[
https://issues.apache.org/jira/browse/HBASE-30212?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18088074#comment-18088074
]
Hudson commented on HBASE-30212:
--------------------------------
Results for branch branch-3
[build #575 on
builds.a.o|https://ci-hbase.apache.org/job/HBase%20Nightly/job/branch-3/575/]:
(/) *{color:green}+1 overall{color}*
----
details (if available):
(/) {color:green}+1 general checks{color}
-- For more information [see general
report|https://ci-hbase.apache.org/job/HBase%20Nightly/job/branch-3/575/General_20Nightly_20Build_20Report/]
(/) {color:green}+1 jdk17 hadoop3 checks{color}
-- For more information [see jdk17
report|https://ci-hbase.apache.org/job/HBase%20Nightly/job/branch-3/575/JDK17_20Nightly_20Build_20Report_20_28Hadoop3_29/]
> Netty should allow every supported TLS ciphers by default
> ---------------------------------------------------------
>
> Key: HBASE-30212
> URL: https://issues.apache.org/jira/browse/HBASE-30212
> Project: HBase
> Issue Type: Bug
> Components: encryption
> Reporter: Balazs Meszaros
> Assignee: Balazs Meszaros
> Priority: Major
> Labels: pull-request-available
> Fix For: 4.0.0-alpha-1, 3.0.0-beta-2
>
>
> Netty has an internal list of default ciphers which is different from the JRE
> supported ciphers. When we set
> {{hbase.rpc.tls.ciphersuites=TLS_CHACHA20_POLY1305_SHA256}} at the
> server-side, clients won't be able to connect to HBase server afterwards,
> because this cipher is not in Netty's default cipher list. This cipher is a
> *mandatory* cipher suite for TLSv1.3.
> We should make the _default_ cipher list less strict at the client side.
> This is error message when we leave cipher list as the default at client side:
> {noformat}
> [RS-EventLoopGroup-1-2]: Connection /10.140.140.193:55120; caught unexpected
> downstream exception.
> org.apache.hbase.thirdparty.io.netty.handler.codec.DecoderException:
> javax.net.ssl.SSLHandshakeException: no cipher suites in common
> at
> org.apache.hbase.thirdparty.io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:515)
> ~[hbase-shaded-netty-4.1.11.jar:?]
> at
> org.apache.hbase.thirdparty.io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:296)
> ~[hbase-shaded-netty-4.1.11.jar:?]
> at
> org.apache.hbase.thirdparty.io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:444)
> [hbase-shaded-netty-4.1.11.jar:?]
> at
> org.apache.hbase.thirdparty.io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:420)
> [hbase-shaded-netty-4.1.11.jar:?]
> at
> org.apache.hbase.thirdparty.io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:412)
> [hbase-shaded-netty-4.1.11.jar:?]
> at
> org.apache.hbase.thirdparty.io.netty.handler.codec.ByteToMessageDecoder.handlerRemoved(ByteToMessageDecoder.java:270)
> [hbase-shaded-netty-4.1.11.jar:?]
> at
> org.apache.hbase.thirdparty.io.netty.handler.codec.ByteToMessageDecoder.decodeRemovalReentryProtection(ByteToMessageDecoder.java:553)
> [hbase-shaded-netty-4.1.11.jar:?]
> at
> org.apache.hbase.thirdparty.io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:484)
> [hbase-shaded-netty-4.1.11.jar:?]
> at
> org.apache.hbase.thirdparty.io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:296)
> [hbase-shaded-netty-4.1.11.jar:?]
> at
> org.apache.hbase.thirdparty.io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:444)
> [hbase-shaded-netty-4.1.11.jar:?]
> at
> org.apache.hbase.thirdparty.io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:420)
> [hbase-shaded-netty-4.1.11.jar:?]
> at
> org.apache.hbase.thirdparty.io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:412)
> [hbase-shaded-netty-4.1.11.jar:?]
> at
> org.apache.hbase.thirdparty.io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1357)
> [hbase-shaded-netty-4.1.11.jar:?]
> at
> org.apache.hbase.thirdparty.io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:440)
> [hbase-shaded-netty-4.1.11.jar:?]
