Hmm, Not sure that is supported. The RFC says that the ALPN string needs to be present to avoid cross protocol attacks (RFC 7540 Section 10.2 <https://tools.ietf.org/html/rfc7540#section-10.2>). I *think* NPN identifiers still work, so you could use that if nginx supports sending. That said, NPN support will be going away and it isn't a good idea to depend on it.
I suppose getting Nginx to send the "h2" alpn string is infeasible? On Tuesday, June 6, 2017 at 3:19:47 AM UTC-7, [email protected] wrote: > > Hi, > > I want to use nginx for ssl termination and load balancing. I found, there > is one way how to do it, to use stream proxy configuration. > > But by SSL GRPC request occurs exception "Failed ALPN negotiation" > (bellow), where are checking supported ALPN/NPN protocols > io.grpc.netty.GrpcSslContexts#NEXT_PROTOCOL_VERSIONS. It happens after > successful SSL handshake and nginx returns by ALPN negotiation NULL value, > reason why "Failed ALPN negotiation" is thrown. > > Therefore I've tried to disable ALPN negotiation by create of client GRPC > SSL context > using applicationProtocolConfig(ApplicationProtocolConfig.DISABLED). > In this case is thrown exception "ALPN must be enabled and list HTTP/2 as > a supported protocol." > through io.grpc.netty.GrpcSslContexts#ensureAlpnAndH2Enabled. > > I there some way how to disable ALPN negotation by GRPC client SSL context? > > Thanks. > Jozef R. > > Failed ALPN negotiation exception: > io.grpc.StatusRuntimeException: UNKNOWN > at io.grpc.stub.ClientCalls.toStatusRuntimeException(ClientCalls.java:227 > ) > at io.grpc.stub.ClientCalls.getUnchecked(ClientCalls.java:208) > at io.grpc.stub.ClientCalls.blockingUnaryCall(ClientCalls.java:141) > at io.grpc.examples.helloworld.GreeterGrpc$GreeterBlockingStub.sayHello( > GreeterGrpc.java:218) > at com.test.client.HelloWorldClient.greet(HelloWorldClient.java:80) > at com.test.client.HelloWorldClient.cycleGreet(HelloWorldClient.java:117) > at com.test.client.HelloWorldClient.main(HelloWorldClient.java:107) > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl. > java:62) > at sun.reflect.DelegatingMethodAccessorImpl.invoke( > DelegatingMethodAccessorImpl.java:43) > at java.lang.reflect.Method.invoke(Method.java:498) > at org.codehaus.mojo.exec.ExecJavaMojo$1.run(ExecJavaMojo.java:282) > at java.lang.Thread.run(Thread.java:745) > Caused by: java.lang.Exception: Failed ALPN negotiation: Unable to find > compatible protocol. > at io.grpc.netty.ProtocolNegotiators$BufferUntilTlsNegotiatedHandler. > userEventTriggered(ProtocolNegotiators.java:608) > at io.netty.channel.AbstractChannelHandlerContext. > invokeUserEventTriggered(AbstractChannelHandlerContext.java:330) > at io.netty.channel.AbstractChannelHandlerContext. > invokeUserEventTriggered(AbstractChannelHandlerContext.java:316) > at io.netty.channel.AbstractChannelHandlerContext.fireUserEventTriggered( > AbstractChannelHandlerContext.java:308) > at io.netty.channel.ChannelInboundHandlerAdapter.userEventTriggered( > ChannelInboundHandlerAdapter.java:108) > at io.netty.handler.codec.ByteToMessageDecoder.userEventTriggered( > ByteToMessageDecoder.java:336) > at io.netty.channel.AbstractChannelHandlerContext. > invokeUserEventTriggered(AbstractChannelHandlerContext.java:330) > at io.netty.channel.AbstractChannelHandlerContext. > invokeUserEventTriggered(AbstractChannelHandlerContext.java:316) > at io.netty.channel.AbstractChannelHandlerContext.fireUserEventTriggered( > AbstractChannelHandlerContext.java:308) > at io.netty.handler.ssl.SslHandler.setHandshakeSuccess(SslHandler.java: > 1329) > at io.netty.handler.ssl.SslHandler.setHandshakeSuccessIfStillHandshaking( > SslHandler.java:1314) > at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1188) > at io.netty.handler.ssl.SslHandler.decode(SslHandler.java:1039) > at io.netty.handler.codec.ByteToMessageDecoder.callDecode( > ByteToMessageDecoder.java:411) > at io.netty.handler.codec.ByteToMessageDecoder.channelRead( > ByteToMessageDecoder.java:248) > at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead( > AbstractChannelHandlerContext.java:363) > at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead( > AbstractChannelHandlerContext.java:349) > at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead( > AbstractChannelHandlerContext.java:341) > at io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead( > DefaultChannelPipeline.java:1334) > at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead( > AbstractChannelHandlerContext.java:363) > at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead( > AbstractChannelHandlerContext.java:349) > at io.netty.channel.DefaultChannelPipeline.fireChannelRead( > DefaultChannelPipeline.java:926) > at io.netty.channel.nio.AbstractNioByteChannel$NioByteUnsafe.read( > AbstractNioByteChannel.java:129) > at io.netty.channel.nio.NioEventLoop.processSelectedKey(NioEventLoop.java > :642) > at io.netty.channel.nio.NioEventLoop.processSelectedKeysOptimized( > NioEventLoop.java:565) > at io.netty.channel.nio.NioEventLoop.processSelectedKeys(NioEventLoop. > java:479) > at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:441) > at io.netty.util.concurrent.SingleThreadEventExecutor$5.run( > SingleThreadEventExecutor.java:858) > at io.netty.util.concurrent.DefaultThreadFactory$DefaultRunnableDecorator > .run(DefaultThreadFactory.java:144) > ... 1 common frames omitted > > ALPN must be enabled and list HTTP/2 as a supported protocol exception: > java.lang.IllegalArgumentException: ALPN must be enabled and list HTTP/2 > as a supported protocol. > at com.google.common.base.Preconditions.checkArgument(Preconditions.java: > 122) > at io.grpc.netty.GrpcSslContexts.ensureAlpnAndH2Enabled(GrpcSslContexts. > java:194) > at io.grpc.netty.NettyChannelBuilder.sslContext(NettyChannelBuilder.java: > 193) > at com.test.client.HelloWorldClient.createWithSsl(HelloWorldClient.java: > 209) > at com.test.client.HelloWorldClient.createPublicWithSsl(HelloWorldClient. > java:186) > at com.test.client.HelloWorldClient.createChannel(HelloWorldClient.java: > 163) > at com.test.client.HelloWorldClient.cycleGreet(HelloWorldClient.java:115) > at com.test.client.HelloWorldClient.main(HelloWorldClient.java:108) > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl. > java:62) > at sun.reflect.DelegatingMethodAccessorImpl.invoke( > DelegatingMethodAccessorImpl.java:43) > at java.lang.reflect.Method.invoke(Method.java:498) > at org.codehaus.mojo.exec.ExecJavaMojo$1.run(ExecJavaMojo.java:282) > at java.lang.Thread.run(Thread.java:745) > -- You received this message because you are subscribed to the Google Groups "grpc.io" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/grpc-io. To view this discussion on the web visit https://groups.google.com/d/msgid/grpc-io/29cd5cbb-c75f-4cee-bef8-58fc07bc5964%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
