search

Tencent / TencentKonaSMSuite

Tencent Kona SM Suite contains a set of Java security providers, which support algorithms SM2, SM3 and SM4, and protocols TLCP/GMSSL, TLS 1.3 (with RFC 8998) and TLS 1.2.
Other
356 stars 73 forks source link

TLCPWithNettyDemo error "io.netty.handler.ssl.NotSslRecordException: not an SSL/TLS record" #770

Closed meteor199 closed 5 months ago

meteor199 commented 5 months ago

我使用项目内的TLCPWithNettyDemo ,报错: "io.netty.handler.ssl.NotSslRecordException: not an SSL/TLS record"

环境:

java version "21.0.2" 2024-01-16 LTS Java(TM) SE Runtime Environment (build 21.0.2+13-LTS-58) Java HotSpot(TM) 64-Bit Server VM (build 21.0.2+13-LTS-58, mixed mode, sharing) kona: 1.0.12 netty: 4.1.63.Final

项目地址

https://github.com/meteor199/issue-kona-ssl

错误堆栈

4月 23, 2024 10:02:09 上午 io.netty.channel.DefaultChannelPipeline onUnhandledInboundException
WARNING: An exceptionCaught() event was fired, and it reached at the tail of the pipeline. It usually means the last handler in the pipeline did not handle the exception.
io.netty.handler.codec.DecoderException: io.netty.handler.ssl.NotSslRecordException: not an SSL/TLS record: 16010100450100004101014968770c47ed73f944d79dfc8131f0fbe069ca9520485a4d8f773c228ed0b7fa000002e013010000160010000e000c02683208485454502f312e3100230000
    at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:478)
    at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:276)
    at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379)
    at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:365)
    at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:357)
    at io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1410)
    at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379)
    at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:365)
    at io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:919)
    at io.netty.channel.nio.AbstractNioByteChannel$NioByteUnsafe.read(AbstractNioByteChannel.java:166)
    at io.netty.channel.nio.NioEventLoop.processSelectedKey(NioEventLoop.java:719)
    at io.netty.channel.nio.NioEventLoop.processSelectedKeysOptimized(NioEventLoop.java:655)
    at io.netty.channel.nio.NioEventLoop.processSelectedKeys(NioEventLoop.java:581)
    at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:493)
    at io.netty.util.concurrent.SingleThreadEventExecutor$4.run(SingleThreadEventExecutor.java:989)
    at io.netty.util.internal.ThreadExecutorMap$2.run(ThreadExecutorMap.java:74)
    at io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30)
    at java.base/java.lang.Thread.run(Thread.java:1583)
Caused by: io.netty.handler.ssl.NotSslRecordException: not an SSL/TLS record: 16010100450100004101014968770c47ed73f944d79dfc8131f0fbe069ca9520485a4d8f773c228ed0b7fa000002e013010000160010000e000c02683208485454502f312e3100230000
    at io.netty.handler.ssl.SslHandler.decodeJdkCompatible(SslHandler.java:1232)
    at io.netty.handler.ssl.SslHandler.decode(SslHandler.java:1300)
    at io.netty.handler.codec.ByteToMessageDecoder.decodeRemovalReentryProtection(ByteToMessageDecoder.java:508)
    at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:447)
    ... 17 more
meteor199 commented 5 months ago

当使用 netty 4.1.109.Final 时,控制台无任何输出,会直接退出。 image

johnshajiang commented 5 months ago

当使用 netty 4.1.109.Final 时,控制台无任何输出,会直接退出。

那可能是测试成功了。 这个测试默认并没有打印日志。

方法TLCPWithNettyDemo::tlcpDemo中有如下行, // System.setProperty("com.tencent.kona.ssl.debug", "all"); 把它放开,就可以打印出握手的详细信息了。

johnshajiang commented 5 months ago

netty: 4.1.63.Final

我用这个版本也会报错。 从4.1.66开始,就没有问题了。

meteor199 commented 5 months ago

嗯嗯谢谢,升级版本后不会报错了。

不过好像无法正常发送消息,报 Encrypted Alert 21.

image

客户端出现channelInactive

channelRegistered
SslHandshakeCompletionEvent(SUCCESS)
SslCloseCompletionEvent(java.nio.channels.ClosedChannelException)
channelInactive
channelUnregistered
stop!

我更新了示例项目,运行可以重现,麻烦您了:https://github.com/meteor199/issue-kona-ssl

johnshajiang commented 5 months ago

测试时只是连接一下就断开了,可能是由于这个原因。 那个Encrypted Alert是close_notify?

com.tencent.kona.ssl|FINE|E0|Thread-4|2024-04-23 16:23:08.709 CST|SSLSocketOutputRecord.java:71|WRITE: TLCPv1.1 alert(close_notify), length = 10
com.tencent.kona.ssl|FINE|10|Test worker|2024-04-23 16:23:08.709 CST|SSLSocketOutputRecord.java:71|WRITE: TLCPv1.1 alert(close_notify), length = 10
meteor199 commented 5 months ago

嗯嗯,看起来是的。请问连接一下就断开,可能是什么原因

johnshajiang commented 5 months ago

作为测试程序,握手成功就可以退出了。不然,程序不能结束。

meteor199 commented 5 months ago

嗯嗯谢谢。请问怎么可以不退出,我们目前无法正常发送数据。不使用tlcp时,程序可以正常发送和接收数据,如项目内的NettyDemo.java;使用tlcp后,无法发送数据了

johnshajiang commented 5 months ago

修改TLCPWithNettyDemo$ClientHandler类,

public void channelActive(ChannelHandlerContext ctx) {
    ctx.writeAndFlush("Client request\n");
}

之前它有一个addListener(ChannelFutureListener.CLOSE)

meteor199 commented 5 months ago

收到

johnshajiang commented 5 months ago

如果这个问题已经解决了,请关闭它。 若有新的问题,欢迎新开issue。

P.S. 如想支持该项目,请为它加星 ;-)

meteor199 commented 5 months ago

嗯嗯解决了,谢谢