I use Netty 4.1.92.Final with netty-tcnative-boringssl-static version 2.0.60.Final. I get the below error sometimes (Also, sometimes it's very frequent and CPU uses shoots up very high).
I am not able to figure out the root cause and any possible fix.
io.netty.handler.ssl.ReferenceCountedOpenSslEngine$OpenSslHandshakeException: error:10000070:SSL routines:OPENSSL_internal:BAD_PACKET_LENGTH
Code:
SslProvider provider = SslProvider.isAlpnSupported(SslProvider.OPENSSL) ? SslProvider.OPENSSL : SslProvider.JDK;
logger.info("SSL provider: {}", provider);
sslCtx = SslContextBuilder.forServer(keyManagerFactory)
.sslProvider(provider)
.ciphers(cypherList)
.applicationProtocolConfig(new ApplicationProtocolConfig(
Protocol.ALPN,
SelectorFailureBehavior.NO_ADVERTISE,
SelectedListenerFailureBehavior.ACCEPT,
ApplicationProtocolNames.HTTP_1_1
))
.sessionCacheSize(SSL_SESSION_CACHE_SIZE) // 1800 -> 30 mins
.sessionTimeout(SSL_SESSION_CACHE_TIMEOUT_SECOND) // 1024 * 100 -> 1000_00 sessions
.build();
I am assuming it doesn't depend on the installed version of openssl on the linux server.
Any possible fix or way to debug the real reason?