Alexey Kukushkin created IGNITE-16496: -----------------------------------------
Summary: SSLException: closing inbound before receiving peer's close_notify (TLS 1.3) Key: IGNITE-16496 URL: https://issues.apache.org/jira/browse/IGNITE-16496 Project: Ignite Issue Type: Bug Affects Versions: 2.12 Reporter: Alexey Kukushkin Ignite nodes output the warning below on startup when TLS protocol v1.3 is used: {noformat} 2022-02-08 11:53:05.705 WARN 19384 --- [1:62095]-#4-#51] o.a.i.spi.discovery.tcp.TcpDiscoverySpi : Failed to shutdown socket: closing inbound before receiving peer's close_notify javax.net.ssl.SSLException: closing inbound before receiving peer's close_notify at java.base/sun.security.ssl.SSLSocketImpl.shutdownInput(SSLSocketImpl.java:745) ~[na:na] at java.base/sun.security.ssl.SSLSocketImpl.shutdownInput(SSLSocketImpl.java:724) ~[na:na] at org.apache.ignite.internal.util.IgniteUtils.close(IgniteUtils.java:4249) ~[ignite-core-2.12.0.jar!/:2.12.0] at org.apache.ignite.spi.discovery.tcp.ServerImpl$SocketReader.body(ServerImpl.java:7370) ~[ignite-core-2.12.0.jar!/:2.12.0] at org.apache.ignite.spi.IgniteSpiThread.run(IgniteSpiThread.java:58) ~[ignite-core-2.12.0.jar!/:2.12.0] {noformat} To reproduce the problem just start two server nodes with TLS v1.3 enabled and the warnings will be printed in the log before the cluster is formed. h3. h3. Analysis The problem _probably_ happens due to [this code|https://github.com/apache/ignite/blob/2.12.0/modules/core/src/main/java/org/apache/ignite/internal/util/IgniteUtils.java#L4426] calling {{Socket#shutdownInput()}} before receiving SSL {{close_notify}} alert, which TLS 1.3 is expecting. I guess the right approach to close an SSL socket is just calling {{Socke#close}}, which should properly wait/send a {{close_notify}} -- This message was sent by Atlassian Jira (v8.20.1#820001)