Fix TLS handshake error handling#7839
Merged
Aaronontheweb merged 5 commits intoSep 24, 2025
Merged
Conversation
Aaronontheweb
requested changes
Sep 24, 2025
Member
Aaronontheweb
left a comment
Aaronontheweb
left a comment
There was a problem hiding this comment.
Left some questions and some definite must-do changes.
Aaronontheweb
approved these changes
Sep 24, 2025
Member
Aaronontheweb
left a comment
Aaronontheweb
left a comment
There was a problem hiding this comment.
Very clean, very simple. Well done.
| Assert.Contains("TLS handshake failed", msg, StringComparison.OrdinalIgnoreCase); | ||
|
|
||
| // Server should shutdown due to TLS failure | ||
| await AwaitAssertAsync(async () => |
|
|
||
| namespace Akka.Remote.Transport.DotNetty | ||
| { | ||
| internal sealed class TlsHandshakeFailureReason : CoordinatedShutdown.Reason |
| $"TLS handshake failed on channel [{context.Channel.LocalAddress}->{context.Channel.RemoteAddress}](Id={context.Channel.Id})")); | ||
| // Shutdown the ActorSystem on TLS handshake failure | ||
| var cs = CoordinatedShutdown.Get(Transport.System); | ||
| cs.Run(new TlsHandshakeFailureReason($"TLS handshake failed on channel [{context.Channel.LocalAddress}->{context.Channel.RemoteAddress}](Id={context.Channel.Id})")); |
Arkatufus
added a commit
to Arkatufus/akka.net
that referenced
this pull request
Sep 24, 2025
* Fix TLS handshake error handling * Simplify PR * Simplify PR, remove new DisassociateInfo * Clean whitespace noise * cleanup, remove TlsHandshakeErrorAssociation (cherry picked from commit 1ec6f9e)
Aaronontheweb
pushed a commit
that referenced
this pull request
Sep 24, 2025
This was referenced Oct 2, 2025
6 tasks
This was referenced May 21, 2026
Open
Closed
Open
Open
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Fixes #7838
Enforce ActorSystem shutdown on TLS handshake failures
Summary
Changes
TlsHandshakeCompletionEventfailures inTcpTransportand runCoordinatedShutdownusing a newTlsHandshakeFailureReason(exit code 79). Logs include channel endpoints and id.New shutdown reason
Akka.Remote.Transport.DotNetty.TlsHandshakeFailureReason(exit code 79): used byTcpTransportandEndpointManagerto terminate the misconfigured system.Tests (Akka.Remote.Tests)
Tls_handshake_failure_should_be_logged_and_shutdown_serverServer_side_tls_handshake_failure_should_shutdown_serverClient_side_tls_handshake_failure_should_shutdown_clientRationale
Impact / Migration