SSL issues when starting Red Hat Data Grid 8 on RHEL 7

Solution Verified - Updated 25 Nov 2024

Environment

Red Hat Data Grid:
- 8.x
Red Hat Enterprise Linux:
- 7.x

Issue

When start my Red Hat Data Grid instance I got the following SSL message:

16:47:23,104 WARN  (SINGLE_PORT-ServerIO-3-1) [io.netty.channel.DefaultChannelPipeline] An exceptionCaught() event was fired, and it reached at the tail of the pipeline. It usually means the last handler in the pipeline did not handle the exception. io.netty.handler.codec.DecoderException: java.lang.IllegalStateException: ssl is null

Also the Data Grid instance shows this message related to the Hot Rod connector:

WARN  [org.infinispan.HOTROD] ISPN004098: Closing connection due to transport error
org.infinispan.client.hotrod.exceptions.TransportException:: ISPN004077:
Closing channel due to error in unknown operation.

EAP 8 server trying to externalize to DG 8.x server deployed in RHEL 7 return no cypher suites in common:

javax.next.ssl.SSLHandshakeException: no cipher suites in common
...

Resolution

If you install Data Grid Server on RHEL 7 you should use the native Java SSL library by disabling OpenSSL with the following JVM option:

-Dorg.infinispan.openssl=false

Root Cause

RHEL 7 provides a version of the OpenSSL library that does not yet offer support for TLSv1.3. However, Data Grid Server 8.2 enables TLSv1.3 and TLSv1.2 by default, which causes errors with client connections for encrypted Hot Rod and REST endpoints.

SBR

Components

infinispan

Category

Troubleshoot

Tags

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.