 info [id: 0x68a0cdd6, L:/10.216.193.242:12701 ! R:/10.216.193.243:60911] EXCEPTION: io.netty.handler.codec.DecoderException: javax.net.ssl.SSLHandshakeException: SSLv2Hello is disabled io.netty.handler.codec.DecoderException: javax.net.ssl.SSLHandshakeException: SSLv2Hello is disabled at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:459) at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:265) at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:362) at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:348) at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:340) at io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1434) at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:362) at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:348) at io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:965) at io.netty.channel.epoll.AbstractEpollStreamChannel$EpollStreamUnsafe.epollInReady(AbstractEpollStreamChannel.java:808) at io.netty.channel.epoll.EpollEventLoop.processReady(EpollEventLoop.java:417) at io.netty.channel.epoll.EpollEventLoop.run(EpollEventLoop.java:317) at io.netty.util.concurrent.SingleThreadEventExecutor$5.run(SingleThreadEventExecutor.java:884) at io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30) at java.lang.Thread.run(Thread.java:748) Caused by: javax.net.ssl.SSLHandshakeException: SSLv2Hello is disabled at sun.security.ssl.InputRecord.handleUnknownRecord(InputRecord.java:637) at sun.security.ssl.InputRecord.read(InputRecord.java:527) at sun.security.ssl.EngineInputRecord.read(EngineInputRecord.java:382) at sun.security.ssl.SSLEngineImpl.readRecord(SSLEngineImpl.java:962) at sun.security.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:907) at sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:781) at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:624) at io.netty.handler.ssl.SslHandler$SslEngineType$3.unwrap(SslHandler.java:294) at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1275) at io.netty.handler.ssl.SslHandler.decodeJdkCompatible(SslHandler.java:1177) at io.netty.handler.ssl.SslHandler.decode(SslHandler.java:1221) at io.netty.handler.codec.ByteToMessageDecoder.decodeRemovalReentryProtection(ByteToMessageDecoder.java:489) at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:428) ... 14 common frames omitted 2018-10-24T15:13:31.725+0200 [MessagingService-NettyInbound-Thread-3-3] ERROR o.a.c.n.a.InboundHandshakeHandler:300 exceptionCaught Failed to properly handshake with peer /10.216.193.243:60911. Closing the channel. io.netty.handler.codec.DecoderException: javax.net.ssl.SSLHandshakeException: SSLv2Hello is disabled at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:459) at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:265) at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:362) at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:348) at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:340) at io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1434) at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:362) at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:348) at io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:965) at io.netty.channel.epoll.AbstractEpollStreamChannel$EpollStreamUnsafe.epollInReady(AbstractEpollStreamChannel.java:808) at io.netty.channel.epoll.EpollEventLoop.processReady(EpollEventLoop.java:417) at io.netty.channel.epoll.EpollEventLoop.run(EpollEventLoop.java:317) at io.netty.util.concurrent.SingleThreadEventExecutor$5.run(SingleThreadEventExecutor.java:884) at io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30) at java.lang.Thread.run(Thread.java:748) Caused by: javax.net.ssl.SSLHandshakeException: SSLv2Hello is disabled at sun.security.ssl.InputRecord.handleUnknownRecord(InputRecord.java:637) at sun.security.ssl.InputRecord.read(InputRecord.java:527) at sun.security.ssl.EngineInputRecord.read(EngineInputRecord.java:382) at sun.security.ssl.SSLEngineImpl.readRecord(SSLEngineImpl.java:962) at sun.security.