Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

javax.net.ssl.SSLException: Received fatal alert: protocol_version #108

Open
todaygood opened this issue Nov 4, 2023 · 2 comments
Open

javax.net.ssl.SSLException: Received fatal alert: protocol_version #108

todaygood opened this issue Nov 4, 2023 · 2 comments

Comments

@todaygood
Copy link

2023-11-04 13:50:40,651 [localhost-startStop-1] INFO sizeof.AgentLoader - Located valid 'tools.jar' at '/usr/lib/jvm/java-7-openjdk-amd64/jre/../lib/tools.jar'
2023-11-04 13:50:40,672 [localhost-startStop-1] INFO sizeof.JvmInformation - Detected JVM data model settings of: 64-Bit OpenJDK JVM with Compressed OOPs
2023-11-04 13:50:40,985 [localhost-startStop-1] INFO sizeof.AgentLoader - Extracted agent jar to temporary file /var/lib/tomcat7/temp/ehcache-sizeof-agent578860902806353479.jar
2023-11-04 13:50:40,986 [localhost-startStop-1] INFO sizeof.AgentLoader - Trying to load agent @ /var/lib/tomcat7/temp/ehcache-sizeof-agent578860902806353479.jar
2023-11-04 13:50:40,996 [localhost-startStop-1] INFO impl.DefaultSizeOfEngine - using Agent sizeof engine
2023-11-04 13:50:41,109 [localhost-startStop-1] INFO impl.DefaultSizeOfEngine - using Agent sizeof engine
2023-11-04 13:50:41,284 [localhost-startStop-1] INFO context.GrailsConfigUtils - [GrailsContextLoader] Grails application loaded.
2023-11-04 13:50:41,579 [localhost-startStop-1] INFO conf.BootStrap - Starting registry-web ver. 0.1.3-SNAPSHOT-bededf47611365f0a6d2bb87942e3b86c1e92d9f
2023-11-04 13:50:41,768 [localhost-startStop-1] INFO web.ConfigService - [environmentProperties, localProperties]
2023-11-04 13:50:41,789 [localhost-startStop-1] INFO web.ConfigService - resolved config:
2023-11-04 13:50:41,797 [localhost-startStop-1] INFO web.ConfigService - registry.url: https://registry.margin.com/v2
2023-11-04 13:50:41,797 [localhost-startStop-1] INFO web.ConfigService - registry.auth.key: /config/auth.key
2023-11-04 13:50:41,798 [localhost-startStop-1] INFO web.ConfigService - registry.readonly: true
2023-11-04 13:50:41,798 [localhost-startStop-1] INFO web.ConfigService - registry.trust_any_ssl: true
2023-11-04 13:50:41,798 [localhost-startStop-1] INFO web.ConfigService - registry.basic_auth:
2023-11-04 13:50:41,798 [localhost-startStop-1] INFO web.ConfigService - registry.auth.enabled: false
2023-11-04 13:50:41,798 [localhost-startStop-1] INFO web.ConfigService - registry.context_path:
2023-11-04 13:50:41,798 [localhost-startStop-1] INFO web.ConfigService - registry.auth.issuer: test-issuer
2023-11-04 13:50:41,798 [localhost-startStop-1] INFO web.ConfigService - registry.name: registry.margin.com
2023-11-04 13:50:41,802 [localhost-startStop-1] INFO conf.BootStrap - auth enabled: false
2023-11-04 13:50:42,733 [localhost-startStop-1] INFO conf.BootStrap - Trusting any SSL certificate
Nov 04, 2023 1:50:42 PM org.apache.coyote.AbstractProtocol start
INFO: Starting ProtocolHandler ["http-bio-8080"]
Nov 04, 2023 1:50:42 PM org.apache.catalina.startup.Catalina start
INFO: Server startup in 65147 ms
2023-11-04 13:50:46,118 [http-bio-8080-exec-1] ERROR web.RepositoryController - Can't access registry: _catalog?n=100
org.springframework.web.client.ResourceAccessException: I/O error on GET request for "https://registry.margin.com/v2/_catalog?n=100":Received fatal alert: protocol_version; nested exception is javax.net.ssl.SSLException: Received fatal alert: protocol_version
at grails.plugins.rest.client.RestBuilder.invokeRestTemplate(RestBuilder.groovy:312)
at docker.registry.web.CustomRestBuilder.request(CustomRestBuilder.groovy:22)
at docker.registry.web.RestService.requestInternal(RestService.groovy:70)
at docker.registry.web.RestService.request(RestService.groovy:63)
at docker.registry.web.RestService.get(RestService.groovy:42)
at docker.registry.web.RepositoryController.index(RepositoryController.groovy:29)
at grails.plugin.cache.web.filter.PageFragmentCachingFilter.doFilter(PageFragmentCachingFilter.java:198)
at grails.plugin.cache.web.filter.AbstractFilter.doFilter(AbstractFilter.java:63)
at grails.plugin.springsecurity.web.filter.GrailsAnonymousAuthenticationFilter.doFilter(GrailsAnonymousAuthenticationFilter.java:53)
at grails.plugin.springsecurity.web.authentication.logout.MutableLogoutFilter.doFilter(MutableLogoutFilter.java:62)
at grails.plugin.springsecurity.web.SecurityRequestHolderFilter.doFilter(SecurityRequestHolderFilter.java:59)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
at java.lang.Thread.run(Thread.java:745)
Caused by: javax.net.ssl.SSLException: Received fatal alert: protocol_version
... 14 more
@todaygood
Copy link
Author

