Re: [grpc-io] ALPN Issue with grpc-java

1,152 views
Skip to first unread message

Eric Anderson

unread,
Apr 24, 2018, 12:32:55 PM4/24/18
to kaus...@box.com, grpc.io
On Mon, Apr 23, 2018 at 4:38 PM, kaustubh via grpc.io <grp...@googlegroups.com> wrote:
val jdkSslClientContext = new JdkSslContext(sslContext, true, ClientAuth.REQUIRE)

val sslChannel = NettyChannelBuilder
.forAddress(host, sslPort)
.negotiationType(NegotiationType.TLS)
.sslContext(jdkSslClientContext)
.build()

However, when running this code (on a mac), I get the following exception:
java.lang.IllegalArgumentException: ALPN must be enabled and list HTTP/2 as a supported protocol.
at com.google.common.base.Preconditions.checkArgument(Preconditions.java:122)
at io.grpc.netty.shaded.io.grpc.netty.GrpcSslContexts.ensureAlpnAndH2Enabled(GrpcSslContexts.java:184)
at io.grpc.netty.shaded.io.grpc.netty.NettyChannelBuilder.sslContext(NettyChannelBuilder.java:187)

If you look at the documentation for sslContext, it mentions the value "must have been configured with GrpcSslContexts". GrpcSslContexts requires using SslContextBuilder, and it seems it doesn't support the SSLContext being provided. What is configured in the SSLContext already? gRPC needs to configure the ciphers, cipherFilter, and apn (the apn not being configured is what that error is complaining about).

I've done some digging online and come across this page: https://github.com/grpc/grpc-java/blob/master/SECURITY.md. I've done the recommended approach of using netty-tcnative-boringssl by adding it into my build.sbt as follows (for multiple versions as well): 
"io.netty" % "netty-tcnative-boringssl-static" % "2.0.8.Final"

Since you're using grpc-netty-shaded, that isn't necessary and doesn't really do anything. netty-tcnative has to be shaded along with the rest of Netty.
Reply all
Reply to author
Forward
0 new messages