grpc: TSI_INTERNAL_ERROR after upgrade to grpc 1.3.0
After upgrade to server python to grpcio 1.3.0 (and after regenerating proto files)
I have this:
E0505 20:13:50.851834103 32645 ssl_transport_security.c:429] SSL_read returned 0 unexpectedly.
E0505 20:13:50.851868188 32645 secure_endpoint.c:185] Decryption error: TSI_INTERNAL_ERROR
and often
E0505 20:13:33.406171300 32645 chttp2_server.c:83] Handshaking failed: {"created":"@1494015213.406134120","description":"Handshake read failed","file":"src/core/lib/security/transport/security_handshaker.c","file_line":239,"referenced_errors":[{"created":"@1494015213.406130326","description":"FD shutdown","file":"src/core/lib/iomgr/ev_poll_posix.c","file_line":456,"referenced_errors":[{"created":"@1494015213.406108664","description":"Handshake timed out","file":"src/core/lib/channel/handshaker.c","file_line":241}]}]}
The client code is Java (1.2.0 or 1.3.0). The certificate is generate by letsencrypt.
About this issue
- Original URL
- State: closed
- Created 7 years ago
- Comments: 29 (14 by maintainers)
Commits related to this issue
- Attempt to fix #11011. Treating the close-notify alert as a non-error case. — committed to jboeuf/grpc by jboeuf 7 years ago
- Merge pull request #11051 from jboeuf/fix_issue_11011 Attempt to fix #11011. — committed to grpc/grpc by matt-kwong 7 years ago
Yes. The scheduled release date is the 29th of August
Sorry, just back from vacation. The PR mentioned above fixes the issue. Let me rebase with master and submit.
@maxkondr Thanks for confirming that the patch works.
@alexodus OK, so it looks like when you have an UNAVAILABLE on the client side, the new symptom on the server is that now you have these
Decryption errorpopping up on the new 1.3 servers. I actually believe that this is the same issue that should be resolved by the patch: theDecryption erroris very misleading in this case: it is just the client closing the connection. Does that make sense?@alexodus Actually I would be surprised if it were a cipher suite problem as the alert is received after the handshake is done. Anyway, logs on the client would be helpful in any case. Thanks!