Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

ListenTCP using SSLStandard contex giving error , Error reading from channel due to failed to decrypt the data IO exception fail to decrypt the data

ListenTCP using SSLStandard contex giving error , Error reading from channel due to failed to decrypt the data IO exception fail to decrypt the data

Contributor

HI All,

Thanks a lot to this awesome community.

I have a listenTCP which uses StandardSSLCOntextService to encrypted traffic, however I am getting an error as

Error reading from channel due to failed to decrypt the data IO exception fail to decrypt the data

any suggestions,

Thanks

Dheeru

5 REPLIES 5
Highlighted

Re: ListenTCP using SSLStandard contex giving error , Error reading from channel due to failed to decrypt the data IO exception fail to decrypt the data

Please provide the version of NiFi/HDF you are using, the configuration of the StandardSSLContextService, and the full stacktrace from nifi-app.log. The information above is not enough for us to diagnose this issue.

Highlighted

Re: ListenTCP using SSLStandard contex giving error , Error reading from channel due to failed to decrypt the data IO exception fail to decrypt the data

Contributor

@Andy LoPresto apologies I should have provided that, got busy in troubleshooting please find below the images,

42693-erro-1.png

43658-erro-2.png

The only error message I am getting in the nifi-app.log is this

"Error reading from channel due to Failed to decrypt data: java.io.IOException: Failed to decrypt data"

no stack trace as such,

My nifi cluster is 6 nodes cluster, with https enabled.

any suggestion or help,

Thanks

Dheeru

Highlighted

Re: ListenTCP using SSLStandard contex giving error , Error reading from channel due to failed to decrypt the data IO exception fail to decrypt the data

@dhieru singh

What version of HDF are you using? Also, what SSL Protocol is your StandardSSLContextService controller service configured to use?

Highlighted

Re: ListenTCP using SSLStandard contex giving error , Error reading from channel due to failed to decrypt the data IO exception fail to decrypt the data

Contributor

@Wynner appreciate your response.

I read on the community that TLSv1.2 is only supported. We are many leagcy SSL versions.

Thanks

Dheeru

Highlighted

Re: ListenTCP using SSLStandard contex giving error , Error reading from channel due to failed to decrypt the data IO exception fail to decrypt the data

It depends on a number of factors:

  • Apache NiFi version -- < 1.2.0, NiFi will support all SSL and TLS protocol versions. After 1.2.0, only TLS v1.2 is supported for incoming connections (i.e. REST API, UI, ListenHTTP processor, etc.), while the other protocol versions are supported for outgoing connections (i.e. InvokeHTTP connection to a legacy server).
  • Java Runtime Environment -- Java 8 Update 31 and Java 7 Update 75 both disable support for SSLv2 and SSLv3 protocols. If you are running on a JRE later than this, you need to explicitly enable SSL (against best practices) by modifying the java.security file or using static initialization. Again, this is a very bad idea.

The best solution here is to upgrade the protocol version you are using to TLS v1.2 if possible. If not, introduce a proxy server to perform bidirectional handshakes. NiFi/HDF is not designed to allow legacy SSL protocols due to their demonstrated security vulnerabilities.

Don't have an account?
Coming from Hortonworks? Activate your account here