为什么"OPENSSL_internal:WRONG_VERSION_NUMBER"警告被记录在Cassandra中?



我在C*日志和所有节点中看到以下异常。这是否与系统库等有关?顺便说一句,所有节点上安装的openSSL都是相同的,并且有效的证书都在适当的位置。

版本:Cassandra-4.0.7操作系统:Centos

WARN  [epollEventLoopGroup-5-9] 2023-01-23 09:42:32,537 PreV5Handlers.java:261 - 
Unknown exception in client networking
io.netty.handler.codec.DecoderException: javax.net.ssl.SSLHandshakeException: 
error:100000f7:SSL routines:OPENSSL_internal:WRONG_VERSION_NUMBER
at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:478)
at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:276)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:365)
at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:357)
at io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1410)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:365)
at io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:919)
at io.netty.channel.epoll.AbstractEpollStreamChannel$EpollStreamUnsafe.epollInReady(AbstractEpollStreamChannel.java:795)
at io.netty.channel.epoll.EpollEventLoop.processReady(EpollEventLoop.java:480)
at io.netty.channel.epoll.EpollEventLoop.run(EpollEventLoop.java:378)
at io.netty.util.concurrent.SingleThreadEventExecutor$4.run(SingleThreadEventExecutor.java:989)
at io.netty.util.internal.ThreadExecutorMap$2.run(ThreadExecutorMap.java:74)
at io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30)
at java.base/java.lang.Thread.run(Thread.java:829)
Caused by: javax.net.ssl.SSLHandshakeException: error:100000f7:SSL routines:OPENSSL_internal:WRONG_VERSION_NUMBER
at io.netty.handler.ssl.ReferenceCountedOpenSslEngine.sslReadErrorResult(ReferenceCountedOpenSslEngine.java:1309)
at io.netty.handler.ssl.ReferenceCountedOpenSslEngine.unwrap(ReferenceCountedOpenSslEngine.java:1270)
at io.netty.handler.ssl.ReferenceCountedOpenSslEngine.unwrap(ReferenceCountedOpenSslEngine.java:1346)
at io.netty.handler.ssl.ReferenceCountedOpenSslEngine.unwrap(ReferenceCountedOpenSslEngine.java:1389)
at io.netty.handler.ssl.SslHandler$SslEngineType$1.unwrap(SslHandler.java:206)
at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1387)
at io.netty.handler.ssl.SslHandler.decodeNonJdkCompatible(SslHandler.java:1294)
at io.netty.handler.ssl.SslHandler.decode(SslHandler.java:1331)
at io.netty.handler.codec.ByteToMessageDecoder.decodeRemovalReentryProtection(ByteToMessageDecoder.java:508)
at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:447)
... 15 common frames omitted
"system.log" 6846L, 1121571B                                                                                                                                                                     6846,2-9      Bot

有人遇到过这个吗?请解释一下。

感谢

根据我的经验,SSLHandshakeException警告最常见的原因是客户端在没有SSL证书的情况下连接到集群。

考虑这样的情况:您启用了监视,代理/守护进程/进程试图连接到加密的集群,但没有使用SSL连接。这也可能发生在客户端应用程序(通常是微服务)连接到集群没有SSL。

您需要识别未正确配置的连接到集群的客户端/应用程序。

请注意,消息记录在WARN级别(而不是ERROR),因为这对集群的操作没有影响。只有配置错误的客户端/应用程序受到此问题的影响。干杯!


👉请支持Apache Cassandra社区,将鼠标放在Cassandra标签上,然后点击Watch tag按钮。🙏谢谢!

相关内容

  • 没有找到相关文章

最新更新