ActiveMQ SSL错误出站已关闭,忽略出站警报消息:关闭_通知

gr8qqesn  于 2023-03-13  发布在  其他
关注(0)|答案(2)|浏览(200)

尝试在AWS中使用SSL配置ActiveMQ。在日志中收到此错误。可能是什么配置错误?Docker图像:alfresco/alfresco-activemq:5.17.0-jre 11-centos7.连接器从tcp更改为nio+ssl. amq容器后面有一个使用TLS协议的网络负载平衡器.您知道是什么问题吗?

WARN | Could not accept connection from tcp://somehost: javax.net.ssl.SSLException: closing inbound before receiving peer's close_notify (closing inbound before receiving peer's close_notify)
javax.net.ssl|DEBUG|FC|ActiveMQ Transport: ssl://somehost|2022-05-23 14:59:57.283 UTC|Alert.java:232|Received alert message (
"Alert": {
  "level"      : "warning",
  "description": "close_notify"
}
)
javax.net.ssl|DEBUG|01 00|ActiveMQ Task-1|2022-05-23 14:59:57.285 UTC|SSLSocketImpl.java:473|duplex close of SSLSocket
javax.net.ssl|WARNING|01 00|ActiveMQ Task-1|2022-05-23 14:59:57.285 UTC|SSLSocketOutputRecord.java:58|outbound has closed, ignore outbound alert message: close_notify
javax.net.ssl|DEBUG|01 00|ActiveMQ Task-1|2022-05-23 14:59:57.285 UTC|SSLSocketImpl.java:1361|close the underlying socket
javax.net.ssl|DEBUG|01 00|ActiveMQ Task-1|2022-05-23 14:59:57.285 UTC|SSLSocketImpl.java:1380|close the SSL connection (passive)
javax.net.ssl|DEBUG|01 00|ActiveMQ Task-1|2022-05-23 14:59:57.285 UTC|SSLSocketImpl.java:636|close inbound of SSLSocket
javax.net.ssl|WARNING|01 00|ActiveMQ Task-1|2022-05-23 14:59:57.285 UTC|SSLSocketImpl.java:494|SSLSocket duplex close failed (
"throwable" : {
  java.net.SocketException: Socket is closed
        at java.base/java.net.Socket.shutdownInput(Socket.java:1521)
        at java.base/sun.security.ssl.BaseSSLSocketImpl.shutdownInput(BaseSSLSocketImpl.java:216)
        at java.base/sun.security.ssl.SSLSocketImpl.shutdownInput(SSLSocketImpl.java:651)
        at java.base/sun.security.ssl.SSLSocketImpl.bruteForceCloseInput(SSLSocketImpl.java:606)
        at java.base/sun.security.ssl.SSLSocketImpl.duplexCloseOutput(SSLSocketImpl.java:566)
        at java.base/sun.security.ssl.SSLSocketImpl.close(SSLSocketImpl.java:479)
        at org.apache.activemq.transport.tcp.TcpTransport$1.run(TcpTransport.java:567)
        at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
        at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
        at java.base/java.lang.Thread.run(Thread.java:834)}
javax.net.ssl|DEBUG|FD|DefaultMessageListenerContainer-32|2022-05-23 14:59:52.290 UTC|SSLExtensions.java:148|Ignore unavailable extension: supported_versions
javax.net.ssl|DEBUG|FD|DefaultMessageListenerContainer-32|2022-05-23 14:59:52.290 UTC|ServerHello.java:962|Negotiated protocol version: TLSv1.2
javax.net.ssl|DEBUG|FD|DefaultMessageListenerContainer-32|2022-05-23 14:59:52.290 UTC|SSLExtensions.java:167|Consumed extension: renegotiation_info
javax.net.ssl|DEBUG|FD|DefaultMessageListenerContainer-32|2022-05-23 14:59:52.290 UTC|SSLExtensions.java:167|Consumed extension: server_name
javax.net.ssl|DEBUG|FD|DefaultMessageListenerContainer-32|2022-05-23 14:59:52.290 UTC|SSLExtensions.java:148|Ignore unavailable extension: max_fragment_length
javax.net.ssl|DEBUG|FD|DefaultMessageListenerContainer-32|2022-05-23 14:59:52.290 UTC|SSLExtensions.java:148|Ignore unavailable extension: status_request
javax.net.ssl|DEBUG|FD|DefaultMessageListenerContainer-32|2022-05-23 14:59:52.290 UTC|SSLExtensions.java:167|Consumed extension: ec_point_formats
