Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Linkerd Docker image fails to use BoringSSL on Linux
See original GitHub issueAs initially reported on Discourse, proxying H2 TLS connections with the the linkerd:latest Docker image fails with the message “JDK provider does not support NPN_AND_ALPN protocol”. This message appears to indicate that BoringSSL is not being used and Linkerd is falling back to the JDK-provided SSL implementation.
Curiously, this issue only seems to exist when the Docker image is run from a Linux host – I originally attempted to reproduce the issue on macOS and everything worked fine. After trying the same configuration on Linux in GCE, I was able to reproduce the issue.
Issue Analytics
- State:
- Created 6 years ago
- Comments:12 (12 by maintainers)
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
suspect ?
https://github.com/twitter/finagle/blob/develop/finagle-netty4/src/main/scala/com/twitter/finagle/netty4/ssl/client/Netty4ClientEngineFactory.scala#L60
https://github.com/linkerd/linkerd/blob/master/finagle/buoyant/src/main/scala/com/twitter/finagle/buoyant/TlsClientConfig.scala#L21
error is coming from netty’s
JdkSslContext.javabecause it only supportsALPNandNPN, notNPN_AND_ALPN: https://github.com/netty/netty/blob/4.1/handler/src/main/java/io/netty/handler/ssl/JdkSslContext.java#L312looks like finagle sets this protocol explicitly: https://github.com/twitter/finagle/blob/develop/finagle-netty4/src/main/scala/com/twitter/finagle/netty4/ssl/Netty4SslConfigurations.scala#L73