I have a Spring Boot app where it connects to the database which is not inside the container. After I build the image and run I get following exception:
Caused by: javax.net.ssl.SSLHandshakeException: The server selected protocol version TLS10 is not accepted by client preferences [TLS13, TLS12]
at java.base/sun.security.ssl.Alert.createSSLException(Unknown Source) ~[na:na]
at java.base/sun.security.ssl.Alert.createSSLException(Unknown Source) ~[na:na]
at java.base/sun.security.ssl.TransportContext.fatal(Unknown Source) ~[na:na]
at java.base/sun.security.ssl.TransportContext.fatal(Unknown Source) ~[na:na]
at java.base/sun.security.ssl.TransportContext.fatal(Unknown Source) ~[na:na]
at java.base/sun.security.ssl.ServerHello$ServerHelloConsumer.onServerHello(Unknown Source) ~[na:na]
at java.base/sun.security.ssl.ServerHello$ServerHelloConsumer.consume(Unknown Source) ~[na:na]
In my docker file I tired to updated the https.protocols to TLSv1.2 like below, but is not working as expected:
FROM adoptopenjdk/openjdk11:alpine-jre
ARG JAR_FILE=target/portal-0.0.1-SNAPSHOT.jar
WORKDIR /appPortal
COPY ${JAR_FILE} portal.jar
ENTRYPOINT ["java","-Dcom.ibm.jsse2.overrideDefaultTLS = true","-Djdk.tls.client.protocols =
TLSv1.2","-Dhttps.protocols = TLSv1.2","-jar","portal.jar"]
maybe I'm trying to set tls versions incorrectly, any advice on this?
I think the problem is that the server is using TLS 1.0 but your jvm is not supporting by default.
Note: You might encounter such issue if you're using openjdk 11.0.11 (since mid-Apr 2021) which has make TLS 1.0 disabled by default.
If you're having no way to setup the db server to support newer TLS version, you
may workaround the issue by overriding the default:
find properties file /security/java.security
find the line with "jdk.tls.disabledAlgorithms" property
take out TLSv1
you changed the TLS/SSL protocol in Entrypoint as option but protocol should support at OS(containers level).
If there is no attachment with the image, you can try official openjdk to give a test.
https://hub.docker.com/_/openjdk
Just thought of adding a straight forward answer here for future reference. I used the base image as "adoptopenjdk/openjdk11:alpine-jre" for the docker file and it seems the TLS version defaults to TLS10. So as suggested by #Vinod and some other thread different types of openjdk 11 I used openjdk:11.0.6-jre-slim which helped me to omit extra entrypoint options to set TLS versions.
Related
I have a quarkus app connecting to a MySQL database.
I use the generated Dockerfile.jvm to build my docker image. And I have no issue to run this image on my local desktop.
However when I want to run the same image on my vm, I have the following stacktrace:
Caused by: com.mysql.cj.jdbc.exceptions.CommunicationsException: Communications link failure
The last packet sent successfully to the server was 0 milliseconds ago. The driver has not received any packets from the server.
at com.mysql.cj.jdbc.exceptions.SQLError.createCommunicationsException(SQLError.java:174)
at com.mysql.cj.jdbc.exceptions.SQLExceptionsMapping.translateException(SQLExceptionsMapping.java:64)
at com.mysql.cj.jdbc.ConnectionImpl.createNewIO(ConnectionImpl.java:836)
at com.mysql.cj.jdbc.ConnectionImpl.<init>(ConnectionImpl.java:456)
at com.mysql.cj.jdbc.ConnectionImpl.getInstance(ConnectionImpl.java:246)
at com.mysql.cj.jdbc.NonRegisteringDriver.connect(NonRegisteringDriver.java:197)
at io.agroal.pool.ConnectionFactory.createConnection(ConnectionFactory.java:200)
at io.agroal.pool.ConnectionPool$CreateConnectionTask.call(ConnectionPool.java:419)
at io.agroal.pool.ConnectionPool$CreateConnectionTask.call(ConnectionPool.java:401)
at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
at io.agroal.pool.util.PriorityScheduledExecutor.beforeExecute(PriorityScheduledExecutor.java:65)
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1126)
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
at java.base/java.lang.Thread.run(Thread.java:834)
Caused by: com.mysql.cj.exceptions.CJCommunicationsException: Communications link failure
The last packet sent successfully to the server was 0 milliseconds ago. The driver has not received any packets from the server.
at java.base/jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at java.base/jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
at java.base/jdk.internal.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
at java.base/java.lang.reflect.Constructor.newInstance(Constructor.java:490)
at com.mysql.cj.exceptions.ExceptionFactory.createException(ExceptionFactory.java:61)
at com.mysql.cj.exceptions.ExceptionFactory.createException(ExceptionFactory.java:105)
at com.mysql.cj.exceptions.ExceptionFactory.createException(ExceptionFactory.java:151)
at com.mysql.cj.exceptions.ExceptionFactory.createCommunicationsException(ExceptionFactory.java:167)
at com.mysql.cj.protocol.a.NativeProtocol.negotiateSSLConnection(NativeProtocol.java:334)
at com.mysql.cj.protocol.a.NativeAuthenticationProvider.connect(NativeAuthenticationProvider.java:164)
at com.mysql.cj.protocol.a.NativeProtocol.connect(NativeProtocol.java:1342)
at com.mysql.cj.NativeSession.connect(NativeSession.java:157)
at com.mysql.cj.jdbc.ConnectionImpl.connectOneTryOnly(ConnectionImpl.java:956)
at com.mysql.cj.jdbc.ConnectionImpl.createNewIO(ConnectionImpl.java:826)
... 11 more
Caused by: javax.net.ssl.SSLHandshakeException: No appropriate protocol (protocol is disabled or cipher suites are inappropriate)
at java.base/sun.security.ssl.HandshakeContext.<init>(HandshakeContext.java:171)
at java.base/sun.security.ssl.ClientHandshakeContext.<init>(ClientHandshakeContext.java:98)
at java.base/sun.security.ssl.TransportContext.kickstart(TransportContext.java:222)
at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:433)
at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:411)
at com.mysql.cj.protocol.ExportControlled.performTlsHandshake(ExportControlled.java:336)
at com.mysql.cj.protocol.StandardSocketFactory.performTlsHandshake(StandardSocketFactory.java:188)
at com.mysql.cj.protocol.a.NativeSocketConnection.performTlsHandshake(NativeSocketConnection.java:99)
at com.mysql.cj.protocol.a.NativeProtocol.negotiateSSLConnection(NativeProtocol.java:325)
... 16 more
I have no idea about how to solve this issue. Any help would be very appreciated.
I solved my problem with replacing the original Dockerfile.jvm content by the following one:
FROM openjdk:11-jdk-slim
COPY target/lib/* lib/
COPY target/*.jar app.jar
ENTRYPOINT ["java","-jar","/app.jar"]
This maybe create heavier image, but at least this is always working.
Just stumbled into this;
My quarkus container in running in ubi8 (rhel8) and connecting to mysql 5.7
https://access.redhat.com/documentation/en-us/red_hat_support_for_spring_boot/2.1/html/release_notes_for_spring_boot_2.1/known-issues-spring-boot
Just modify mysql jdbc url to "useSSL=true&enabledTLSProtocols=TLSv1.2"
I install "Usergrid 2.1" follow by link
https://usergrid.apache.org/docs/installation/ug2-deploy-to-tomcat.html
But when I start tomcat, it throw exception as
(JobSchedulerService.java:118)
at com.google.common.util.concurrent.AbstractScheduledService$1$1.run(Ab
stractScheduledService.java:174)
at com.google.common.util.concurrent.Callables$3.run(Callables.java:95)
at java.util.concurrent.Executors$RunnableAdapter.call(Unknown Source)
at java.util.concurrent.FutureTask.runAndReset(Unknown Source)
at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.
access$301(Unknown Source)
at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.
run(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
Caused by: InvalidRequestException(why:Keyspace 'Usergrid_Applications' does not
exist)
at org.apache.cassandra.thrift.Cassandra$set_keyspace_result.read(Cassan
dra.java:5540)
at org.apache.thrift.TServiceClient.receiveBase(TServiceClient.java:78)
at org.apache.cassandra.thrift.Cassandra$Client.recv_set_keyspace(Cassan
dra.java:540)
at org.apache.cassandra.thrift.Cassandra$Client.set_keyspace(Cassandra.j
ava:527)
at me.prettyprint.cassandra.connection.client.HThriftClient.getCassandra
(HThriftClient.java:110)
How to resolve my issue?
