No cipher suits

laijianbin · November 25, 2019, 2:40am

when zipkin connect to elasticsearch which Connections are secured using Transport Layer Security.

[2019-11-25T10:01:04,749][WARN ][o.e.h.n.Netty4HttpServerTransport] [lFAgPu1] caught exception while handling client http traffic, closing connection [id: 0x2359f2a9, L:0.0.0.0/0.0.0.0:9200 ! R:/172.17.2.154:43979]
io.netty.handler.codec.DecoderException: javax.net.ssl.SSLHandshakeException: no cipher suites in common
        at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:472) ~[netty-codec-4.1.32.Final.jar:4.1.32.Final]
        at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:278) ~[netty-codec-4.1.32.Final.jar:4.1.32.Final]
        at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:362) [netty-transport-4.1.32.Final.jar:4.1.32.Final]
        at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:348) [netty-transport-4.1.32.Final.jar:4.1.32.Final]
        at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:340) [netty-transport-4.1.32.Final.jar:4.1.32.Final]

        at io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1434) [netty-transport-4.1.32.Final.jar:4.1.32.Final]
        at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:362) [netty-transport-4.1.32.Final.jar:4.1.32.Final]
        at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:348) [netty-transport-4.1.32.Final.jar:4.1.32.Final]
        at io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:965) [netty-transport-4.1.32.Final.jar:4.1.32.Final]
        at io.netty.channel.nio.AbstractNioByteChannel$NioByteUnsafe.read(AbstractNioByteChannel.java:163) [netty-transport-4.1.32.Final.jar:4.1.32.Final]
        at io.netty.channel.nio.NioEventLoop.processSelectedKey(NioEventLoop.java:656) [netty-transport-4.1.32.Final.jar:4.1.32.Final]
        at io.netty.channel.nio.NioEventLoop.processSelectedKeysPlain(NioEventLoop.java:556) [netty-transport-4.1.32.Final.jar:4.1.32.Final]

       at io.netty.channel.nio.NioEventLoop.processSelectedKeys(NioEventLoop.java:510) [netty-transport-4.1.32.Final.jar:4.1.32.Final]
        at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:470) [netty-transport-4.1.32.Final.jar:4.1.32.Final]
        at io.netty.util.concurrent.SingleThreadEventExecutor$5.run(SingleThreadEventExecutor.java:909) [netty-common-4.1.32.Final.jar:4.1.32.Final]
        at java.lang.Thread.run(Thread.java:745) [?:1.8.0_121]
Caused by: javax.net.ssl.SSLHandshakeException: no cipher suites in common
        at sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1478) ~[?:?]
        at sun.security.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:535) ~[?:?]

       at sun.security.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:813) ~[?:?]
        at sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:781) ~[?:?]
        at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:624) ~[?:1.8.0_121]
        at io.netty.handler.ssl.SslHandler$SslEngineType$3.unwrap(SslHandler.java:295) ~[netty-handler-4.1.32.Final.jar:4.1.32.Final]
        at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1301) ~[netty-handler-4.1.32.Final.jar:4.1.32.Final]
        at io.netty.handler.ssl.SslHandler.decodeJdkCompatible(SslHandler.java:1203) ~[netty-handler-4.1.32.Final.jar:4.1.32.Final]
        at io.netty.handler.ssl.SslHandler.decode(SslHandler.java:1247) ~[netty-handler-4.1.32.Final.jar:4.1.32.Final]

       at io.netty.handler.codec.ByteToMessageDecoder.decodeRemovalReentryProtection(ByteToMessageDecoder.java:502) ~[netty-codec-4.1.32.Final.jar:4.1.32.Final]
        at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:441) ~[netty-codec-4.1.32.Final.jar:4.1.32.Final]
        ... 15 more
Caused by: javax.net.ssl.SSLHandshakeException: no cipher suites in common
        at sun.security.ssl.Alerts.getSSLException(Alerts.java:192) ~[?:?]
        at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1666) ~[?:?]
        at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:304) ~[?:?]
       at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:292) ~[?:?]
        at sun.security.ssl.ServerHandshaker.chooseCipherSuite(ServerHandshaker.java:1045) ~[?:?]
        at sun.security.ssl.ServerHandshaker.clientHello(ServerHandshaker.java:741) ~[?:?]
        at sun.security.ssl.ServerHandshaker.processMessage(ServerHandshaker.java:224) ~[?:?]
        at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1026) ~[?:?]
        at sun.security.ssl.Handshaker$1.run(Handshaker.java:966) ~[?:?]
        at sun.security.ssl.Handshaker$1.run(Handshaker.java:963) ~[?:?]

Generate certificate steps

1.bin/elasticsearch-certutil ca

2.bin/elasticsearch-certutil cert --ca elastic-stack-ca.p12

my elasticsearch.yml

xpack.security.enabled: true
network.host: 172.17.2.154 #节点IP
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: certs/elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: certs/elastic-certificates.p12
xpack.security.http.ssl.enabled: true
xpack.security.http.ssl.keystore.path: certs/elastic-certificates.p12
xpack.security.http.ssl.truststore.path: certs/elastic-certificates.p12
xpack.security.transport.ssl.keystore.password: 123456
xpack.security.transport.ssl.truststore.password: 123456
xpack.security.http.ssl.keystore.password: 123456
xpack.security.http.ssl.truststore.password: 123456

I start zipkin use the command as below.
STORAGE_TYPE=elasticsearch ES_HOSTS=https://172.17.2.154:9200 ES_USERNAME=elastic ES_PASSWORD=123456 ES_INDEX=bos-dev-zipkin java -Djavax.net.ssl.keyStore=elastic-certificates.p12 -Djavax.net.ssl.keyStorePassword=123456 -Djavax.net.ssl.keyStoreType=PKCS12 -Djavax.net.ssl.trustStore=elastic-certificates.p12 -Djavax.net.ssl.trustStorePassword=123456 -Djavax.net.ssl.trustStoreType=PKCS12 -Djavax.net.debug=all -jar zipkin-server-2.19.1-exec.jar

ikakavas · November 25, 2019, 8:37am

Hi there,

Please refrain from creating multiple posts for the same issue in these forums. It's far more probable for you to get some assistance when both you and folks that try to assist you can all focus on one topic instead of multiple. How about you close this and we continue on the topic with the same title that you opened 6 days ago ?

laijianbin · November 25, 2019, 9:09am

ok, I am sorry about it.
but how to close? just click the Solution buttion ?

laijianbin · November 25, 2019, 9:13am

ok, I am sorry about it.
but how to close? just click the Solution button ?

ikakavas · November 25, 2019, 9:21am

I just closed it since you are ok with this, lets continue on No cipher suits in common