0

We are working on upgrading Gemfire client - Apache Geode 1.12.1 to Apache Geode 1.15.1.

Java version used is IBM JDK 1.8.0 341 on Linux system.

We are getting fatal alert: protocol version error while connecting to Gemfire locators with 1.15.1 jars.

javax.net.ssl.SSLHandshakeException: Received fatal alert: protocol_version
.
.
at com.ibm.jsse2.bj.startHandshake(bj.java:519) ~[?:8.0 build_20220616-536]
at org.apache.geode.internal.net.SocketCreator.configureClientSSLSocket(SocketCreator.java:535)~[geode-core-1.15.1.jar!/:?]

We tried setting the below properties as suggested on different portals, but it didn't work:

https.protocols=SSLv3,TLSv1,TLSv1.1,TLSv1.2
https.protocols=TLSv1.2
jdk.tls.client.protocols=TLSv1.2

On enabling ssl debug we observed that with apache geode 1.15.1, clientHello message has supported_versions value as TLSv1.3, whereas on using apache geode 1.12.1 ClientHello message has supported_versions as TLSv1.2.

"supported_versions (43)" : {
    "versions": [TLSv1.3]
},

We tried running application using 1.15.1 jars on different machine having Java Oracle Corporation version 1.8.0_321 and Java Oracle Corporation 11 and it was able to connect to Gemfire locators successfully.

Due to dependency we have to use IBM JDK and cannot use Oracle JDK as for now.

Can anyone please suggest if there any way to resolve this issue.

Sagar
  • 1
  • HAve you tried changing the SSL version in the ssl-protocols property in the gemfire SSL config (https://geode.apache.org/docs/guide/114/managing/security/implementing_ssl.html)? – jon hanson Jan 17 '23 at 14:39
  • @jon-hanson : we are gemfire client and connecting to gemfire locators, I think the above mentioned property is at server side, I checked with gemfire server team they had ssl-protocols value as TLSv1.2 in gemfire.properties file. – Sagar Jan 18 '23 at 10:31

0 Answers0