I have noticed that when running canton by directly invoking it via its jar and configuring the TLS the application throws exception unable to load the required libraries. It then reverts to using the JDK version of the TLS instead of the OpenSSL.
In detail, when you launch your canton for instance like so:
java -cp \
canton-enterprise-2.7.0-SNAPSHOT.jar: com.digitalasset.canton.CantonEnterpriseApp \
-c my-topology.conf \
-v \
--debug \
--log-file-appender=flat \
-C canton.participants.participant1.ledger-api.tls.minimum-server-protocol-version=TLSv1.2 \
-C canton.participants.participant1.ledger-api.tls.cert-chain-file=participant.crt \
-C canton.participants.participant1.ledger-api.tls.private-key-file=participant.pem \
-C canton.participants.participant1.ledger-api.tls.trust-collection-file=root-ca.crt
The result is the following error (trimmed for brevity):
INFO c.d.c.c.TlsServerConfig$-0x79016152 - Netty OpenSSL is not available because of an issue
java.lang.IllegalArgumentException: Failed to load any of the given libraries: [netty_tcnative_linux_x86_64, netty_tcnative_linux_x86_64_fedora, netty_tcnative_x86_64, netty_tcnative]
at io.netty.util.internal.NativeLibraryLoader.loadFirstAvailable(NativeLibraryLoader.java:114)
at io.netty.handler.ssl.OpenSsl.loadTcNative(OpenSsl.java:705)
at io.netty.handler.ssl.OpenSsl.<clinit>(OpenSsl.java:146)
at com.digitalasset.canton.config.TlsServerConfig$.$anonfun$defaultCiphers$1(ServerConfig.scala:306)
Further down in the log we see a clue shedding light at what is happening
Suppressed: java.lang.UnsatisfiedLinkError: /tmp/libnetty_tcnative_linux_x86_6412280897369466288206.so: libcrypt.so.1: cannot open shared object file: No such file or directory
Are we expecting that libcrypt native library be installed on a machine prior to launching canton?