Uploaded image for project: 'Kafka'
  1. Kafka
  2. KAFKA-7168

Broker shutdown during SSL handshake may be handled as handshake failure

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 1.0.2, 1.1.1, 2.0.0
    • Fix Version/s: 2.0.0
    • Component/s: security
    • Labels:
      None

      Description

      If broker is shutdown while SSL handshake of a client connection is in progress, the client may process the resulting SSLException as a non-retriable handshake failure rather than a retriable I/O exception. This can cause streams applications to fail during rolling restarts.

      Exception stack trace:

      org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed
      Caused by: javax.net.ssl.SSLException: Received close_notify during handshake
              at sun.security.ssl.Alerts.getSSLException(Alerts.java:208)
              at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1639)
              at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1607)
              at sun.security.ssl.SSLEngineImpl.recvAlert(SSLEngineImpl.java:1752)
              at sun.security.ssl.SSLEngineImpl.readRecord(SSLEngineImpl.java:1068)
              at sun.security.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:890)
              at sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:764)
              at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:624)
              at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:465)
              at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:266)
              at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:88)
              at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:474)
              at org.apache.kafka.common.network.Selector.poll(Selector.java:412)
              at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:460)
              at org.apache.kafka.clients.consumer.internals.ConsumerNetworkClient.poll(ConsumerNetworkClient.java:258)
              at org.apache.kafka.clients.consumer.internals.ConsumerNetworkClient.poll(ConsumerNetworkClient.java:230)
              at org.apache.kafka.clients.consumer.internals.ConsumerNetworkClient.poll(ConsumerNetworkClient.java:206)
              at org.apache.kafka.clients.consumer.internals.AbstractCoordinator.ensureCoordinatorReady(AbstractCoordinator.java:219)
              at org.apache.kafka.clients.consumer.internals.AbstractCoordinator.ensureCoordinatorReady(AbstractCoordinator.java:205)
              at org.apache.kafka.clients.consumer.internals.ConsumerCoordinator.poll(ConsumerCoordinator.java:284)
              at org.apache.kafka.clients.consumer.KafkaConsumer.pollOnce(KafkaConsumer.java:1146)
              at org.apache.kafka.clients.consumer.KafkaConsumer.poll(KafkaConsumer.java:1111)
              at org.apache.kafka.streams.processor.internals.StreamThread.pollRequests(StreamThread.java:848)
              at org.apache.kafka.streams.processor.internals.StreamThread.runOnce(StreamThread.java:805)
              at org.apache.kafka.streams.processor.internals.StreamThread.runLoop(StreamThread.java:771)
              at org.apache.kafka.streams.processor.internals.StreamThread.run(StreamThread.java:741)

       

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                rsivaram Rajini Sivaram
                Reporter:
                rsivaram Rajini Sivaram
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: