netty-tcnative | A fork of Apache Tomcat Native | Websocket library

You have annotated your application with @EnableWebFlux. This indicates that you want to take complete control of WebFlux's configuration. This causes Spring Boot's auto-configuration of WebFlux to back off. Among other things, this means that it won't configure WebFlux to use the context's ObjectMapper.

You should either remove @EnableWebFlux to allow Spring Boot to auto-configure WebFlux or you should configure its codecs manually so that they use your ObjectMapper.

After a lot of debugging I finally have an answer to this question.

• Is there a flag or boolean I can set to enable debug logging on OpenSSL side or a way for me to verify my suspicions that OpenSSL is attempting to resume the TLS session?

If you are using BoringSSL and not the Netty-tcnative OpenSSL dynamic library, TLS renegotiation is not supported. In fact, BoringSSL does not support TLS renegotiation at all. It is mentioned in their documentation here

• Is there a flag for me to set on Netty tcnative side to log the TLS handshake similar to -Djavax.net.debug=all?

For the reader reading this, if you happen to run into this issue I would highly suggest making sure you are logging all TLS handshake errors in your server handler. Reference the following code segment as this will alert you to the handshake errors as they occur.

Neety-tcnative has been updated through this PR - https://github.com/netty/netty-tcnative/pull/661 to support this feature.

I finally managed to find the root cause.

The underlying error was java websocket 1006 Unexpected Status of SSLEngineResult after an unwrap() operation

After some investigation, I got the returned code 1006 meaning the connection was closed abnormally by the client as documented in the rfc https://datatracker.ietf.org/doc/html/rfc6455#section-7.4.1

1006 is a reserved value and MUST NOT be set as a status code in a Close control frame by an endpoint. It is designated for use in applications expecting a status code to indicate that the connection was closed abnormally, e.g., without sending or receiving a Close control frame.

At that time, I switched from WIFI connection to LAN connection and the issue vanished immediately. My WIFI router was not able to handle the huge payload correctly.

I openned two JIRA to understand this problem. See the links below:

1. https://datastax-oss.atlassian.net/browse/SPARKC-652
2. https://datastax-oss.atlassian.net/browse/JAVA-2945

Your application.yml file is incorrect. The ssl properties are effectively at server.server.ssl instead of server.ssl. Therefore the SSL settings have no effect and your server is an HTTP server instead of an HTTPS server. That's why curl works with http.

To fix, remove line 6 (server:) and back indent line "ssl:" and following. This will give you (for example) server.ssl.enabled=true instead of server.server.ssl.enabled=true

It worked! Changed port to 7071 from 7070 in JVM_OPTS="$JVM_OPTS -javaagent:/opt/jmx_prometheus/jmx_prometheus_javaagent-0.3.0.jar=7071:/opt/jmx_prometheus/cassandra.yml"

I did a some googling and little research. I foud following:

1. The missing class com.azure.data.cosmos.internal.directconnectivity.rntbd.RntbdConstants$RntbdContextRequestHeader is a part of azure-cosmosdb-direct, pls see pom.xml, class is located here.
2. azure-cosmosdb-direct is missing from your dependency list. I assume it's incomplete or hidden for some reason(?)
3. Looking at exception stacktrace it's clear that at com.azure.data.cosmos.internal.directconnectivity.rntbd.RntbdContextRequest$Headers.(RntbdContextRequest.java:126) is a place where exceptiom occurs. So that means RntbdContextRequest class actually existsts (it's also is a part of azure-cosmosdb-direct). Therefore you have needed dependency, but it probably has wrong version.

I propose you to look a bit deeper into how azure-cosmosdb-direct dependency is injected in your project and fix its version. Just try to declare it directly in your pom.xml with the latest version.

Hope I helped you.

The openssl build copies import libraries to the target directory