That was a typo. I did remove that and still same error. Thanks, Sri
> On Feb 18, 2016, at 4:21 PM, Adam Kunicki <a...@streamsets.com> wrote: > > Ha! nice catch Gwen! > >> On Thu, Feb 18, 2016 at 3:20 PM, Gwen Shapira <g...@confluent.io> wrote: >> >> props.put("ssl.protocal", "SSL"); <- looks like a typo. >> >> On Thu, Feb 18, 2016 at 2:49 PM, Srikrishna Alla < >> srikrishna.a...@aexp.com.invalid> wrote: >> >>> Hi, >>> >>> We are getting the below error when trying to use a Java new producer >>> client. Please let us know the reason for this error - >>> >>> Error message: >>> [2016-02-18 15:41:06,182] DEBUG Accepted connection from /10.**.***.** on >>> /10.**.***.**:9093. sendBufferSize [actual|requested]: [102400|102400] >>> recvBufferSize [actual|requested]: [102400|102400] >> (kafka.network.Acceptor) >>> [2016-02-18 15:41:06,183] DEBUG Processor 1 listening to new connection >>> from /10.**.**.**:46419 (kafka.network.Processor) >>> [2016-02-18 15:41:06,283] DEBUG SSLEngine.closeInBound() raised an >>> exception. (org.apache.kafka.common.network.SslTransportLayer) >>> javax.net.ssl.SSLException: Inbound closed before receiving peer's >>> close_notify: possible truncation attack? >>> at sun.security.ssl.Alerts.getSSLException(Alerts.java:208) >>> at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1639) >>> at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1607) >>> at sun.security.ssl.SSLEngineImpl.closeInbound(SSLEngineImpl.java:1537) >>> at >> org.apache.kafka.common.network.SslTransportLayer.handshakeFailure(SslTransportLayer.java:723) >>> at >> org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:313) >>> at >> org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:68) >>> at org.apache.kafka.common.network.Selector.poll(Selector.java:281) >>> at kafka.network.Processor.run(SocketServer.scala:413) >>> at java.lang.Thread.run(Thread.java:722) >>> [2016-02-18 15:41:06,283] DEBUG Connection with >>> l************.com/10.**.**.** disconnected >>> (org.apache.kafka.common.network.Selector) >>> javax.net.ssl.SSLException: Unrecognized SSL message, plaintext >> connection? >>> at >> sun.security.ssl.EngineInputRecord.bytesInCompletePacket(EngineInputRecord.java:171) >>> at sun.security.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:845) >>> at sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:758) >>> at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:624) >>> at >> org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:408) >>> at >> org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:269) >>> at >> org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:68) >>> at org.apache.kafka.common.network.Selector.poll(Selector.java:281) >>> at kafka.network.Processor.run(SocketServer.scala:413) >>> at java.lang.Thread.run(Thread.java:722) >>> >>> Producer Java client code: >>> >>> System.setProperty("javax.net.debug","ssl:handshake:verbose"); >>> Properties props = new Properties(); >>> props.put("bootstrap.servers", "************.com:9093"); >>> props.put("acks", "all"); >>> props.put("retries", "0"); >>> props.put("batch.size", "16384"); >>> props.put("linger.ms", "1"); >>> props.put("buffer.memory", "33554432"); >>> props.put("key.serializer", >>> "org.apache.kafka.common.serialization.StringSerializer"); >>> props.put("value.serializer", >>> "org.apache.kafka.common.serialization.StringSerializer"); >>> props.put("security.protocol", "SSL"); >>> props.put("ssl.protocal", "SSL"); >>> props.put("ssl.truststore.location", >>> "/idn/home/salla8/ssl/kafka_client_truststore.jks"); >>> props.put("ssl.truststore.password", "p@ssw0rd"); >>> props.put("ssl.keystore.location", >>> "/idn/home/salla8/ssl/kafka_client_keystore.jks"); >>> props.put("ssl.keystore.password", "p@ssw0rd"); >>> props.put("ssl.key.password", "p@ssw0rd"); >>> Producer<String, String> producer = new >>> KafkaProducer<String, String>(props); >>> >>> >>> Configuration -server.properties: >>> broker.id=0 >>> listeners=SSL://:9093 >>> num.network.threads=3 >>> num.io.threads=8 >>> socket.send.buffer.bytes=102400 >>> socket.receive.buffer.bytes=102400 >>> socket.request.max.bytes=104857600 >>> security.inter.broker.protocol=SSL >> ssl.keystore.location=/opt/kafka_2.11-0.9.0.0/config/ssl/kafka.server.keystore.jks >>> ssl.keystore.password=p@ssw0rd >>> ssl.key.password=p@ssw0rd >> ssl.truststore.location=/opt/kafka_2.11-0.9.0.0/config/ssl/kafka.server.truststore.jks >>> ssl.truststore.password=p@ssw0rd >>> ssl.client.auth=required >>> log.dirs=/tmp/kafka-logs >>> num.partitions=1 >>> num.recovery.threads.per.data.dir=1 >>> log.retention.hours=168 >>> log.segment.bytes=1073741824 >>> log.retention.check.interval.ms=300000 >>> log.cleaner.enable=false >>> zookeeper.connect=*********:5181/test900 >>> zookeeper.connection.timeout.ms=6000 >>> >>> >>> Logs - kafkaServer.out: >>> [2016-02-17 08:58:00,226] INFO KafkaConfig values: >>> request.timeout.ms = 30000 >>> log.roll.hours = 168 >>> inter.broker.protocol.version = 0.9.0.X >>> log.preallocate = false >>> security.inter.broker.protocol = SSL >>> controller.socket.timeout.ms = 30000 >>> ssl.keymanager.algorithm = SunX509 >>> ssl.key.password = null >>> log.cleaner.enable = false >>> num.recovery.threads.per.data.dir = 1 >>> background.threads = 10 >>> unclean.leader.election.enable = true >>> sasl.kerberos.kinit.cmd = /usr/bin/kinit >>> replica.lag.time.max.ms = 10000 >>> ssl.endpoint.identification.algorithm = null >>> auto.create.topics.enable = true >>> zookeeper.sync.time.ms = 2000 >>> ssl.client.auth = required >>> ssl.keystore.password = [hidden] >>> log.cleaner.io.buffer.load.factor = 0.9 >>> offsets.topic.compression.codec = 0 >>> log.retention.hours = 168 >>> ssl.protocol = TLS >>> log.dirs = /tmp/kafka-logs >>> log.index.size.max.bytes = 10485760 >>> sasl.kerberos.min.time.before.relogin = 60000 >>> log.retention.minutes = null >>> connections.max.idle.ms = 600000 >>> ssl.trustmanager.algorithm = PKIX >>> offsets.retention.minutes = 1440 >>> max.connections.per.ip = 2147483647 >>> replica.fetch.wait.max.ms = 500 >>> metrics.num.samples = 2 >>> port = 9092 >>> offsets.retention.check.interval.ms = 600000 >>> log.cleaner.dedupe.buffer.size = 524288000 >>> log.segment.bytes = 1073741824 >>> group.min.session.timeout.ms = 6000 >>> producer.purgatory.purge.interval.requests = 1000 >>> min.insync.replicas = 1 >>> ssl.truststore.password = [hidden] >>> log.flush.scheduler.interval.ms = 9223372036854775807 >>> socket.receive.buffer.bytes = 102400 >>> leader.imbalance.per.broker.percentage = 10 >>> num.io.threads = 8 >>> offsets.topic.replication.factor = 3 >>> zookeeper.connect = lpdbd0055:5181/test900 >>> queued.max.requests = 500 >>> replica.socket.timeout.ms = 30000 >>> offsets.topic.segment.bytes = 104857600 >>> replica.high.watermark.checkpoint.interval.ms = 5000 >>> broker.id = 0 >>> ssl.keystore.location = >>> /opt/kafka_2.11-0.9.0.0/config/ssl/keystore.jks >>> listeners = SSL://:9093 >>> log.flush.interval.messages = 9223372036854775807 >>> principal.builder.class = class >>> org.apache.kafka.common.security.auth.DefaultPrincipalBuilder >>> log.retention.ms = null >>> offsets.commit.required.acks = -1 >>> sasl.kerberos.principal.to.local.rules = [DEFAULT] >>> group.max.session.timeout.ms = 30000 >>> num.replica.fetchers = 1 >>> advertised.listeners = null >>> replica.socket.receive.buffer.bytes = 65536 >>> delete.topic.enable = false >>> log.index.interval.bytes = 4096 >>> metric.reporters = [] >>> compression.type = producer >>> log.cleanup.policy = delete >>> controlled.shutdown.max.retries = 3 >>> log.cleaner.threads = 1 >>> quota.window.size.seconds = 1 >>> zookeeper.connection.timeout.ms = 6000 >>> offsets.load.buffer.size = 5242880 >>> zookeeper.session.timeout.ms = 6000 >>> ssl.cipher.suites = null >>> authorizer.class.name = >>> sasl.kerberos.ticket.renew.jitter = 0.05 >>> sasl.kerberos.service.name = null >>> controlled.shutdown.enable = true >>> offsets.topic.num.partitions = 50 >>> quota.window.num = 11 >>> message.max.bytes = 1000012 >>> log.cleaner.backoff.ms = 15000 >>> log.roll.jitter.hours = 0 >>> log.retention.check.interval.ms = 300000 >>> replica.fetch.max.bytes = 1048576 >>> log.cleaner.delete.retention.ms = 86400000 >>> fetch.purgatory.purge.interval.requests = 1000 >>> log.cleaner.min.cleanable.ratio = 0.5 >>> offsets.commit.timeout.ms = 5000 >>> zookeeper.set.acl = false >>> log.retention.bytes = -1 >>> offset.metadata.max.bytes = 4096 >>> leader.imbalance.check.interval.seconds = 300 >>> quota.consumer.default = 9223372036854775807 >>> log.roll.jitter.ms = null >>> reserved.broker.max.id = 1000 >>> replica.fetch.backoff.ms = 1000 >>> advertised.host.name = null >>> quota.producer.default = 9223372036854775807 >>> log.cleaner.io.buffer.size = 524288 >>> controlled.shutdown.retry.backoff.ms = 5000 >>> log.dir = /tmp/kafka-logs >>> log.flush.offset.checkpoint.interval.ms = 60000 >>> log.segment.delete.delay.ms = 60000 >>> num.partitions = 1 >>> num.network.threads = 3 >>> socket.request.max.bytes = 104857600 >>> sasl.kerberos.ticket.renew.window.factor = 0.8 >>> log.roll.ms = null >>> ssl.enabled.protocols = [TLSv1.2, TLSv1.1, TLSv1] >>> socket.send.buffer.bytes = 102400 >>> log.flush.interval.ms = null >>> ssl.truststore.location = >>> /opt/kafka_2.11-0.9.0.0/config/ssl/truststore.jks >>> log.cleaner.io.max.bytes.per.second = >> 1.7976931348623157E308 >>> default.replication.factor = 1 >>> metrics.sample.window.ms = 30000 >>> auto.leader.rebalance.enable = true >>> host.name = >>> ssl.truststore.type = JKS >>> advertised.port = null >>> max.connections.per.ip.overrides = >>> replica.fetch.min.bytes = 1 >>> ssl.keystore.type = JKS >>> (kafka.server.KafkaConfig) >>> Thanks, >>> Sri >>> >>> >>> >>> American Express made the following annotations >> ****************************************************************************** >>> >>> "This message and any attachments are solely for the intended recipient >>> and may contain confidential or privileged information. If you are not >> the >>> intended recipient, any disclosure, copying, use, or distribution of the >>> information included in this message and any attachments is prohibited. >> If >>> you have received this communication in error, please notify us by reply >>> e-mail and immediately and permanently delete this message and any >>> attachments. Thank you." >>> >>> >>> >>> American Express a ajouté le commentaire suivant le Ce courrier et toute >>> pièce jointe qu'il contient sont réservés au seul destinataire indiqué et >>> peuvent renfermer des >>> >>> renseignements confidentiels et privilégiés. Si vous n'êtes pas le >>> destinataire prévu, toute divulgation, duplication, utilisation ou >>> distribution du courrier ou de toute pièce jointe est interdite. Si vous >>> avez reçu cette communication par erreur, veuillez nous en aviser par >>> courrier et détruire immédiatement le courrier et les pièces jointes. >> Merci. >> ****************************************************************************** > > > > -- > Adam Kunicki > StreamSets | Field Engineer > mobile: 415.890.DATA (3282) | linkedin > <https://mailtrack.io/trace/link/9e104526a1e18b4c530acf4360fe41a70aad661f?url=http%3A%2F%2Fwww.adamkunicki.com&signature=431adc36a66f0019>