You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@solr.apache.org by "Yordan Borisov (Jira)" <ji...@apache.org> on 2022/02/19 16:06:00 UTC

[jira] [Commented] (SOLR-16023) Solr obtain zookeeper ruok via ssl cause error

    [ https://issues.apache.org/jira/browse/SOLR-16023?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17494993#comment-17494993 ] 

Yordan Borisov commented on SOLR-16023:
---------------------------------------

I think this error has happened before and has not been fixed : https://lists.apache.org/thread/3onw9dflrsrhpxzqwp33dkb0qxkczv46

> Solr obtain zookeeper ruok via ssl cause error
> ----------------------------------------------
>
>                 Key: SOLR-16023
>                 URL: https://issues.apache.org/jira/browse/SOLR-16023
>             Project: Solr
>          Issue Type: Bug
>      Security Level: Public(Default Security Level. Issues are Public) 
>    Affects Versions: 8.11.1
>            Reporter: Yordan Borisov
>            Priority: Major
>
> Enabling ssl in Solr and Zookeeper which is listening only on secure port (e.g. 2283) cause
> an empty response from Zookeeper because of the following error
> {code:java}
> Caused by: io.netty.handler.ssl.NotSslRecordException: not an SSL/TLS record:  72756f6b0a {code}
> The current implementation in Solr is working with Socket where it should be SslSocket in order to create ssl layer before sending the request.
> I believe the problem comes from : org.apache.solr.handler.admin.ZookeeperStatusHandler#getZkRawResponse where the communication between Solr and ZooKeeper happens by using this code :
> {code:java}
> Socket socket = new Socket(host, port);
> ......
> {code}
> and it is a plain text, but the ZooKeeper listens only on *secureClientPort* (e.g. 2281) where the *clientPort* is not defined.
>  
> What is the expected behaviour here? Can Solr and ZooKeeper communicate only via SSL?
> I validated that secureClientPort works with the following command:
> {code:bash}
> ~$ echo srvr | ncat --ssl localhost 2281
> Zookeeper version: 3.6.3--6401e4ad2087061bc6b9f80dec2d69f2e3c8660a, built on 04/08/2021 16:35 GMT
> Latency min/avg/max: 0/0.0/0
> Received: 1
> Sent: 0
> Connections: 1
> Outstanding: 0
> Zxid: 0x2000001f3
> Mode: follower
> Node count: 87
> {code}
> Java version: OpenJDK Runtime Environment (build 1.8.0_312-8u312-b07-0ubuntu1~20.04-b07)
> Solr version 8.11.1
> Zookeeper version: 3.6.3



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@solr.apache.org
For additional commands, e-mail: issues-help@solr.apache.org