集群开启ssl一段时间后出现报错

环境

k8s集群

  • EMQX 版本:5.0.21
  • 操作系统版本:ubuntu20.04 k8s

重现此问题的步骤

  1. 通过operator构建一个3+6节点集群
  2. 配置ssl listener
  3. 正常运行一段时间连接由二三十万持续了有一两个月后出现报错

预期行为

不报错

实际行为

运行了一段时间后出现报错,连接每次都到3万多无法上升

报错哦日志

块引用
[error] supervisor: ‘esockd_connection_sup - <0.10480.11>’, errorContext: connection_shutdown, reason: {ssl_error,{tls_alert,{insufficient_security,“TLS server: In state hello at tls_handshake.erl:346 generated SERVER ALERT: Fatal - Insufficient Security\n no_suitable_ciphers”}}}, offender: [{pid,<0.12989.16>},{name,connection},{mfargs,{emqx_connection,start_link,[#{enable_authn => true,limiter => #{bytes_in => #{capacity => 1099511627776,initial => 0,rate => infinity},client => #{bytes_in => #{capacity => 1099511627776,divisible => false,failure_strategy => force,initial => 0,low_watermark => 0,max_retry_time => 10000,rate => infinity},connection => #{capacity => 1099511627776,divisible => false,failure_strategy => force,initial => 0,low_watermark => 0,max_retry_time => 10000,rate => infinity},message_in => #{capacity => 1099511627776,divisible => false,failure_strategy => force,initial => 0,low_watermark => 0,max_retry_time => 10000,rate => infinity},message_routing => #{capacity => 1099511627776,divisible => false,failure_strategy => force,initial => 0,low_watermark => 0,max_retry_time => 10000,rate => infinity}},connection => #{capacity => 1000,initial => 0,rate => 100.0},message_in => #{capacity => 1099511627776,initial => 0,rate => infinity},message_routing => #{capacity => 1099511627776,initial => 0,rate => infinity}},listener => {ssl,sslListener},zone => default}]}}]



请问是持续出现这个错误,还是某个client连接的时候出现这个错误?

持续出现,由于有client一直在连接,不确定是不是因为持续有client在连接所以持续有报错

我们发现可能是负载均衡tls配置不太对

OK,麻烦问题解决后贴一下原因吧,谢谢啦