Uploaded image for project: 'Qpid'
  1. Qpid
  2. QPID-8519

Improve broker logs for SSL handshake failure caused by invalid SNI

    XMLWordPrintableJSON

    Details

    • Type: Improvement
    • Status: Open
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: qpid-java-broker-8.0.4
    • Fix Version/s: None
    • Component/s: Broker-J
    • Labels:
      None

      Description

      During the SSL handshake, if sni header is set to a invalid string, it result in a SSL handshake failure. However this is logged as a info log on the broker logs. This can be improved to add operational logs for invalid SNI.

      Info log :
      2021-03-12T08:30:14,401Z INFO [IO-/10.161.230.90:51553] (o.a.q.s.t.NonBlockingConnection) - Exception performing I/O for connection '/10.161.230.90:51553' : Failed to create SNIHostName from string 'Test_Dev'

      Debug log trace:
      2021-03-11 20:36:55,355 DEBUG [IO-/10.161.230.90:52006] (o.a.q.s.t.NonBlockingConnection) - Exception performing I/O for connection '/10.161.230.90:52006'
      org.apache.qpid.server.util.ConnectionScopedRuntimeException: Failed to create SNIHostName from string 'Test_Dev'
      at org.apache.qpid.server.transport.network.security.ssl.SSLUtil.createSNIHostName(SSLUtil.java:1077)
      at org.apache.qpid.server.transport.NonBlockingConnectionTLSDelegate.processData(NonBlockingConnectionTLSDelegate.java:105)
      at org.apache.qpid.server.transport.NonBlockingConnection.doRead(NonBlockingConnection.java:496)
      at org.apache.qpid.server.transport.NonBlockingConnection.doWork(NonBlockingConnection.java:270)
      at org.apache.qpid.server.transport.NetworkConnectionScheduler.processConnection(NetworkConnectionScheduler.java:134)
      at org.apache.qpid.server.transport.SelectorThread$ConnectionProcessor.processConnection(SelectorThread.java:575)
      at org.apache.qpid.server.transport.SelectorThread$SelectionTask.performSelect(SelectorThread.java:366)
      at org.apache.qpid.server.transport.SelectorThread$SelectionTask.run(SelectorThread.java:97)
      at org.apache.qpid.server.transport.SelectorThread.run(SelectorThread.java:533)
      at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
      at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
      at org.apache.qpid.server.bytebuffer.QpidByteBufferFactory.lambda$null$0(QpidByteBufferFactory.java:464)
      at java.lang.Thread.run(Thread.java:748)
      Caused by: java.lang.IllegalArgumentException: Contains non-LDH ASCII characters
      at java.net.IDN.toASCIIInternal(IDN.java:296)
      at java.net.IDN.toASCII(IDN.java:122)
      at javax.net.ssl.SNIHostName.<init>(SNIHostName.java:99)
      at org.apache.qpid.server.transport.network.security.ssl.SSLUtil.createSNIHostName(SSLUtil.java:1073)
      ... 12 common frames omitted

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              DedeepyaT Dedeepya
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated: