Recent commit breaks Mutual TLS
See original GitHub issueCommit f20063d26b640cb4121e092b5a3a0bb4c0a10eb5 appears to break Mutual TLS in the sense that the connection just hangs. There’re no Exceptions as far as I can tell and the only failure I’m getting is when the events in SslHandler#channelInactive(…) fire.
Interestingly, the problem occurs only in our production environment (which has more load, latencies and RTTs between servers). The problem doesn’t occur on my dev workstation (i.e. unable to reproduce in the form of a unit test).
Reverting the commit fixes the problem for me.
Expected behavior
Actual behavior
Steps to reproduce
Minimal yet complete reproducer code (or URL to code)
Netty version
4.1.12.Final-SNAPSHOT w/ TCN 2.0.2.Final-SNAPSHOT (openssl-static)
JVM version (e.g. java -version
)
OS version (e.g. uname -a
)
Issue Analytics
- State:
- Created 6 years ago
- Comments:12 (12 by maintainers)
Top Results From Across the Web
The NSA Warns of TLS Inspection - Schneier on Security
To minimize the risks described above, breaking and inspecting TLS traffic should only be conducted once within the enterprise network.
Read more >Mixed authentication with client certificate breaks auth on ...
When you enable mutual tls or certificate check on domain, it will mean that server should ask client for client certificate. So if...
Read more >FIGHTING BACK AGAINST SSL INSPECTION, OR HOW SSL ...
Mutual Authentication and SSL Interception. A solution for resisting SSL interception without breaking compatibility or requiring cooperation ...
Read more >Mutual TLS between GitLab and Gitaly (#37090) · Issues
Problem to solve Allow mutual TLS between GitLab and Gitaly when using an external Gitaly server.
Read more >In Defense of Mutual TLS | Hacker News
First: TLS (and mTLS) create secure channels. A channel bears many requests and responses. In many designs, a single channel will bear ...
Read more >Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start FreeTop Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Top GitHub Comments
@Scottmitch here are the results for #6803
openssl_wrap_status w/ OPENSSL: works
openssl_wrap_status w/ JDK: works
@Scottmitch I’ll test JDK and the patch tomorrow.