After struggling with this problem for very long, i realized that in my case elasticsearch 1.7.6 as well as 2.x does not start without an additional config in /etc/default/elasticsearch.
Just adding this line START_DAEMON=true in the file and restarting elasticsearch worked for me on Ubuntu 16.04.
Now able to connect to setup usergrid successfully. Had searched for the answer everywhere but could not find any reference till now. Hence thought of posting.
The stack I am using is
1. apache-usergrid-2.1.0
2. cassandra 3.7
3. tomcat8
4. elasticsearch 2.4.4
I had almost given up on using usergrid due to this issue, Hope this is one of the solution that might help anyone looking for this issue.
I wrote a program using Processing(which uses jogl and gluegen), and am using PApplet to run it in a java application in NetBeans.
I am unable to run my program (by running the jar) outside the IDE - neither on my local windows 64-bit machine using command line, nor on a external linux server (which is where I would like to run the program) using X11 forwarding
I previously was able to run the program via command line on my windows machine, but ran into trouble after testing on the linux server. I think there may have been some issues with paths or something after I downloaded the linux versions of the same jars
This is the error I receive from the linux machine:
Exception in thread "Animation Thread" java.lang.UnsatisfiedLinkError: jogamp.common.jvm.JVMUtil.initialize(Ljava/nio/ByteBuffer;)Z
at jogamp.common.jvm.JVMUtil.initialize(Native Method)
at jogamp.common.jvm.JVMUtil.<clinit>(JVMUtil.java:58)
at com.jogamp.common.os.Platform$1.run(Platform.java:212)
at java.security.AccessController.doPrivileged(Native Method)
at com.jogamp.common.os.Platform.<clinit>(Platform.java:179)
at javax.media.opengl.GLProfile.<clinit>(GLProfile.java:82)
at processing.opengl.PJOGL.initSurface(PJOGL.java:250)
at processing.opengl.PGraphicsOpenGL.initPrimary(PGraphicsOpenGL.java:6310)
at processing.opengl.PGraphicsOpenGL.requestDraw(PGraphicsOpenGL.java:1653)
at processing.core.PApplet.run(PApplet.java:2256)
at java.lang.Thread.run(Thread.java:724)
this is the error I get from trying to run the jar on my machine using command line:
java.lang.NoSuchMethodError: com.jogamp.common.nio.Buffers.slice2Float(Ljava/nio
/Buffer;[FII)Ljava/nio/FloatBuffer;
at jogamp.opengl.ProjectFloat.<init>(ProjectFloat.java:181)
at jogamp.opengl.ProjectFloat.<init>(ProjectFloat.java:167)
at jogamp.opengl.ProjectFloat.<init>(ProjectFloat.java:163)
at javax.media.opengl.glu.GLU.<init>(GLU.java:164)
at processing.opengl.PJOGL.<init>(PJOGL.java:218)
at processing.opengl.PGraphicsOpenGL.createPGL(PGraphicsOpenGL.java:1744
)
at processing.opengl.PGraphicsOpenGL.<init>(PGraphicsOpenGL.java:518)
at processing.opengl.PGraphics3D.<init>(PGraphics3D.java:37)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(Unknown Source)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(Unknown Sou
rce)
at java.lang.reflect.Constructor.newInstance(Unknown Source)
at processing.core.PApplet.makeGraphics(PApplet.java:1919)
at processing.core.PApplet.size(PApplet.java:1771)
at processing.core.PApplet.size(PApplet.java:1742)
at noblis.farag.MySketch.setup(MySketch.java:132)
at processing.core.PApplet.handleDraw(PApplet.java:2361)
at processing.core.PGraphicsJava2D.requestDraw(PGraphicsJava2D.java:240)
at processing.core.PApplet.run(PApplet.java:2256)
at java.lang.Thread.run(Unknown Source)
Exception in thread "Animation Thread" java.lang.RuntimeException: com.jogamp.co
mmon.nio.Buffers.slice2Float(Ljava/nio/Buffer;[FII)Ljava/nio/FloatBuffer;
at processing.core.PApplet.makeGraphics(PApplet.java:1944)
at processing.core.PApplet.size(PApplet.java:1771)
at processing.core.PApplet.size(PApplet.java:1742)
at noblis.farag.MySketch.setup(MySketch.java:132)
at processing.core.PApplet.handleDraw(PApplet.java:2361)
at processing.core.PGraphicsJava2D.requestDraw(PGraphicsJava2D.java:240)
at processing.core.PApplet.run(PApplet.java:2256)
at java.lang.Thread.run(Unknown Source)
Any idea about why I can run it in the IDE but not outside? or any way to package it so that it can run outside the IDE?
thanks
I am just trying to connect to a remote host using the ant sshexec task . I have the required jar in the ant lib directory and able to connect to the remote host using putty.
