Alexey Kukushkin created IGNITE-16496:
-----------------------------------------
Summary: SSLException: closing inbound before receiving peer's
close_notify (TLS 1.3)
Key: IGNITE-16496
URL: https://issues.apache.org/jira/browse/IGNITE-16496
Project: Ignite
Issue Type: Bug
Affects Versions: 2.12
Reporter: Alexey Kukushkin
Ignite nodes output the warning below on startup when TLS protocol v1.3 is used:
{noformat}
2022-02-08 11:53:05.705 WARN 19384 --- [1:62095]-#4-#51]
o.a.i.spi.discovery.tcp.TcpDiscoverySpi : Failed to shutdown socket: closing
inbound before receiving peer's close_notify
javax.net.ssl.SSLException: closing inbound before receiving peer's close_notify
at
java.base/sun.security.ssl.SSLSocketImpl.shutdownInput(SSLSocketImpl.java:745)
~[na:na]
at
java.base/sun.security.ssl.SSLSocketImpl.shutdownInput(SSLSocketImpl.java:724)
~[na:na]
at org.apache.ignite.internal.util.IgniteUtils.close(IgniteUtils.java:4249)
~[ignite-core-2.12.0.jar!/:2.12.0]
at
org.apache.ignite.spi.discovery.tcp.ServerImpl$SocketReader.body(ServerImpl.java:7370)
~[ignite-core-2.12.0.jar!/:2.12.0]
at org.apache.ignite.spi.IgniteSpiThread.run(IgniteSpiThread.java:58)
~[ignite-core-2.12.0.jar!/:2.12.0] {noformat}
To reproduce the problem just start two server nodes with TLS v1.3 enabled and
the warnings will be printed in the log before the cluster is formed.
h3. h3. Analysis
The problem _probably_ happens due to [this
code|https://github.com/apache/ignite/blob/2.12.0/modules/core/src/main/java/org/apache/ignite/internal/util/IgniteUtils.java#L4426]
calling {{Socket#shutdownInput()}} before receiving SSL {{close_notify}}
alert, which TLS 1.3 is expecting. I guess the right approach to close an SSL
socket is just calling {{Socke#close}}, which should properly wait/send a
{{close_notify}}
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
