I guess the alternative would be for the client to automatically switch to SSL if it detected the server was using SSL? It is not currently doing that, as you discovered.
That might be a nice feature to have to support upgrading to SSL. At some point, it is important for users that want SSL to configure their client to only use SSL, to prevent downgrade attacks. I think we would consider a geode change that turns on SSL by default to be a breaking change. I can image some users might want to upgrade to using SSL in their existing cluster. For clients, I think that could be accomplished by running both a SSL and non-SSL enabled locator, for example. I'm not sure if it's possible to switch the P2Pmessaging to use SSL with a rollng upgrade right now though. -Dan ________________________________ From: Mario Salazar de Torres <mario.salazar.de.tor...@est.tech> Sent: Tuesday, November 30, 2021 10:37 AM To: dev@geode.apache.org <dev@geode.apache.org> Subject: Client terminating when trying to connect to an SSL configured locator Hi everyone, During some tests, we've noted that if a client tries to connect to an SSL configured locator, and the client does not have SSL configured, it terminates due to an unhandled exception. You can check the behaviour here for geode-native: https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fapache%2Fgeode-native%2Fblob%2Fdevelop%2Fcppcache%2Fsrc%2FThinClientLocatorHelper.cpp%23L147&data=04%7C01%7Cdasmith%40vmware.com%7Cb2e7a8ffc506463d51e008d9b4306e5d%7Cb39138ca3cee4b4aa4d6cd83d9dd62f0%7C0%7C1%7C637738942373842079%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=q%2F18j0f3GtCXUS5jtI8fZbdjUFn7ouRwRd%2BnAKFA9QY%3D&reserved=0 And here for the Java client: https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fapache%2Fgeode%2Fblob%2Fdevelop%2Fgeode-tcp-server%2Fsrc%2Fmain%2Fjava%2Forg%2Fapache%2Fgeode%2Fdistributed%2Finternal%2Ftcpserver%2FTcpClient.java%23L278&data=04%7C01%7Cdasmith%40vmware.com%7Cb2e7a8ffc506463d51e008d9b4306e5d%7Cb39138ca3cee4b4aa4d6cd83d9dd62f0%7C0%7C1%7C637738942373852076%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=ZkixzNe4sGUzIQOz%2FNc1gdYBI%2B6F%2FFeG2HsPf3ZaYVU%3D&reserved=0 And here is the question. Do you know if there is any reason behind it? Also, do you happen to know if there is any upgrade case in which SSL is enabled on the newer version? Because I am guessing this kind of upgrade might be problematic, right? Thanks! Mario