javax.net.ssl|DEBUG|FD|DefaultMessageListenerContainer-32|2022-05-23 14:59:52.290 UTC|SSLExtensions.java:148|Ignore unavailable extension: status_request_v2
javax.net.ssl|DEBUG|FD|DefaultMessageListenerContainer-32|2022-05-23 14:59:52.290 UTC|SSLExtensions.java:138|Ignore unsupported extension: supported_versions
javax.net.ssl|DEBUG|FD|DefaultMessageListenerContainer-32|2022-05-23 14:59:52.290 UTC|SSLExtensions.java:138|Ignore unsupported extension: key_share
javax.net.ssl|DEBUG|FD|DefaultMessageListenerContainer-32|2022-05-23 14:59:52.290 UTC|SSLExtensions.java:167|Consumed extension: renegotiation_info
javax.net.ssl|DEBUG|FD|DefaultMessageListenerContainer-32|2022-05-23 14:59:52.290 UTC|SSLExtensions.java:138|Ignore unsupported extension: pre_shared_key
javax.net.ssl|WARNING|FD|DefaultMessageListenerContainer-32|2022-05-23 14:59:52.290 UTC|SSLExtensions.java:190|Ignore impact of unsupported extension: server_name
javax.net.ssl|DEBUG|FD|DefaultMessageListenerContainer-32|2022-05-23 14:59:52.290 UTC|SSLExtensions.java:182|Ignore unavailable extension: max_fragment_length
javax.net.ssl|DEBUG|FD|DefaultMessageListenerContainer-32|2022-05-23 14:59:52.290 UTC|SSLExtensions.java:182|Ignore unavailable extension: status_request
javax.net.ssl|WARNING|FD|DefaultMessageListenerContainer-32|2022-05-23 14:59:52.290 UTC|SSLExtensions.java:190|Ignore impact of unsupported extension: ec_point_formats
javax.net.ssl|DEBUG|FD|DefaultMessageListenerContainer-32|2022-05-23 14:59:52.290 UTC|SSLExtensions.java:182|Ignore unavailable extension: application_layer_protocol_negotiation
javax.net.ssl|DEBUG|FD|DefaultMessageListenerContainer-32|2022-05-23 14:59:52.290 UTC|SSLExtensions.java:182|Ignore unavailable extension: status_request_v2
javax.net.ssl|DEBUG|FD|DefaultMessageListenerContainer-32|2022-05-23 14:59:52.290 UTC|SSLExtensions.java:182|Ignore unavailable extension: extended_master_secret
javax.net.ssl|DEBUG|FD|DefaultMessageListenerContainer-32|2022-05-23 14:59:52.290 UTC|SSLExtensions.java:182|Ignore unavailable extension: supported_versions
javax.net.ssl|DEBUG|FD|DefaultMessageListenerContainer-32|2022-05-23 14:59:52.290 UTC|SSLExtensions.java:182|Ignore unavailable extension: key_share
javax.net.ssl|WARNING|FD|DefaultMessageListenerContainer-32|2022-05-23 14:59:52.290 UTC|SSLExtensions.java:190|Ignore impact of unsupported extension: renegotiation_info
javax.net.ssl|DEBUG|FD|DefaultMessageListenerContainer-32|2022-05-23 14:59:52.290 UTC|SSLExtensions.java:182|Ignore unavailable extension: pre_shared_key
javax.net.ssl|DEBUG|FD|DefaultMessageListenerContainer-32|2022-05-23 14:59:52.292 UTC|CertificateMessage.java:358|Consuming server Certificate handshake message (
py49o6xq

py49o6xq1#

一段时间后,我找到了一个工作配置。

error outbound has closed, ignore outbound alert message: close_notify

此错误来自目标运行状况检查。
NLB必须在端口61616上具有协议TLS的侦听器。目标组协议为TLS,端口为61616。目标组必须在端口61616上具有示例IP的注册目标。重要的是,路由端口不能用作运行状况检查端口。它在61616上不起作用。运行状况检查协议必须为TCP,端口必须为8161。
NLB的目标必须按IP地址而不是示例ID注册。

rggaifut

rggaifut2#

我们可以通过在AWS中启用跨区域负载平衡来解决此问题。在AWS ActiveMQ上下文中,为网络负载平衡器启用跨区域负载平衡可能有助于解决与SSL连接相关的问题或其他与网络相关的问题,因为它可以确保流量在所有可用示例之间均匀分布,而不考虑示例的位置。但是,请务必注意,可能还有其他因素导致此问题,并且启用跨区域负载平衡并不总是解决方案。在对基础架构进行任何更改之前,最好始终对问题执行彻底的调查和分析。

相关问题