GRPC - .IllegalArgumentException: Jetty ALPN/NPN has not been properly configured

Question

I am trying to spin up the GRPC server with TLS enabled in docker container on pods but getting below error during server start up

I am trying referring https://github.com/grpc/grpc-java/blob/master/SECURITY.md#transport-security-tls

Java : jdk1.8.0_131 OpenSSL version: OpenSSL 1.0.1e-fips

Exception:

*Exception in thread "main" java.lang.IllegalArgumentException: Jetty ALPN/NPN has not been properly configured.
        at io.grpc.netty.GrpcSslContexts.selectApplicationProtocolConfig(GrpcSslContexts.java:174)
        at io.grpc.netty.GrpcSslContexts.configure(GrpcSslContexts.java:151)
        at io.grpc.netty.GrpcSslContexts.configure(GrpcSslContexts.java:139)
        at io.grpc.netty.GrpcSslContexts.forServer(GrpcSslContexts.java:119)
        at io.grpc.netty.NettyServerBuilder.useTransportSecurity(NettyServerBuilder.java:377)
        at io.grpc.netty.NettyServerBuilder.useTransportSecurity(NettyServerBuilder.java:63)*

also want to know how I can test openssl approach locally ?

this is how I am trying to run the jar: java -jar -Denv=e1 app.jar

Below are the additional GRPC related POM dependencies specific to GRPC -I have in my POM: -- extension --

   <extensions>
        <extension>
            <groupId>kr.motd.maven</groupId>
            <artifactId>os-maven-plugin</artifactId>
            <version>1.4.0.Final</version>
        </extension>
    </extensions>

--- plugin ----

<plugin>
       <groupId>org.xolstice.maven.plugins</groupId>
       <artifactId>protobuf-maven-plugin</artifactId>
       <version>0.5.0</version>
       <configuration>
      <protocArtifact>com.google.protobuf:protoc:3.2.0:exe:${os.detected.classifier}</protocArtifact>
                    <pluginId>grpc-java</pluginId>
                    <pluginArtifact>io.grpc:protoc-gen-grpc-java:1.3.0:exe:${os.detected.classifier}</pluginArtifact>
      </configuration>
                <executions>
                    <execution>
                        <goals>
                            <goal>compile</goal>
                            <goal>compile-custom</goal>
                        </goals>
                    </execution>
                </executions>
            </plugin>

--- dependencies ---

<dependency>
            <groupId>io.grpc</groupId>
            <artifactId>grpc-netty</artifactId>
            <version>1.3.0</version>
</dependency>
<dependency>
            <groupId>io.grpc</groupId>
            <artifactId>grpc-protobuf</artifactId>
            <version>1.3.0</version>
</dependency>
<dependency>
            <groupId>io.grpc</groupId>
            <artifactId>grpc-stub</artifactId>
            <version>1.3.0</version>
</dependency>
<dependency>
            <groupId>io.netty</groupId>
            <artifactId>netty-tcnative-boringssl-static</artifactId>
            <version>2.0.1.Final</version>
</dependency>

Can Openssl / jdk version be the problem ?

Answer 1

You need to add a dependency on Netty TCNative in order to get a correct security dependecy. From the SECURITY.md file for gRPC, you need to add the following:

<project>
  <dependencies>
    <dependency>
      <groupId>io.netty</groupId>
      <artifactId>netty-tcnative-boringssl-static</artifactId>
      <version>1.1.33.Fork26</version>
    </dependency>
  </dependencies>
</project>

Note that this will change in the upcoming 1.4 release of gRPC to point to netty-tcnative-parent-2.0.1.Final