New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
TLS handshake error when bumping netty to 4.1.69.Final and tcnative to 2.0.44.Final #8605
Comments
(Lurking. Curious if this test failure is due in part or whole to Netty having turned off TLS 1.) |
The first failure is because of error mismatch (io exception instead of ssl exception) which does not seem like a big issue. The second one - I don't see any connection with disabling TLS1 but needs to be investigated |
I've noticed the first failure doesn't occur (on my Mac) with JDK 8u301 in case that helps (if I understand right this project is still pinned on JDK 8). I also now receive the following on the console when I run
…suggesting that the problem was more than a simple exception mismatch brought on by an upgrade and may indeed have to do with protocol negotiation. But I am still just speculating. I'm still looking into the second issue. |
More findings: I can make all our Helidon gRPC-related tests pass by setting the |
By adding:
…to |
Filed: netty/netty-tcnative#680 |
@normanmaurer this issue is still occurring on Macos and Windows. Will the fix for netty/netty-tcnative#680 (which is netty/netty#11854) not work on MacOS and Windows? What else is needed? More information is available from tests in #8780 and #8813 . Some findings:
|
thats interesting.. there shouldn't be any other changes needed. |
@sanjaypujare can I somehow get the debug logs of netty for these failed test runs ? |
Sure. I'll add what I have to this issue. If you want more info/background we can also communicate out-of-band. |
This is the stack trace on our MacOS (Catalina) build machine for the failing test
I had added some more debug statements
|
Similar debug info from the Windows build:
And the debug info
Pls let me know what other info I can provide. Thanks a lot your help. |
@normanmaurer I did some extra tests with Netty 4.1.69.final: #8815. I don't think the root cause of the behavior we see right with Reproducing with 4.1.69
Reproducing with 4.1.69 and tasks off
|
Correction: @ejona86 clarified that |
The error was
Which indicated TLS downgrade. Now we have an idea what's going on; @sanjaypujare will provide more info. |
@normanmaurer I think we know what's going on so there is no need for you to look into it any more (thanks @ejona86!) Basically this change of yours (netty/netty@fd47554#diff-e74d47f955fb4fbcb149ffbbddbc4d8e30b3fa425c0d7695537aa5498efe34cc) is causing a downgrade to TLSv1.2 on certain build machines of ours because of using an older JDK. So the test fails because of an unexpected exception. Now that we know what's going on (and there are no regressions in the dependencies) we will just modify the test. |
Thanks @sergiitk for helping with the investigations. That was extremely helpful! |
@sanjaypujare, is this resolved? |
@ejona86 Yes. I think this change d7f951a#diff-fc866201c5932cf1dec945fc83bd251bdf942c65fc1f84e545e8d75f46942820R423 fixes this. Closing it.... |
https://source.cloud.google.com/results/invocations/71e5d11c-8ed1-421a-86a0-b646f0eecb74/targets/grpc%2Fjava%2Fmaster%2Fpresubmit%2Fmacos/log
The text was updated successfully, but these errors were encountered: