jruby-openssl icon indicating copy to clipboard operation
jruby-openssl copied to clipboard
verified publisher icon jruby

TLS ports hang if SSL handshake not performed

Open jmschmaus opened this issue 8 years ago • 0 comments

logstash uses jruby-openssl.

We configured port 10069 for SSL input to logshipper.

The jruby-openssl implementation (SSLSocket.java) insists on completing the SSL handshake before cloning a new thread to handle the connection. If a non-TLS process connects to the TLS port, it is hung and unusable for future TLS sessions.

You can reproduce this by running nc localhost 10059 <-- or whatever logstash port is configured for TLS

If you leave nc running, openssl s_client -connect localhost:10059 will hang in CONNECTED, and not be able to establish a TLS session. Neither will any other external clients wishing to send events or logs to logstash.

Want to back this issue? Post a bounty on it! We accept bounties via Bountysource.

jmschmaus avatar Jul 10 '17 18:07 jmschmaus