This is the way i am running the ssh
<sshexec host="host"
username="username"
password="password"
trust="yes"
command="ls"/>
There seems to be encryption algorith mismatch with the server. How can i specify the algorith as I don't see any attribute for this task [Ant doc][1]. This is the error log i am getting:
com.jcraft.jsch.JSchException: Algorithm negotiation fail
at com.jcraft.jsch.Session.receive_kexinit(Session.java:540)
at com.jcraft.jsch.Session.connect(Session.java:288)
at com.jcraft.jsch.Session.connect(Session.java:145)
at org.apache.tools.ant.taskdefs.optional.ssh.SSHBase.openSession(SSHBase.java:212)
at org.apache.tools.ant.taskdefs.optional.ssh.SSHExec.execute(SSHExec.java:158)
at org.apache.tools.ant.UnknownElement.execute(UnknownElement.java:288)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:606)
at org.apache.tools.ant.dispatch.DispatchUtils.execute(DispatchUtils.java:106)
at org.apache.tools.ant.Task.perform(Task.java:348)
at org.apache.tools.ant.Target.execute(Target.java:357)
at org.apache.tools.ant.Target.performTasks(Target.java:385)
at org.apache.tools.ant.Project.executeSortedTargets(Project.java:1337)
at org.apache.tools.ant.Project.executeTarget(Project.java:1306)
at org.apache.tools.ant.helper.DefaultExecutor.executeTargets(DefaultExecutor.java:41)
at org.apache.tools.ant.Project.executeTargets(Project.java:1189)
at org.apache.tools.ant.Main.runBuild(Main.java:758)
at org.apache.tools.ant.Main.startAnt(Main.java:217)
at org.apache.tools.ant.launch.Launcher.run(Launcher.java:257)
at org.apache.tools.ant.launch.Launcher.main(Launcher.java:104)
TL;DR edit your sshd_config and enable support for diffie-hellman-group-exchange-sha1 and diffie-hellman-group1-sha1 in KexAlgorithms:
KexAlgorithms curve25519-sha256#libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
KexAlgorithms curve25519-sha256#libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
I suspect that the problem appeared after the following change in OpenSSH 6.7: "The default set of ciphers and MACs has been altered to remove unsafe algorithms.". (see changelog). This version was released on Oct, 6, and made it on Oct, 21 to Debian testing (see Debian changelog).
OpenSSH enables only the following key exchange algorithms by default:
curve25519-sha256#libssh.org
ecdh-sha2-nistp256
ecdh-sha2-nistp384
ecdh-sha2-nistp521
diffie-hellman-group-exchange-sha256
diffie-hellman-group14-sha1
Whereas JSch claims to support these algorithms (see under "features") for key exchange:
diffie-hellman-group-exchange-sha1
diffie-hellman-group1-sha1
So indeed, they cannot agree on a common key exchange algorithm. Updating sshd_config (and restarting the SSH server) does the trick. Apparently JSch is supposed to support the "diffie-hellman-group-exchange-sha256" method since version 0.1.50 (see changelog).
I had the same error trying to connect to OS X 10.11.6 and could fix it by replacing ~/.ant/lib/jsch-0.1.51.jar with the latest ~/.ant/lib/jsch-0.1.54.jar.