registry log

192.168.31.247 - - [04/Nov/2023:13:17:55 +0000] "HEAD /v2/hyper/docker-registry-web/blobs/sha256:0db5683824d8669ef8494f6e2c3aebf29facbda82a07f17e76bc60e752287144 HTTP/1.1" 200 0 "" "docker/24.0.7 go/go1.20.10 git-commit/311b9ff kernel/3.10.0-1160.71.1.el7.x86_64 os/linux arch/amd64 UpstreamClient(Docker-Client/24.0.7 \\(linux\\))"
192.168.31.247 - - [04/Nov/2023:13:17:55 +0000] "PUT /v2/hyper/docker-registry-web/manifests/0.1.2 HTTP/1.1" 201 0 "" "docker/24.0.7 go/go1.20.10 git-commit/311b9ff kernel/3.10.0-1160.71.1.el7.x86_64 os/linux arch/amd64 UpstreamClient(Docker-Client/24.0.7 \\(linux\\))"
time="2023-11-04T13:17:56.052482208Z" level=info msg="response completed" go.version=go1.20.8 http.request.contenttype="application/vnd.docker.distribution.manifest.v2+json" http.request.host=pastack-registry.paic.com.cn http.request.id=404ad97d-62c0-48a3-b678-818f4d7cbfe8 http.request.method=PUT http.request.remoteaddr="192.168.31.247:40466" http.request.uri="/v2/hyper/docker-registry-web/manifests/0.1.2" http.request.useragent="docker/24.0.7 go/go1.20.10 git-commit/311b9ff kernel/3.10.0-1160.71.1.el7.x86_64 os/linux arch/amd64 UpstreamClient(Docker-Client/24.0.7 \(linux\))" http.response.duration=64.422773ms http.response.status=201 http.response.written=0 
2023/11/04 13:19:29 http: TLS handshake error from 172.17.0.1:36400: tls: client offered only unsupported versions: [301]
2023/11/04 13:50:46 http: TLS handshake error from 172.17.0.1:35550: tls: client offered only unsupported versions: [301]
2023/11/04 14:25:38 http: TLS handshake error from 172.17.0.1:35056: tls: client offered only unsupported versions: [301]
2023/11/04 14:25:40 http: TLS handshake error from 172.17.0.1:35070: tls: client offered only unsupported versions: [301]
time="2023-11-04T14:36:20.191207627Z" level=warning msg="No HTTP secret provided - generated random secret. This may cause problems with uploads if multiple registries are behind a load-balancer. To provide a shared secret, fill in http.secret in the configuration file or set the REGISTRY_HTTP_SECRET environment variable." go.version=go1.20.8 instance.id=1042f017-d5fe-4dfb-9505-3ef0cd71cf39 service=registry version=2.8.3 
time="2023-11-04T14:36:20.191373431Z" level=info msg="Starting upload purge in 11m0s" go.version=go1.20.8 instance.id=1042f017-d5fe-4dfb-9505-3ef0cd71cf39 service=registry version=2.8.3 
time="2023-11-04T14:36:20.192504308Z" level=info msg="redis not configured" go.version=go1.20.8 instance.id=1042f017-d5fe-4dfb-9505-3ef0cd71cf39 service=registry version=2.8.3 
time="2023-11-04T14:36:20.193340802Z" level=info msg="using inmemory blob descriptor cache" go.version=go1.20.8 instance.id=1042f017-d5fe-4dfb-9505-3ef0cd71cf39 service=registry version=2.8.3 
time="2023-11-04T14:36:20.19458161Z" level=info msg="restricting TLS version to tls1.2 or higher" go.version=go1.20.8 instance.id=1042f017-d5fe-4dfb-9505-3ef0cd71cf39 service=registry version=2.8.3 
time="2023-11-04T14:36:20.195110592Z" level=info msg="restricting TLS cipher suites to: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_AES_128_GCM_SHA256,TLS_CHACHA20_POLY1305_SHA256,TLS_AES_256_GCM_SHA384" go.version=go1.20.8 instance.id=1042f017-d5fe-4dfb-9505-3ef0cd71cf39 service=registry version=2.8.3 
time="2023-11-04T14:36:20.199374359Z" level=info msg="listening on [::]:443, tls" go.version=go1.20.8 instance.id=1042f017-d5fe-4dfb-9505-3ef0cd71cf39 service=registry version=2.8.3

I found It is caused by registry:2.8.3, when downgrade to registry:2.5 , the issue disappeared.

@cpesch
Copy link

cpesch commented Mar 6, 2024

@mkuchin Hi Max, I experience the same issue like @todaygood but downgrading is not an option for me. Do you have an idea for a workaround?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@cpesch @todaygood