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:907) at sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:781) at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:624) at io.netty.handler.ssl.SslHandler$SslEngineType$3.unwrap(SslHandler.java:294) at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1275) at io.netty.handler.ssl.SslHandler.decodeJdkCompatible(SslHandler.java:1177) at io.netty.handler.ssl.SslHandler.decode(SslHandler.java:1221) at io.netty.handler.codec.ByteToMessageDecoder.decodeRemovalReentryProtection(ByteToMessageDecoder.java:489) at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:428) ... 14 common frames omitted 2018-10-24T15:13:31.725+0200 [MessagingService-NettyInbound-Thread-3-3] INFO i.n.u.internal.logging.Slf4JLogger:101 info [id: 0x68a0cdd6, L:/10.216.193.242:12701 ! R:/10.216.193.243:60911] CLOSE 2018-10-24T15:13:31.725+0200 [MessagingService-NettyInbound-Thread-3-3] INFO i.n.u.internal.logging.Slf4JLogger:101 info [id: 0x68a0cdd6, L:/10.216.193.242:12701 ! R:/10.216.193.243:60911] READ COMPLETE 2018-10-24T15:13:31.725+0200 [MessagingService-NettyInbound-Thread-3-3] INFO i.n.u.internal.logging.Slf4JLogger:101 info [id: 0x68a0cdd6, L:/10.216.193.242:12701 ! R:/10.216.193.243:60911] USER_EVENT: SslCloseCompletionEvent(java.nio.channels.ClosedChannelException) 2018-10-24T15:13:31.726+0200 [MessagingService-NettyInbound-Thread-3-3] INFO i.n.u.internal.logging.Slf4JLogger:101 info [id: 0x68a0cdd6, L:/10.216.193.242:12701 ! R:/10.216.193.243:60911] INACTIVE 2018-10-24T15:13:31.726+0200 [MessagingService-NettyInbound-Thread-3-3] INFO i.n.u.internal.logging.Slf4JLogger:101 info [id: 0x68a0cdd6, L:/10.216.193.242:12701 ! R:/10.216.193.243:60911] CLOSE 2018-10-24T15:13:31.726+0200 [MessagingService-NettyInbound-Thread-3-3] INFO i.n.u.internal.logging.Slf4JLogger:101 info [id: 0x68a0cdd6, L:/10.216.193.242:12701 ! R:/10.216.193.243:60911] UNREGISTERED {noformat} I will see if I can enable the ssl debugging also. was (Author: tommy_s): I have done some more testing during the day and upgrading from 3.11.3 seams to be working, I will verify this tomorrow just be sure. The issue when upgrading from 3.0.x still remains the same. I activated wire trace in {{NettyFactory.java}} to get some more logging. {noformat} 2018-10-24T15:13:31.724+0200 [MessagingService-NettyInbound-Thread-3-3] INFO i.n.u.internal.logging.Slf4JLogger:101 info [id: 0x68a0cdd6, L:/10.216.193.242:12701 - R:/10.216.193.243:60911] REGISTERED 2018-10-24T15:13:31.725+0200 [MessagingService-NettyInbound-Thread-3-3] INFO i.n.u.internal.logging.Slf4JLogger:101 info [id: 0x68a0cdd6, L:/10.216.193.242:12701 - R:/10.216.193.243:60911] ACTIVE 2018-10-24T15:13:31.725+0200 [MessagingService-NettyInbound-Thread-3-3] INFO i.n.u.internal.logging.Slf4JLogger:101 info [id: 0x68a0cdd6, L:/10.216.193.242:12701 - R:/10.216.193.243:60911] USER_EVENT: SslHandshakeCompletionEvent(javax.net.ssl.SSLHandshakeException: SSLv2Hello is disabled) 2018-10-24T15:13:31.725+0200 [MessagingService-NettyInbound-Thread-3-3] INFO i.n.u.internal.logging.Slf4JLogger:121 info [id: 0x68a0cdd6, L:/10.216.193.242:12701 ! R:/10.216.193.243:60911] EXCEPTION: io.netty.handler.codec.DecoderException: javax.net.ssl.SSLHandshakeException: SSLv2Hello is disabled io.netty.handler.codec.DecoderException: javax.net.ssl.SSLHandshakeException: SSLv2Hello is disabled at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:459) at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:265) at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:362) at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:348) at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:340) at io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1434) at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:362) at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:348) at io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:965) at io.netty.channel.epoll.AbstractEpollStreamChannel$EpollStreamUnsafe.epollInReady(AbstractEpollStreamChannel.java:808) at io.netty.channel.epoll.EpollEventLoop.processReady(EpollEventLoop.java:417) at io.netty.channel.epoll.EpollEventLoop.run(EpollEventLoop.java:317) at io.netty.util.concurrent.SingleThreadEventExecutor$5.run(SingleThreadEventExecutor.java:884) at io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30) at java.lang.Thread.run(Thread.java:748) Caused by: javax.net.ssl.SSLHandshakeException: SSLv2Hello is disabled at sun.security.ssl.InputRecord.handleUnknownRecord(InputRecord.java:637) at sun.security.ssl.InputRecord.read(InputRecord.java:527) at sun.security.ssl.EngineInputRecord.read(EngineInputRecord.java:382) at sun.security.ssl.SSLEngineImpl.readRecord(SSLEngineImpl.java:962) at sun.security.