> at
> org.apache.hbase.thirdparty.io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:420)
> [hbase-shaded-netty-4.1.11.jar:?]
> at
> org.apache.hbase.thirdparty.io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:868)
> [hbase-shaded-netty-4.1.11.jar:?]
> at
> org.apache.hbase.thirdparty.io.netty.channel.epoll.AbstractEpollStreamChannel$EpollStreamUnsafe.epollInReady(AbstractEpollStreamChannel.java:805)
> [hbase-shaded-netty-4.1.11.jar:?]
> at
> org.apache.hbase.thirdparty.io.netty.channel.epoll.EpollEventLoop.processReady(EpollEventLoop.java:501)
> [hbase-shaded-netty-4.1.11.jar:?]
> at
> org.apache.hbase.thirdparty.io.netty.channel.epoll.EpollEventLoop.run(EpollEventLoop.java:399)
> [hbase-shaded-netty-4.1.11.jar:?]
> at
> org.apache.hbase.thirdparty.io.netty.util.concurrent.SingleThreadEventExecutor$4.run(SingleThreadEventExecutor.java:998)
> [hbase-shaded-netty-4.1.11.jar:?]
> at
> org.apache.hbase.thirdparty.io.netty.util.internal.ThreadExecutorMap$2.run(ThreadExecutorMap.java:74)
> [hbase-shaded-netty-4.1.11.jar:?]
> at
> org.apache.hbase.thirdparty.io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30)
> [hbase-shaded-netty-4.1.11.jar:?]
> at java.lang.Thread.run(Thread.java:833) [?:?]
> Caused by: javax.net.ssl.SSLHandshakeException: no cipher suites in common
> at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?]
> at sun.security.ssl.Alert.createSSLException(Alert.java:117) ~[?:?]
> at sun.security.ssl.TransportContext.fatal(TransportContext.java:358)
> ~[?:?]
> at sun.security.ssl.TransportContext.fatal(TransportContext.java:314)
> ~[?:?]
> at sun.security.ssl.TransportContext.fatal(TransportContext.java:305)
> ~[?:?]
> at
> sun.security.ssl.ServerHello$T13ServerHelloProducer.produce(ServerHello.java:539)
> ~[?:?]
> at sun.security.ssl.SSLHandshake.produce(SSLHandshake.java:440) ~[?:?]
> at
> sun.security.ssl.ClientHello$T13ClientHelloConsumer.goServerHello(ClientHello.java:1246)
> ~[?:?]
> at
> sun.security.ssl.ClientHello$T13ClientHelloConsumer.consume(ClientHello.java:1182)
> ~[?:?]
> at
> sun.security.ssl.ClientHello$ClientHelloConsumer.onClientHello(ClientHello.java:840)
> ~[?:?]
> at
> sun.security.ssl.ClientHello$ClientHelloConsumer.consume(ClientHello.java:801)
> ~[?:?]
> at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?]
> at
> sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?]
> at
> sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277)
> ~[?:?]
> at
> sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264)
> ~[?:?]
> at
> java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?]
> at
> sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209)
> ~[?:?]
> at
> org.apache.hbase.thirdparty.io.netty.handler.ssl.SslHandler.runDelegatedTasks(SslHandler.java:1695)
> ~[hbase-shaded-netty-4.1.11.jar:?]
> at
> org.apache.hbase.thirdparty.io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1541)
> ~[hbase-shaded-netty-4.1.11.jar:?]
> at
> org.apache.hbase.thirdparty.io.netty.handler.ssl.SslHandler.decodeJdkCompatible(SslHandler.java:1377)
> ~[hbase-shaded-netty-4.1.11.jar:?]
> at
> org.apache.hbase.thirdparty.io.netty.handler.ssl.SslHandler.decode(SslHandler.java:1428)
> ~[hbase-shaded-netty-4.1.11.jar:?]
> at
> org.apache.hbase.thirdparty.io.netty.handler.codec.ByteToMessageDecoder.decodeRemovalReentryProtection(ByteToMessageDecoder.java:545)
> ~[hbase-shaded-netty-4.1.11.jar:?]
> at
> org.apache.hbase.thirdparty.io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:484)
> ~[hbase-shaded-netty-4.1.11.jar:?]
> ... 22 more
> {noformat}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
