devbox
花生_TL007
这个屌丝很懒,什么也没留下!
关注作者
热门标签
热门文章
当前位置:   article > 正文

ElasticSearch学习(十二)—— es7.2日志警告SSLHandshakeException: no cipher suites in common_io.netty.handler.codec.decoderexception: javax.net

作者:花生_TL007 | 2024-04-20 13:38:37

io.netty.handler.codec.decoderexception: javax.net.ssl.sslhandshakeexception

设置xpack后启动es 日志如下

  1. [2023-06-14T09:13:58,905][WARN ][o.e.t.OutboundHandler    ] [node-1] send message failed [channel: Netty4TcpChannel{localAddress=0.0.0.0/0.0.0.0:43728, remoteAddress=/127.0.0.1:9300}]
  2.  
  3. javax.net.ssl.SSLException: Received fatal alert: handshake_failure
  4.  
  5.         at sun.security.ssl.Alerts.getSSLException(Alerts.java:208) ~[?:?]
  6.  
  7.         at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1666) ~[?:?]
  8.  
  9.         at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1634) ~[?:?]
  10.  
  11.         at sun.security.ssl.SSLEngineImpl.recvAlert(SSLEngineImpl.java:1800) ~[?:?]
  12.  
  13.         at sun.security.ssl.SSLEngineImpl.readRecord(SSLEngineImpl.java:1083) ~[?:?]
  14.  
  15.         at sun.security.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:907) ~[?:?]
  16.  
  17.         at sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:781) ~[?:?]
  18.  
  19.         at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:624) ~[?:1.8.0_161]
  20.  
  21.         at io.netty.handler.ssl.SslHandler$SslEngineType$3.unwrap(SslHandler.java:295) ~[netty-handler-4.1.35.Final.jar:4.1.35.Final]
  22.  
  23.         at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1332) [netty-handler-4.1.35.Final.jar:4.1.35.Final]
  24.  
  25.         at io.netty.handler.ssl.SslHandler.decodeJdkCompatible(SslHandler.java:1227) [netty-handler-4.1.35.Final.jar:4.1.35.Final]
  26.  
  27.         at io.netty.handler.ssl.SslHandler.decode(SslHandler.java:1274) [netty-handler-4.1.35.Final.jar:4.1.35.Final]
  28.  
  29.         at io.netty.handler.codec.ByteToMessageDecoder.decodeRemovalReentryProtection(ByteToMessageDecoder.java:502) [netty-codec-4.1.35.Final.jar:4.1.35.Final]
  30.  
  31.         at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:441) [netty-codec-4.1.35.Final.jar:4.1.35.Final]
  32.  
  33.         at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:278) [netty-codec-4.1.35.Final.jar:4.1.35.Final]
  34.  
  35.         at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:374) [netty-transport-4.1.35.Final.jar:4.1.35.Final]
  36.  
  37.         at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:360) [netty-transport-4.1.35.Final.jar:4.1.35.Final]
  38.  
  39.         at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:352) [netty-transport-4.1.35.Final.jar:4.1.35.Final]
  40.  
  41.         at io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1408) [netty-transport-4.1.35.Final.jar:4.1.35.Final]
  42.  
  43.         at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:374) [netty-transport-4.1.35.Final.jar:4.1.35.Final]
  44.  
  45.         at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:360) [netty-transport-4.1.35.Final.jar:4.1.35.Final]
  46.  
  47.         at io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:930) [netty-transport-4.1.35.Final.jar:4.1.35.Final]
  48.  
  49.         at io.netty.channel.nio.AbstractNioByteChannel$NioByteUnsafe.read(AbstractNioByteChannel.java:163) [netty-transport-4.1.35.Final.jar:4.1.35.Final]
  50.  
  51.         at io.netty.channel.nio.NioEventLoop.processSelectedKey(NioEventLoop.java:682) [netty-transport-4.1.35.Final.jar:4.1.35.Final]
  52.  
  53.         at io.netty.channel.nio.NioEventLoop.processSelectedKeysPlain(NioEventLoop.java:582) [netty-transport-4.1.35.Final.jar:4.1.35.Final]
  54.  
  55.         at io.netty.channel.nio.NioEventLoop.processSelectedKeys(NioEventLoop.java:536) [netty-transport-4.1.35.Final.jar:4.1.35.Final]
  56.  
  57.         at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:496) [netty-transport-4.1.35.Final.jar:4.1.35.Final]
  58.  
  59.         at io.netty.util.concurrent.SingleThreadEventExecutor$5.run(SingleThreadEventExecutor.java:906) [netty-common-4.1.35.Final.jar:4.1.35.Final]
  60.  
  61.         at io.netty.util.internal.ThreadExecutorMap$2.run(ThreadExecutorMap.java:74) [netty-common-4.1.35.Final.jar:4.1.35.Final]
  62.  
  63.         at java.lang.Thread.run(Thread.java:748) [?:1.8.0_161]
  64.  
  65. [2023-06-14T09:13:58,902][WARN ][o.e.t.TcpTransport       ] [node-1] exception caught on transport layer [Netty4TcpChannel{localAddress=0.0.0.0/0.0.0.0:9300, remoteAddress=/127.0.0.1:43728}], closing connection
  66.  
  67. io.netty.handler.codec.DecoderException: javax.net.ssl.SSLHandshakeException: no cipher suites in common
  68.  
  69.         at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:472) ~[netty-codec-4.1.35.Final.jar:4.1.35.Final]
  70.  
  71.         at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:278) ~[netty-codec-4.1.35.Final.jar:4.1.35.Final]
  72.  
  73.         at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:374) [netty-transport-4.1.35.Final.jar:4.1.35.Final]
  74.  
  75.         at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:360) [netty-transport-4.1.35.Final.jar:4.1.35.Final]
  76.  
  77.         at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:352) [netty-transport-4.1.35.Final.jar:4.1.35.Final]
  78.  
  79.         at io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1408) [netty-transport-4.1.35.Final.jar:4.1.35.Final]
  80.  
  81.         at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:374) [netty-transport-4.1.35.Final.jar:4.1.35.Final]
  82.  
  83.         at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:360) [netty-transport-4.1.35.Final.jar:4.1.35.Final]
  84.  
  85.         at io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:930) [netty-transport-4.1.35.Final.jar:4.1.35.Final]
  86.  
  87.         at io.netty.channel.nio.AbstractNioByteChannel$NioByteUnsafe.read(AbstractNioByteChannel.java:163) [netty-transport-4.1.35.Final.jar:4.1.35.Final]
  88.  
  89.         at io.netty.channel.nio.NioEventLoop.processSelectedKey(NioEventLoop.java:682) [netty-transport-4.1.35.Final.jar:4.1.35.Final]
  90.  
  91.         at io.netty.channel.nio.NioEventLoop.processSelectedKeysPlain(NioEventLoop.java:582) [netty-transport-4.1.35.Final.jar:4.1.35.Final]
  92.  
  93.         at io.netty.channel.nio.NioEventLoop.processSelectedKeys(NioEventLoop.java:536) [netty-transport-4.1.35.Final.jar:4.1.35.Final]
  94.  
  95.         at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:496) [netty-transport-4.1.35.Final.jar:4.1.35.Final]
  96.  
  97.         at io.netty.util.concurrent.SingleThreadEventExecutor$5.run(SingleThreadEventExecutor.java:906) [netty-common-4.1.35.Final.jar:4.1.35.Final]
  98.  
  99.         at io.netty.util.internal.ThreadExecutorMap$2.run(ThreadExecutorMap.java:74) [netty-common-4.1.35.Final.jar:4.1.35.Final]
  100.  
  101.         at java.lang.Thread.run(Thread.java:748) [?:1.8.0_161]

配置CA证书如下

  • 生成CA证书

在es的bin下执行

./elasticsearch-certutil ca

Please enter the desired output file [elastic-stack-ca.p12]: // 设置文件生成名称(可回车跳过,默认为elastic-stack-ca.p12)
Enter password for elastic-stack-ca.p12 : // 设置证书密码(如不设置也可回车跳过)

  •  对生成的CA证书进行验证

依次执行以下命令

  1. ./elasticsearch-certutil cert --ca elastic-stack-ca.p12  #依次输入上一个步骤的密码。回车(文件使用默认名),密码(建议与上一步密码相同)
  2.  
  3. ./elasticsearch-keystore add xpack.security.transport.ssl.keystore.secure_password    #并输入第一步输入的密码 
  4.  
  5. ./elasticsearch-keystore add xpack.security.transport.ssl.truststore.secure_password  #并输入第一步输入的密码

  • 新增xpack配置

执行完命令后会得到三个文件,如不设置文件名称,则是elastic-certificates.p12、elasticsearch.keystore、elastic-stack-ca.p12

其中(我的设置完路径如下)elastic-certificates.p12、elastic-stack-ca.p12在es跟路径,elasticsearch.keystore在config目录下

将这三个文件都拷贝到config目录下,然后在之前的xpack配置后增加:

  1. xpack.security.transport.ssl.verification_mode: certificate
  2. xpack.security.transport.ssl.keystore.path: /opt/elk/elasticsearch-7.2.0/config/elastic-certificates.p12
  3. xpack.security.transport.ssl.truststore.path: /opt/elk/elasticsearch-7.2.0/config/elastic-certificates.p12

配置修改完成,重启es服务,日志正常。 

声明:本文内容由网友自发贡献,不代表【wpsshop博客】立场,版权归原作者所有,本站不承担相应法律责任。如您发现有侵权的内容,请联系我们。转载请注明出处:https://www.wpsshop.cn/w/花生_TL007/article/detail/457561
推荐阅读
相关标签

Copyright © 2003-2013 www.wpsshop.cn 版权所有,并保留所有权利。

  

闽ICP备14008679号