nifi-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mohammed Nadeem <nadeemm...@gmail.com>
Subject Re: SSLHandshake Exception from Site-to-Site
Date Thu, 07 Mar 2019 09:41:35 GMT
Thanks again Koji for replying and understanding my concern,

I did apply the changes you suggested but still i'm getting same
SSLHandshake error. I believe the Site2Site Remote Listener doesn't run a
server socket with the hostname we specify in *'nifi.remote.input.host'* in
nifi.properties instead it uses wildcard ipaddress *0.0.0.0* to bind
serversocket to all network interfaces to listen for incoming request from
site-to-site client, please check this line of code -  link for code line in
socketremotelisterner class
<https://github.com/apache/nifi/blob/master/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-site-to-site/src/main/java/org/apache/nifi/remote/SocketRemoteSiteListener.java#L97>

. Since the serversocket is listening on all network interfaces and it waits
for the client to accept the connection, it runs a continuous while loop
waiting to accept the connection from client, please check this segment of
code as well 
https://github.com/apache/nifi/blob/master/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-site-to-site/src/main/java/org/apache/nifi/remote/SocketRemoteSiteListener.java#L123-L129
<https://github.com/apache/nifi/blob/master/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-site-to-site/src/main/java/org/apache/nifi/remote/SocketRemoteSiteListener.java#L123-L129>

. In kubernetes, some anonymous client is able to get through the connection
to serversocket and while performing handshake its throwing the SSLHandshake
error.

This anonymous client has hostname which as ip-10-200-25-3.compute.internal
with randorm port and thats how the socketremotelisterner tries to creates
SSLsocketchannel with this anonymous client and it throws the error.

Please see the attached image i created explaining the root cause for this
error, Please do suggest if I'm correct or wrong.

<http://apache-nifi-developer-list.39713.n7.nabble.com/file/t869/s2s-error.png> 


Thanks again,
Nadeem





--
Sent from: http://apache-nifi-developer-list.39713.n7.nabble.com/

Mime
View raw message