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:907) at sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:781) at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:624) at io.netty.handler.ssl.SslHandler$SslEngineType$3.unwrap(SslHandler.java:294) at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1275) at io.netty.handler.ssl.SslHandler.decodeJdkCompatible(SslHandler.java:1177) at io.netty.handler.ssl.SslHandler.decode(SslHandler.java:1221) at io.netty.handler.codec.ByteToMessageDecoder.decodeRemovalReentryProtection(ByteToMessageDecoder.java:489) at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:428) ... 14 common frames omitted 2018-10-24T15:13:31.725+0200 [MessagingService-NettyInbound-Thread-3-3] ERROR o.a.c.n.a.InboundHandshakeHandler:300 exceptionCaught Failed to properly handshake with peer /10.216.193.243:60911. Closing the channel. io.netty.handler.codec.DecoderException: javax.net.ssl.SSLHandshakeException: SSLv2Hello is disabled at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:459) at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:265) at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:362) at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:348) at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:340) at io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1434) at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:362) at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:348) at io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:965) at io.netty.channel.epoll.AbstractEpollStreamChannel$EpollStreamUnsafe.epollInReady(AbstractEpollStreamChannel.java:808) at io.netty.channel.epoll.EpollEventLoop.processReady(EpollEventLoop.java:417) at io.netty.channel.epoll.EpollEventLoop.run(EpollEventLoop.java:317) at io.netty.util.concurrent.SingleThreadEventExecutor$5.run(SingleThreadEventExecutor.java:884) at io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30) at java.lang.Thread.run(Thread.java:748) Caused by: javax.net.ssl.SSLHandshakeException: SSLv2Hello is disabled at sun.security.ssl.InputRecord.handleUnknownRecord(InputRecord.java:637) at sun.security.ssl.InputRecord.read(InputRecord.java:527) at sun.security.ssl.EngineInputRecord.read(EngineInputRecord.java:382) at sun.security.ssl.SSLEngineImpl.readRecord(SSLEngineImpl.java:962) at sun.security.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:907) at sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:781) at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:624) at io.netty.handler.ssl.SslHandler$SslEngineType$3.unwrap(SslHandler.java:294) at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1275) at io.netty.handler.ssl.SslHandler.decodeJdkCompatible(SslHandler.java:1177) at io.netty.handler.ssl.SslHandler.decode(SslHandler.java:1221) at io.netty.handler.codec.ByteToMessageDecoder.decodeRemovalReentryProtection(ByteToMessageDecoder.java:489) at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:428) ... 