Skip to content

Fix: Akka.Remote should not shutdown on invalid TLS traffic #7939

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Nov 24, 2025
Merged

Fix: Akka.Remote should not shutdown on invalid TLS traffic #7939

merged 1 commit into from
Nov 24, 2025

Conversation

@Aaronontheweb
Copy link
Member

@Aaronontheweb Aaronontheweb commented Nov 24, 2025

Summary

  • Fixed issue where invalid traffic (like HTTP requests) hitting a TLS-enabled Akka.Remote port would cause the entire ActorSystem to shut down
  • Server now rejects invalid connections gracefully without terminating
  • Client-side TLS failures still trigger shutdown as expected for security

Changes

  • Modified TcpTransport.UserEventTriggered() to distinguish between client and server-side TLS failures
  • Only client-side TLS handshake failures trigger CoordinatedShutdown
  • Server-side failures just log a warning and close the connection

Test Plan

  • Added test Server_side_invalid_traffic_should_not_shutdown_server to verify fix
  • Verified existing client-side TLS failure test still passes
  • Ran new test 20 times locally to ensure stability
  • All tests in DotNettyTlsHandshakeFailureSpec pass

Fixes #7938

@Aaronontheweb
Fix: Akka.Remote should not shutdown on invalid TLS traffic
00e628b 
When TLS is enabled, invalid traffic (like HTTP requests) hitting the
Akka.Remote port would cause the entire ActorSystem to shut down with
exit code 79. This was due to overly aggressive TLS handshake failure
handling introduced in akkadotnet#7839.

Changes:
- Modified TcpTransport to only trigger CoordinatedShutdown for client-side
  TLS handshake failures (outbound connections we initiate)
- Server-side TLS failures (incoming invalid connections) now just log a
  warning and reject the connection without shutting down
- Added test to verify servers remain running when invalid traffic hits
  the TLS port

This makes Akka.Remote resilient to port scanners, misconfigured clients,
or malicious traffic while maintaining strict security for legitimate
connections.

Fixes akkadotnet#7938
Aaronontheweb
Aaronontheweb commented Nov 24, 2025
View reviewed changes
src/core/Akka.Remote/Transport/DotNetty/TcpTransport.cs
cs.Run(new TlsHandshakeFailureReason($"TLS handshake failed on channel [{context.Channel.LocalAddress}->{context.Channel.RemoteAddress}](Id={context.Channel.Id})"));
// Only shutdown the ActorSystem if this is a client-side failure
// Server-side failures (incoming connections) should just reject the connection
if (isClient)
Copy link
Member Author

@Aaronontheweb Aaronontheweb Nov 24, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fix is simple - just don't shut the server down when clients with invalid certs connect

Arkatufus
Arkatufus approved these changes Nov 24, 2025
View reviewed changes
Copy link
Contributor

@Arkatufus Arkatufus left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@Aaronontheweb Aaronontheweb enabled auto-merge (squash) November 24, 2025 19:20
@Aaronontheweb Aaronontheweb merged commit 747abfc into akkadotnet:dev Nov 24, 2025
9 of 11 checks passed
@Aaronontheweb Aaronontheweb deleted the fix/7938-tls-invalid-traffic-shutdown branch November 24, 2025 19:30
Aaronontheweb added a commit to Aaronontheweb/akka.net that referenced this pull request Nov 25, 2025
@Aaronontheweb
Fix: Akka.Remote should not shutdown on invalid TLS traffic (akkadotn…
5a09173 
…et#7939)

When TLS is enabled, invalid traffic (like HTTP requests) hitting the
Akka.Remote port would cause the entire ActorSystem to shut down with
exit code 79. This was due to overly aggressive TLS handshake failure
handling introduced in akkadotnet#7839.

Changes:
- Modified TcpTransport to only trigger CoordinatedShutdown for client-side
  TLS handshake failures (outbound connections we initiate)
- Server-side TLS failures (incoming invalid connections) now just log a
  warning and reject the connection without shutting down
- Added test to verify servers remain running when invalid traffic hits
  the TLS port

This makes Akka.Remote resilient to port scanners, misconfigured clients,
or malicious traffic while maintaining strict security for legitimate
connections.

Fixes akkadotnet#7938
@Aaronontheweb Aaronontheweb mentioned this pull request Nov 25, 2025
Merged
Aaronontheweb added a commit to Aaronontheweb/akka.net that referenced this pull request Nov 25, 2025
@Aaronontheweb
Fix: Akka.Remote should not shutdown on invalid TLS traffic (akkadotn…
46b1876 
…et#7939)

When TLS is enabled, invalid traffic (like HTTP requests) hitting the
Akka.Remote port would cause the entire ActorSystem to shut down with
exit code 79. This was due to overly aggressive TLS handshake failure
handling introduced in akkadotnet#7839.

Changes:
- Modified TcpTransport to only trigger CoordinatedShutdown for client-side
  TLS handshake failures (outbound connections we initiate)
- Server-side TLS failures (incoming invalid connections) now just log a
  warning and reject the connection without shutting down
- Added test to verify servers remain running when invalid traffic hits
  the TLS port

This makes Akka.Remote resilient to port scanners, misconfigured clients,
or malicious traffic while maintaining strict security for legitimate
connections.

Fixes akkadotnet#7938
Aaronontheweb added a commit to Aaronontheweb/akka.net that referenced this pull request Nov 25, 2025
@Aaronontheweb
Fix: Akka.Remote should not shutdown on invalid TLS traffic (akkadotn…
fea4231 
…et#7939)

When TLS is enabled, invalid traffic (like HTTP requests) hitting the
Akka.Remote port would cause the entire ActorSystem to shut down with
exit code 79. This was due to overly aggressive TLS handshake failure
handling introduced in akkadotnet#7839.

Changes:
- Modified TcpTransport to only trigger CoordinatedShutdown for client-side
  TLS handshake failures (outbound connections we initiate)
- Server-side TLS failures (incoming invalid connections) now just log a
  warning and reject the connection without shutting down
- Added test to verify servers remain running when invalid traffic hits
  the TLS port

This makes Akka.Remote resilient to port scanners, misconfigured clients,
or malicious traffic while maintaining strict security for legitimate
connections.

Fixes akkadotnet#7938
Aaronontheweb added a commit that referenced this pull request Nov 25, 2025
@Aaronontheweb
Fix: Akka.Remote should not shutdown on invalid TLS traffic (#7939) (#…
9601f62 
…7952)

When TLS is enabled, invalid traffic (like HTTP requests) hitting the
Akka.Remote port would cause the entire ActorSystem to shut down with
exit code 79. This was due to overly aggressive TLS handshake failure
handling introduced in #7839.

Changes:
- Modified TcpTransport to only trigger CoordinatedShutdown for client-side
  TLS handshake failures (outbound connections we initiate)
- Server-side TLS failures (incoming invalid connections) now just log a
  warning and reject the connection without shutting down
- Added test to verify servers remain running when invalid traffic hits
  the TLS port

This makes Akka.Remote resilient to port scanners, misconfigured clients,
or malicious traffic while maintaining strict security for legitimate
connections.

Fixes #7938
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Arkatufus Arkatufus Arkatufus approved these changes

Assignees

No one assigned

Labels

akka-remote security

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Akka.Remote: When TLS is enabled, unexpected requests sent to the remoting port can cause the application to shut down

2 participants

@Aaronontheweb @Arkatufus