Hi, What happens when you point Solr to ZK secure port is that Solr tries to talk non-SSL TCP with the secure (HTTP) port and it fails.
See more at https://cwiki.apache.org/confluence/display/ZOOKEEPER/ZooKeeper+SSL+User+Guide. You should be able to configure a set of system props on Solr side which instructs the Zookeeper Java client to talk SSL with Zookeeper, but you may need to add some additional jar files to Solr for it to work. See also https://issues.apache.org/jira/browse/SOLR-8342 and https://issues.apache.org/jira/browse/SOLR-7893 for an attempt to start documenting this in RefGuide and making some tool support for configuring. Contributions welcome! Jan > 16. sep. 2021 kl. 14:56 skrev Robert Pearce <rp3...@gmail.com>: > > Hello, > > I have a question regarding Solr and Zookeeper configured for SSL. Simply, > does Solr default to non-SSL when connecting with the Zookeeper secure port > on localhost? > > Solr 8.9, Zookeeper 3.6.2 > One Zookeeper instance configured for SSL > One Solr instance configured for SSL, pointing at ZK secure port, started in > Cloud mode. > > I have created self-signed certificates and keys for both Zookeeper and Solr. > The truststore for both contains all the necessary certificates. > I can configure Zookeeper for SSL and connect zkCli.sh to the secure port > successfully. > I can configure Solr for SSL and run it connecting to the standard ZK port > (2181); the admin UI loads with https, etc. > I have set the clusterprops.json urlScheme = https > > Whenever I configure Solr to connect on the secure ZK port, however, I see > this in the Solr.log: > > o.a.z.ClientCnxn Opening socket connection to server localhost/127.0.0.1:2281 > o.a.z.ClientCnxn SASL config status: Will not attempt to authenticate using > SASL (unknown error) > o.a.z.ClientCnxn Socket connection established, initiating session, client: > /127.0.0.1:58062, server: localhost/127.0.0.1:2281 > o.a.z.ClientCnxn Session 0x0 for server localhost/127.0.0.1:2281, Closing > socket connection. Attempting reconnect except it is a > SessionExpiredException => EndOfStreamException: Unable to read additional > data from server sessionid 0x0, likely server has closed socket > > (These lines are separated by a few ms, no more) > > And the Zookeeper log has an error for each call: > io.netty.handler.ssl.NotSslRecordException: not an SSL/TLS record > > This is making me think Solr defaults to plain text on localhost regardless > of setup. > > Regards > > Rob