I am trying to run JBoss Profiler(jboss-profiler-2.0.0.Beta5) on my JBoss AS5.0 for a web application made on RF3.3
I followed all the steps mentioned in the JBoss profiler user guide:-
Copy jboss-profiler.jar to jbossas/bin
• Copy jboss-profiler.properties to jbossas/bin
• Edit jboss-profiler.properties in jbossas/bin to include the classes to be profiled
• Copy jboss-profiler-plugins.jar to jbossas/bin
• Edit run.conf (Unix) or run.bat (Windows) in jbossas/bin to include JBoss Profiler in JAVA_OPTS
• Copy jboss-profiler.sar to jbossas/server/<conf>/deploy
• Boot application server
Include the following in JAVA_OPTS
-javaagent:jboss-profiler.jar -Djboss-profiler.properties=jboss-profiler.properties
Post this I started my JBoss AS.The MBean is getting registered and I am able to see the MBean also..During startup I observe that Profiler is taking entry as IP(say 10.10.10.10) and port 5400 whereas I had specified 8080 in the jboss-profiler.props file.
Now when I navigate to 10.10.10.10:8080/jboss-profiler I get 404 page not found.
When I navigate to 10.10.10.10:5400/jboss-profiler I get exception as:-
java.lang.reflect.InvocationTargetException
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
at java.lang.reflect.Constructor.newInstance(Constructor.java:513)
at org.jboss.remoting.transport.socket.ServerThread.createServerSocketWrapper(ServerThread.java:907)
at org.jboss.remoting.transport.socket.ServerThread.dorun(ServerThread.java:489)
at org.jboss.remoting.transport.socket.ServerThread.run(ServerThread.java:230)
Caused by: java.io.StreamCorruptedException: invalid stream header: 47455420
at java.io.ObjectInputStream.readStreamHeader(ObjectInputStream.java:782)
at java.io.ObjectInputStream.<init>(ObjectInputStream.java:279)
at org.jboss.remoting.loading.ObjectInputStreamWithClassLoader.<init>(ObjectInputStreamWithClassLoader.java:97)
at org.jboss.remoting.serialization.impl.java.JavaSerializationManager.createInput(JavaSerializationManager.java:54)
at org.jboss.remoting.marshal.serializable.SerializableUnMarshaller.getMarshallingStream(SerializableUnMarshaller.java:7
at org.jboss.remoting.marshal.serializable.SerializableUnMarshaller.getMarshallingStream(SerializableUnMarshaller.java:5
at org.jboss.remoting.transport.socket.ClientSocketWrapper.createInputStream(ClientSocketWrapper.java:179)
at org.jboss.remoting.transport.socket.ClientSocketWrapper.createStreams(ClientSocketWrapper.java:162)
at org.jboss.remoting.transport.socket.ClientSocketWrapper.<init>(ClientSocketWrapper.java:66)
at org.jboss.remoting.transport.socket.ServerSocketWrapper.<init>(ServerSocketWrapper.java:46)
... 7 more
When I tried running the command java -jar jboss-profiler-client.jar from commandprompt it says
org.jboss.remoting.CannotConnectException: Can not get connection to server. Problem establishing socket connection for InvokerLocator [socket://localhost:5400/]
at org.jboss.remoting.transport.socket.MicroSocketClientInvoker.transport(MicroSocketClientInvoker.java:579)
at org.jboss.remoting.MicroRemoteClientInvoker.invoke(MicroRemoteClientInvoker.java:122)
at org.jboss.remoting.Client.invoke(Client.java:1634)
at org.jboss.remoting.Client.invoke(Client.java:548)
at org.jboss.remoting.Client.invoke(Client.java:536)
at org.jboss.profiler.client.cmd.Client.main(Client.java:281)
Caused by: java.net.ConnectException: Connection refused: connect
at java.net.PlainSocketImpl.socketConnect(Native Method)
at java.net.PlainSocketImpl.doConnect(Unknown Source)
at java.net.PlainSocketImpl.connectToAddress(Unknown Source)
at java.net.PlainSocketImpl.connect(Unknown Source)
at java.net.SocksSocketImpl.connect(Unknown Source)
at java.net.Socket.connect(Unknown Source)
at org.jboss.remoting.transport.socket.SocketClientInvoker.createSocket(SocketClientInvoker.java:192)
at org.jboss.remoting.transport.socket.MicroSocketClientInvoker.getConnection(MicroSocketClientInvoker.java:827)
at org.jboss.remoting.transport.socket.MicroSocketClientInvoker.transport(MicroSocketClientInvoker.java:569)
... 5 more
Can anyone PLEASE GUIDE ME HOW TO SETUP PROFILER....
The same doubt is also posted on JBoss forum.
https://community.jboss.org/message/743228#743228