SSL failures Netty 4.1.13 -> 4.1.14
See original GitHub issueI have fallen a little bit behind in the Netty releases and am in the process of upgrading from Netty 4.1.13 w/ netty-tcnative 2.0.5 (linux, openssl, custom static build) to Netty 4.1.14 with same netty-tcnative version.
We’re observing a failure where SSL is slowly failing and becoming more unreliable over a course of a couple of hours. Unreliable as in handshakes failing/hanging. It’s a degrading failure with no apparent external metrics such as servers running of memory or more CPU being consumed.
I’m going to bisect the 4.1.14 commits and hopefully find the source but if you’ve got ideas then let me know.
Expected behavior
Actual behavior
Steps to reproduce
Minimal yet complete reproducer code (or URL to code)
Netty version
JVM version (e.g. java -version
)
OS version (e.g. uname -a
)
Issue Analytics
- State:
- Created 6 years ago
- Comments:29 (26 by maintainers)
Top Results From Across the Web
Http2Exception (Netty API Reference (4.1.14.Final)) - javadoc.io
Used when a stream creation attempt fails but may be because the stream was previously closed. static class, Http2Exception.CompositeStreamException.
Read more >netty 4 client ssl configuration to request all https sites
Finally I solved issue by hacking TrustManager in code (found this technique on SO): TrustManager[] trustAllCerts = new TrustManager[]{ new ...
Read more >Netty 4.1.60.Final released - Netty.news
I am happy to announce the release of netty 4.1.60.Final, which beside fixing various bugs also contains a security fix which may affect...
Read more >Denial of Service in Netty - Vulners
An attacker could send a large ZlibEncoded byte stream to the Netty server ... this vulnerability using man-in-the-middle techniques to spoof an SSL...
Read more >io.netty.handler.ssl.SslHandler - Netty 4.1.72.Final 源码
本页提供 io.netty.handler.ssl.SslHandler 源码的在线查看和学习,来自 Netty 4.1.72.Final 源码 - 即时通讯网(52im.net)
Read more >Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start FreeTop Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Top GitHub Comments
thanks for your help tracking this down @rkapsi !
An update regards this issue. @Scottmitch and I worked directly (email, hangouts) on this and we narrowed it down to this condition
wrapDataSize > 0 and jdkCompatibilityMode=true
that triggered it.#7352 fixes it and #7354 addresses some confusion that emerged during debugging.
Thanks everybody.