CODEWITHSUNDEEP
ssludpnetty
zhang
zhang

Reputation: 381

Netty (UDP) SSLException : Received close_notify during handskake,close channel

I want to write an UDP Netty Server/Client with SSL . I did it in the way similar to TCP Netty Server/Client which worked well. But I meet an exception:

javax.net.ssl.SSLException:Received close_notify during handskake,close channel...

My netty is 3.x , SSL configure works well . Here is some code of my Udp Server and Client. Server:

serverBootstrap = new ConnectionlessBootstrap(
            new NioDatagramChannelFactory(Executors.newCachedThreadPool(),maxThreads));
serverBootstrap.setOption("receiveBufferSizePredictorFactory",
            new FixedReceiveBufferSizePredictorFactory(8192));
 ChannelPipelineFactory fac = null;
 try {

        ServiceDecoder serviceProcessor = (ServiceDecoder)Class.forName(serviceDecoderName).newInstance();

        Class<? extends ChannelPipelineFactory> clazz = (Class<? extends ChannelPipelineFactory>) Class
                .forName(msgFactoryName);

        Constructor ctor = clazz.getConstructor(ChannelProcessor.class,
                ChannelGroup.class, CounterGroup.class, CounterGroupExt.class, String.class,ServiceDecoder.class,
                String.class, Integer.class, String.class, String.class, Boolean.class,Integer.class,Boolean.class,Boolean.class,Context.class);

        logger.info("Using channel processor:{}", getChannelProcessor().getClass().getName());
        fac = (ChannelPipelineFactory) ctor.newInstance(
                getChannelProcessor(), allChannels, counterGroup, counterGroupExt, "udp", serviceProcessor,
                messageHandlerName, maxMsgLength, topic, attr, filterEmptyMsg, maxConnections, isCompressed,enableSsl,context);
    } catch (Exception e) {
        logger.error(
                "Simple Udp Source start error, fail to construct ChannelPipelineFactory with name {}, ex {}",
                msgFactoryName, e);
        stop();
        throw new FlumeException(e.getMessage());
    }

    serverBootstrap.setPipelineFactory(fac);

    try {
        if (host == null) {
            nettyChannel = serverBootstrap
                    .bind(new InetSocketAddress(port));
        } else {
            nettyChannel = serverBootstrap.bind(new InetSocketAddress(host,
                    port));
        }

Pipeline in Server:

 if(enableSsl) {
        cp.addLast("ssl", sslInit());
    }
if (processor != null) {

        try {
            Class<? extends SimpleChannelHandler> clazz = (Class<? extends SimpleChannelHandler>) Class
                    .forName(messageHandlerName);

            Constructor<?> ctor = clazz.getConstructor(
                    ChannelProcessor.class, ServiceDecoder.class, ChannelGroup.class,
                    CounterGroup.class, CounterGroupExt.class, String.class, String.class,
                    Boolean.class, Integer.class, Integer.class, Boolean.class);

            SimpleChannelHandler messageHandler = (SimpleChannelHandler) ctor
                    .newInstance(processor, serviceProcessor, allChannels,
                            counterGroup, counterGroupExt, topic, attr,
                            filterEmptyMsg, maxMsgLength, maxConnections, isCompressed);

            cp.addLast("messageHandler", messageHandler);

        } catch (Exception e) {
            e.printStackTrace();
        }
 }
       if (this.protocolType.equalsIgnoreCase(ConfigConstants.UDP_PROTOCOL)) {
            cp.addLast("execution", executionHandler);
        }

client:

private ConnectionlessBootstrap clientBootstrap;
    clientBootstrap = new ConnectionlessBootstrap(
            new NioDatagramChannelFactory(Executors.newCachedThreadPool()));
    clientBootstrap.setPipelineFactory(new ChannelPipelineFactory() {
        @Override
        public ChannelPipeline getPipeline() throws Exception {
            ChannelPipeline pipeline = Channels.pipeline();

            pipeline.addLast("sslHandler", sslInit());
            pipeline.addLast("orderHandler",new ExecutionHandler(
                    new OrderedMemoryAwareThreadPoolExecutor(cores * 2,
                            1024 * 1024, 1024 * 1024)));
            return pipeline;
        }
    });

Two function to send message in the client:

public void sendMessage(byte[] data) {
    ChannelBuffer buffer = ChannelBuffers.wrappedBuffer(data);
    sendMessage(buffer);
}

public void sendMessage(ChannelBuffer buffer) {
    Random random = new Random();
    Channel channel = channelList.get(random.nextInt(channelList.size()));
    if(!channel.isConnected()){
        channel.close();
        ChannelFuture cf = clientBootstrap
                .connect(new InetSocketAddress(ip, port));
        if(cf.awaitUninterruptibly(3000, TimeUnit.MILLISECONDS)){
            channel = cf.getChannel();
        }else {
            channelList.remove(channel);
            return;
        }
    }
    ChannelFuture future = channel.write(buffer);
    if(!future.awaitUninterruptibly(3, TimeUnit.SECONDS)){
        logger.warn("send failed!{}",future.getCause());
    }else {
        sendCnt.incrementAndGet();
    }
}

I suspect whether UDP Netty Server/Client support SSL. Any tips are appreciated.

Upvotes: 0

Views: 576

Answers (1)

Frederic Br&#233;gier
Frederic Br&#233;gier

Reputation: 2216

UDP does not guarantee the order of packets, as opposed to TCP, since there is no session. Thus, during the SSL negotiation, there could be an issue, depending on the order of the UDP packets.

According to what I read, you might have a look to DTLS which suppose to add a sort of order control in UDP packets, but lot of SSL libraries do not support it.

Since Netty only implements TLS, it may not work with UDP.

Upvotes: 0

Related Questions