Uploaded image for project: 'Cassandra'
  1. Cassandra
  2. CASSANDRA-14842

SSL connection problems when upgrading to 4.0 when upgrading from 3.0.x

    XMLWordPrintableJSON

    Details

    • Severity:
      Normal

      Description

      While testing to upgrade from 3.0.15 to 4.0 the old nodes fails to connect to the 4.0 node, I get this exception on the 4.0 node:

       

      2018-10-22T11:57:44.366+0200 ERROR [MessagingService-NettyInbound-Thread-3-8] InboundHandshakeHandler.java:300 Failed to properly handshake with peer /10.216.193.246:58296. Closing the channel.
      io.netty.handler.codec.DecoderException: javax.net.ssl.SSLHandshakeException: SSLv2Hello is disabled
      at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:459)
      at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:265)
      at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:362)
      at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:348)
      at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:340)
      at io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1434)
      at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:362)
      at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:348)
      at io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:965)
      at io.netty.channel.epoll.AbstractEpollStreamChannel$EpollStreamUnsafe.epollInReady(AbstractEpollStreamChannel.java:808)
      at io.netty.channel.epoll.EpollEventLoop.processReady(EpollEventLoop.java:417)
      at io.netty.channel.epoll.EpollEventLoop.run(EpollEventLoop.java:317)
      at io.netty.util.concurrent.SingleThreadEventExecutor$5.run(SingleThreadEventExecutor.java:884)
      at io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30)
      at java.lang.Thread.run(Thread.java:748)
      Caused by: javax.net.ssl.SSLHandshakeException: SSLv2Hello is disabled
      at sun.security.ssl.InputRecord.handleUnknownRecord(InputRecord.java:637)
      at sun.security.ssl.InputRecord.read(InputRecord.java:527)
      at sun.security.ssl.EngineInputRecord.read(EngineInputRecord.java:382)
      at sun.security.ssl.SSLEngineImpl.readRecord(SSLEngineImpl.java:962)
      at sun.security.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:907)
      at sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:781)
      at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:624)
      at io.netty.handler.ssl.SslHandler$SslEngineType$3.unwrap(SslHandler.java:294)
      at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1275)
      at io.netty.handler.ssl.SslHandler.decodeJdkCompatible(SslHandler.java:1177)
      at io.netty.handler.ssl.SslHandler.decode(SslHandler.java:1221)
      at io.netty.handler.codec.ByteToMessageDecoder.decodeRemovalReentryProtection(ByteToMessageDecoder.java:489)
      at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:428)
      ... 14 common frames omitted

      In the server encryption options on the 4.0 node I have both "enabled and "enable_legacy_ssl_storage_port" set to true so it should accept incoming connections on the "ssl_storage_port".

       

        Attachments

          Activity

            People

            • Assignee:
              tommy_s Tommy Stendahl
              Reporter:
              tommy_s Tommy Stendahl
              Authors:
              Tommy Stendahl
            • Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: