Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Announcements
Check out our newest addition to the community, the Cloudera Data Analytics (CDA) group hub.

ListenTCP using SSLStandard contex giving error , Error reading from channel due to failed to decrypt the data IO exception fail to decrypt the data

Labels:
dhieru
Contributor

Created ‎11-17-2017 04:11 AM

HI All,

Thanks a lot to this awesome community.

I have a listenTCP which uses StandardSSLCOntextService to encrypted traffic, however I am getting an error as

Error reading from channel due to failed to decrypt the data IO exception fail to decrypt the data

any suggestions,

Thanks

Dheeru

1,304 Views
0 Kudos
5 REPLIES 5

alopresto
Guru

Created ‎11-17-2017 11:00 PM

Please provide the version of NiFi/HDF you are using, the configuration of the StandardSSLContextService, and the full stacktrace from nifi-app.log. The information above is not enough for us to diagnose this issue.

1,047 Views
0 Kudos

dhieru
Contributor

Created on ‎11-21-2017 04:47 PM - edited ‎08-17-2019 09:50 PM

@Andy LoPresto apologies I should have provided that, got busy in troubleshooting please find below the images,

42693-erro-1.png

43658-erro-2.png

The only error message I am getting in the nifi-app.log is this

"Error reading from channel due to Failed to decrypt data: java.io.IOException: Failed to decrypt data"

no stack trace as such,

My nifi cluster is 6 nodes cluster, with https enabled.

any suggestion or help,

Thanks

Dheeru

1,047 Views
0 Kudos

Wynner
Guru

Created ‎11-29-2017 09:22 PM

@dhieru singh

What version of HDF are you using? Also, what SSL Protocol is your StandardSSLContextService controller service configured to use?

1,047 Views
0 Kudos

dhieru
Contributor

Created ‎11-30-2017 03:24 PM

@Wynner appreciate your response.

I read on the community that TLSv1.2 is only supported. We are many leagcy SSL versions.

Thanks

Dheeru

1,047 Views
0 Kudos

alopresto
Guru

Created ‎11-30-2017 07:28 PM

It depends on a number of factors:

  • Apache NiFi version -- < 1.2.0, NiFi will support all SSL and TLS protocol versions. After 1.2.0, only TLS v1.2 is supported for incoming connections (i.e. REST API, UI, ListenHTTP processor, etc.), while the other protocol versions are supported for outgoing connections (i.e. InvokeHTTP connection to a legacy server).
  • Java Runtime Environment -- Java 8 Update 31 and Java 7 Update 75 both disable support for SSLv2 and SSLv3 protocols. If you are running on a JRE later than this, you need to explicitly enable SSL (against best practices) by modifying the java.security file or using static initialization. Again, this is a very bad idea.

The best solution here is to upgrade the protocol version you are using to TLS v1.2 if possible. If not, introduce a proxy server to perform bidirectional handshakes. NiFi/HDF is not designed to allow legacy SSL protocols due to their demonstrated security vulnerabilities.

1,047 Views
0 Kudos
Take a Tour of the Community
Don't have an account?
Register
Your experience may be limited. Sign in to explore more.
Announcements
What's New @ Cloudera
Cloudera Operational Database (COD) UI supports creating a smaller cluster using a predefined Data Lake template
What's New @ Cloudera
Cloudera Operational Database (COD) supports scaling up the clusters vertically
Product Announcements
CDP Public Cloud: April 2023 Release Summary
What's New @ Cloudera
Cloudera Machine Learning launches "Add Data" feature to simplify data ingestion
What's New @ Cloudera
Simplify Data Access with Custom Connection Support in CML
View More Announcements