14 common frames omitted 2018-10-24T15:13:31.725+0200 [MessagingService-NettyInbound-Thread-3-3] INFO i.n.u.internal.logging.Slf4JLogger:101 info [id: 0x68a0cdd6, L:/10.216.193.242:12701 ! R:/10.216.193.243:60911] CLOSE 2018-10-24T15:13:31.725+0200 [MessagingService-NettyInbound-Thread-3-3] INFO i.n.u.internal.logging.Slf4JLogger:101 info [id: 0x68a0cdd6, L:/10.216.193.242:12701 ! R:/10.216.193.243:60911] READ COMPLETE 2018-10-24T15:13:31.725+0200 [MessagingService-NettyInbound-Thread-3-3] INFO i.n.u.internal.logging.Slf4JLogger:101 info [id: 0x68a0cdd6, L:/10.216.193.242:12701 ! R:/10.216.193.243:60911] USER_EVENT: SslCloseCompletionEvent(java.nio.channels.ClosedChannelException) 2018-10-24T15:13:31.726+0200 [MessagingService-NettyInbound-Thread-3-3] INFO i.n.u.internal.logging.Slf4JLogger:101 info [id: 0x68a0cdd6, L:/10.216.193.242:12701 ! R:/10.216.193.243:60911] INACTIVE 2018-10-24T15:13:31.726+0200 [MessagingService-NettyInbound-Thread-3-3] INFO i.n.u.internal.logging.Slf4JLogger:101 info [id: 0x68a0cdd6, L:/10.216.193.242:12701 ! R:/10.216.193.243:60911] CLOSE 2018-10-24T15:13:31.726+0200 [MessagingService-NettyInbound-Thread-3-3] INFO i.n.u.internal.logging.Slf4JLogger:101 info [id: 0x68a0cdd6, L:/10.216.193.242:12701 ! R:/10.216.193.243:60911] UNREGISTERED {noformat} I will see if I can enable the ssl debugging also. > SSL connection problems when upgrading to 4.0 when upgrading from 3.0.x > ----------------------------------------------------------------------- > > Key: CASSANDRA-14842 > URL: https://issues.apache.org/jira/browse/CASSANDRA-14842 > Project: Cassandra > Issue Type: Bug > Reporter: Tommy Stendahl > Priority: Blocker > > While testing to upgrade from 3.0.15 to 4.0 the old nodes fails to connect to > the 4.0 node, I get this exception on the 4.0 node: > > {noformat} > 2018-10-22T11:57:44.366+0200 ERROR [MessagingService-NettyInbound-Thread-3-8] > InboundHandshakeHandler.java:300 Failed to properly handshake with peer > /10.216.193.246:58296. Closing the channel. > io.netty.handler.codec.DecoderException: javax.net.ssl.SSLHandshakeException: > SSLv2Hello is disabled > at > io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:459) > at > io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:265) > at > io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:362) > at > io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:348) > at > io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:340) > at > io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1434) > at > io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:362) > at > io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:348) > at > io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:965) > at > io.netty.channel.epoll.AbstractEpollStreamChannel$EpollStreamUnsafe.epollInReady(AbstractEpollStreamChannel.java:808) > at io.netty.channel.epoll.EpollEventLoop.processReady(EpollEventLoop.java:417) > at io.netty.channel.epoll.EpollEventLoop.run(EpollEventLoop.java:317) > at > io.netty.util.concurrent.SingleThreadEventExecutor$5.run(SingleThreadEventExecutor.java:884) > at > io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30) > at java.lang.Thread.run(Thread.java:748) > Caused by: javax.net.ssl.SSLHandshakeException: SSLv2Hello is disabled > at sun.security.ssl.InputRecord.handleUnknownRecord(InputRecord.java:637) > at sun.security.ssl.InputRecord.read(InputRecord.java:527) > at sun.security.ssl.EngineInputRecord.read(EngineInputRecord.java:382) > at sun.security.ssl.SSLEngineImpl.readRecord(SSLEngineImpl.java:962) > at sun.security.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:907) > at sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:781) > at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:624) > at io.netty.handler.ssl.SslHandler$SslEngineType$3.unwrap(SslHandler.java:294) > at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1275) > at io.netty.handler.ssl.SslHandler.decodeJdkCompatible(SslHandler.java:1177) > at io.netty.handler.ssl.SslHandler.decode(SslHandler.java:1221) > at > io.netty.handler.codec.ByteToMessageDecoder.decodeRemovalReentryProtection(ByteToMessageDecoder.java:489) > at > io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:428) > ... 14 common frames omitted{noformat} > In the server encryption options on the 4.0 node I have both "enabled and > "enable_legacy_ssl_storage_port" set to true so it should accept incoming > connections on the "ssl_storage_port". > -- This message was sent by Atlassian JIRA (v7.6.3#76005) --------------------------------------------------------------------- To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org