[jira] [Created] (KAFKA-7168) Broker shutdown during SSL handshake may be handled as handshake failure

Mon, 16 Jul 2018 06:55:17 -0700 

Rajini Sivaram created KAFKA-7168:
-------------------------------------

             Summary: Broker shutdown during SSL handshake may be handled as 
handshake failure
                 Key: KAFKA-7168
                 URL: https://issues.apache.org/jira/browse/KAFKA-7168
             Project: Kafka
          Issue Type: Bug
          Components: security
    Affects Versions: 1.0.2, 1.1.1, 2.0.0
            Reporter: Rajini Sivaram
            Assignee: Rajini Sivaram


If broker is shutdown while SSL handshake of a client connection is in 
progress, the client may process the resulting SSLException as a non-retriable 
handshake failure rather than a retriable I/O exception. This can cause streams 
applications to fail during rolling restarts.

Exception stack trace:

{quote}
org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed
Caused by: javax.net.ssl.SSLException: Received close_notify during handshake
        at sun.security.ssl.Alerts.getSSLException(Alerts.java:208)
        at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1639)
        at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1607)
        at sun.security.ssl.SSLEngineImpl.recvAlert(SSLEngineImpl.java:1752)
        at sun.security.ssl.SSLEngineImpl.readRecord(SSLEngineImpl.java:1068)
        at sun.security.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:890)
        at sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:764)
        at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:624)
        at 
org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:465)
        at 
org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:266)
        at 
org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:88)
        at 
org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:474)
        at org.apache.kafka.common.network.Selector.poll(Selector.java:412)
        at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:460)
        at 
org.apache.kafka.clients.consumer.internals.ConsumerNetworkClient.poll(ConsumerNetworkClient.java:258)
        at 
org.apache.kafka.clients.consumer.internals.ConsumerNetworkClient.poll(ConsumerNetworkClient.java:230)
        at 
org.apache.kafka.clients.consumer.internals.ConsumerNetworkClient.poll(ConsumerNetworkClient.java:206)
        at 
org.apache.kafka.clients.consumer.internals.AbstractCoordinator.ensureCoordinatorReady(AbstractCoordinator.java:219)
        at 
org.apache.kafka.clients.consumer.internals.AbstractCoordinator.ensureCoordinatorReady(AbstractCoordinator.java:205)
        at 
org.apache.kafka.clients.consumer.internals.ConsumerCoordinator.poll(ConsumerCoordinator.java:284)
        at 
org.apache.kafka.clients.consumer.KafkaConsumer.pollOnce(KafkaConsumer.java:1146)
        at 
org.apache.kafka.clients.consumer.KafkaConsumer.poll(KafkaConsumer.java:1111)
        at 
org.apache.kafka.streams.processor.internals.StreamThread.pollRequests(StreamThread.java:848)
        at 
org.apache.kafka.streams.processor.internals.StreamThread.runOnce(StreamThread.java:805)
        at 
org.apache.kafka.streams.processor.internals.StreamThread.runLoop(StreamThread.java:771)
        at 
org.apache.kafka.streams.processor.internals.StreamThread.run(StreamThread.java:741)
{quote}
 



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Reply via email to