Skip to content

Node with TLS handshake failure still able to join cluster #7838

New issue
New issue
Closed
Closed
Node with TLS handshake failure still able to join cluster#7838
Labels
confirmed bug
Milestone
1.5.51
@Arkatufus

Description

@Arkatufus
Arkatufus
opened on Sep 23, 2025

Version Information
Version of Akka.NET? 1.5.50
Which Akka.NET Modules? Akka.Remote

Describe the bug

When a this TLS handshake happened:

09/22/2025 23:22:20.465 [akkaProtocol-ssl.tcp%3A%2F%2FGISR%40%5B%3A%3Affff%3A10.50.4.102%5D%3A59714-3] TLS handshake failed on channel [[::ffff:10.50.4.101]:9100->[::ffff:10.50.4.102]:59714](Id=7530405e): [EXCEPTION: One or more errors occurred. (Authentication failed, see inner exception.) - ]: [INNER EXCEPTION: Authentication failed, see inner exception.
   at System.Net.Security.SslStreamPal.AcquireCredentialsHandle(SslAuthenticationOptions sslAuthenticationOptions, Boolean newCredentialsRequested)
   at System.Net.Security.SslStream.AcquireCredentialsHandle(SslAuthenticationOptions sslAuthenticationOptions, Boolean newCredentialsRequested)
   at System.Net.Security.SslStream.AcquireServerCredentials(Byte[]& thumbPrint)
   at System.Net.Security.SslStream.GenerateToken(ReadOnlySpan`1 inputBuffer, Int32& consumed)
   at System.Net.Security.SslStream.NextMessage(ReadOnlySpan`1 incomingBuffer, Int32& consumed)
   at System.Net.Security.SslStream.ProcessTlsFrame(Int32 frameSize)
   at System.Net.Security.SslStream.ForceAuthenticationAsync[TIOAdapter](Boolean receiveFirst, Byte[] reAuthenticationData, CancellationToken cancellationToken)]: [INNER EXCEPTION: The credentials supplied to the package were not recognized - at System.Net.SSPIWrapper.AcquireCredentialsHandle(ISSPIInterface secModule, String package, CredentialUse intent, SCH_CREDENTIALS* scc)
   at System.Net.Security.SslStreamPal.AcquireCredentialsHandle(CredentialUse credUsage, SCH_CREDENTIALS* secureCredential)
   at System.Net.Security.SslStreamPal.AcquireCredentialsHandleSchCredentials(SslAuthenticationOptions authOptions)
   at System.Net.Security.SslStreamPal.AcquireCredentialsHandle(SslAuthenticationOptions sslAuthenticationOptions, Boolean newCredentialsRequested)] One or more errors occurred. (Authentication failed, see inner exception.)

The node were still able to join the cluster and communicate with other nodes

Expected behavior
Networking shouldn't be possible since TLS failed

Metadata

Metadata

Assignees

No one assigned

    Labels

    confirmed bug

    Type

    No type

    Projects

    No projects

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions