Skip to content

[Backport v1.5] Fix: Akka.Remote should not shutdown on invalid TLS traffic #7952

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Nov 25, 2025
Merged

[Backport v1.5] Fix: Akka.Remote should not shutdown on invalid TLS traffic #7952

merged 1 commit into from
Nov 25, 2025
+77 −5

Conversation

@Aaronontheweb
Copy link
Member

@Aaronontheweb Aaronontheweb commented Nov 25, 2025

Summary

Backport of #7939 to v1.5 branch.

  • Prevents Akka.Remote from shutting down when receiving invalid TLS traffic

Original PR: #7939

@Aaronontheweb Aaronontheweb force-pushed the backport/v1.5-remote-tls-fix branch from 5a09173 to 46b1876 Compare November 25, 2025 17:24
@Aaronontheweb
Fix: Akka.Remote should not shutdown on invalid TLS traffic (akkadotn…
fea4231 
…et#7939)

When TLS is enabled, invalid traffic (like HTTP requests) hitting the
Akka.Remote port would cause the entire ActorSystem to shut down with
exit code 79. This was due to overly aggressive TLS handshake failure
handling introduced in akkadotnet#7839.

Changes:
- Modified TcpTransport to only trigger CoordinatedShutdown for client-side
  TLS handshake failures (outbound connections we initiate)
- Server-side TLS failures (incoming invalid connections) now just log a
  warning and reject the connection without shutting down
- Added test to verify servers remain running when invalid traffic hits
  the TLS port

This makes Akka.Remote resilient to port scanners, misconfigured clients,
or malicious traffic while maintaining strict security for legitimate
connections.

Fixes akkadotnet#7938
@Aaronontheweb Aaronontheweb force-pushed the backport/v1.5-remote-tls-fix branch from 46b1876 to fea4231 Compare November 25, 2025 17:25
@Aaronontheweb Aaronontheweb merged commit 9601f62 into akkadotnet:v1.5 Nov 25, 2025
7 of 11 checks passed
@Aaronontheweb Aaronontheweb deleted the backport/v1.5-remote-tls-fix branch November 25, 2025 18:29
@Aaronontheweb Aaronontheweb mentioned this pull request Nov 25, 2025
Merged
This was referenced Nov 26, 2025
Merged
Open
Open
Open
Open
Open
Open
Merged
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@Aaronontheweb