Connection reset warning

Hello,
I'm not sure if this is an issue as this is being flagged as INFO/WARN.
this is a 3 node cluster setup to be used with Liferay DXP. This cluster is not being used/accessed at this time. Services are started and it is waiting for Liferay to be configured.
The issue is I see are these messages every day. Does this indicate an issue?
I'm able to access the app on port 9200 without any issue.
Does this indicate a timeout or a connection dropping after few hours?

Version: elasticsearch-8.8.2

[2024-12-10T18:34:18,502][INFO ][o.e.t.TcpTransport       ] [ES-L6-node1] close connection exception caught on transport layer [Netty4TcpChannel{localAddress=/xx.xx.1.198:9300, remoteAddress=/xx.xx.1.198:45701, profile=default}], disconnecting from relevant node
java.net.SocketException: Connection reset
        at sun.nio.ch.SocketChannelImpl.throwConnectionReset(SocketChannelImpl.java:401) ~[?:?]
        at sun.nio.ch.SocketChannelImpl.read(SocketChannelImpl.java:434) ~[?:?]
        at org.elasticsearch.transport.netty4.CopyBytesSocketChannel.readFromSocketChannel(CopyBytesSocketChannel.java:131) ~[?:?]
        at org.elasticsearch.transport.netty4.CopyBytesSocketChannel.doReadBytes(CopyBytesSocketChannel.java:116) ~[?:?]
        at io.netty.channel.nio.AbstractNioByteChannel$NioByteUnsafe.read(AbstractNioByteChannel.java:151) ~[?:?]
        at io.netty.channel.nio.NioEventLoop.processSelectedKey(NioEventLoop.java:788) ~[?:?]
        at io.netty.channel.nio.NioEventLoop.processSelectedKeysPlain(NioEventLoop.java:689) ~[?:?]
        at io.netty.channel.nio.NioEventLoop.processSelectedKeys(NioEventLoop.java:652) ~[?:?]
        at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:562) ~[?:?]
        at io.netty.util.concurrent.SingleThreadEventExecutor$4.run(SingleThreadEventExecutor.java:997) ~[?:?]
        at io.netty.util.internal.ThreadExecutorMap$2.run(ThreadExecutorMap.java:74) ~[?:?]
        at java.lang.Thread.run(Thread.java:1583) ~[?:?]
[2024-12-10T18:34:18,719][WARN ][o.e.h.AbstractHttpServerTransport] [ES-L6-node1] caught exception while handling client http traffic, closing connection Netty4HttpChannel{localAddress=/xx.xx.1.198:9200, remoteAddress=/xx.xx.1.198:47035}
io.netty.handler.codec.DecoderException: javax.net.ssl.SSLHandshakeException: Client requested protocol SSLv3 is not enabled or supported in server context
        at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:499) ~[?:?]
        at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:290) ~[?:?]

Here is my yml file

# ======================== Elasticsearch Configuration =========================
#
# NOTE: Elasticsearch comes with reasonable defaults for most settings.
#       Before you set out to tweak and tune the configuration, make sure you
#       understand what are you trying to accomplish and the consequences.
#
# The primary way of configuring a node is via this file. This template lists
# the most important settings you may want to configure for a production cluster.
#
# Please consult the documentation for further information on configuration options:
# https://www.elastic.co/guide/en/elasticsearch/reference/index.html
#
# ---------------------------------- Cluster -----------------------------------
#
# Use a descriptive name for your cluster:
#
cluster.name: returns-elsearch-L6
#
# ------------------------------------ Node ------------------------------------
#
# Use a descriptive name for the node:
#
node.name: ES-L6-node1
#
# Add custom attributes to the node:
#
#node.attr.rack: r1
#
# ----------------------------------- Paths ------------------------------------
#
# Path to directory where to store the data (separate multiple locations by comma):
#
path.data: /apps/elsearch/elasticsearch-8.8.2/data
#
# Path to log files:
#
path.logs: /apps/elsearch/elasticsearch-8.8.2/logs
#
# ----------------------------------- Memory -----------------------------------
#
# Lock the memory on startup:
#
#bootstrap.memory_lock: true
#
# Make sure that the heap size is set to about half the memory available
# on the system and that the owner of the process is allowed to use this
# limit.
#
# Elasticsearch performs poorly when the system is swapping the memory.
#
# ---------------------------------- Network -----------------------------------
#
# By default Elasticsearch is only accessible on localhost. Set a different
# address here to expose this node on the network:
#
network.host: srch1.xxx.xxx.com

#
# By default Elasticsearch listens for HTTP traffic on the first free port it
# finds starting at 9200. Set a specific HTTP port here:
#
#http.publish_host: srch1.xxx.xxx.com
http.port: 9200
#
# For more information, consult the network module documentation.
#
# --------------------------------- Discovery ----------------------------------
#
# Pass an initial list of hosts to perform discovery when this node is started:
# The default list of hosts is ["127.0.0.1", "[::1]"]
#
discovery.seed_hosts: ["srch1.xxx.xxx.com", "srch2.xxx.xxx.com", "srch3.xxx.xxx.com"]
#
# Bootstrap the cluster using an initial set of master-eligible nodes:
#
#cluster.initial_master_nodes: ["ES-L6-node1", "ES-L6-node2", "ES-L6-node3"]
#
# For more information, consult the discovery and cluster formation module documentation.
#
# ---------------------------------- Various -----------------------------------
#
# Allow wildcard deletion of indices:
#
#action.destructive_requires_name: false
#
xpack.security.enabled: true
###Transport security setup
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.type: jks
xpack.security.transport.ssl.keystore.path: elsearch-l6.jks
xpack.security.transport.ssl.truststore.path: truststore.jks
xpack.security.transport.ssl.supported_protocols: ["TLSv1.2"]
####HTTP security setup
xpack.security.http.ssl.enabled: true
xpack.security.http.ssl.verification_mode: certificate
xpack.security.http.ssl.keystore.type: jks
xpack.security.http.ssl.keystore.path: elsearch-l6.jks
xpack.security.http.ssl.truststore.path: truststore.jks
xpack.security.http.ssl.supported_protocols: ["TLSv1.2"]
xpack.security.http.ssl.cipher_suites : TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_DHE_RSA_WITH_AES_128_GCM_SHA256

log has thousands of lines with similar messages and ends with the following
There are warnings regarding SSLv3 and TLSv1 followed by cipher suites. It then repeats for port 9300

[2024-12-10T18:34:18,736][WARN ][o.e.h.AbstractHttpServerTransport] [ES-L6-node1] caught exception while handling client http traffic, closing connection Netty4HttpChannel{localAddress=/xx.xx.1.198:9200, remoteAddress=/xx.xx.1.198:37995}
io.netty.handler.codec.DecoderException: javax.net.ssl.SSLHandshakeException: no cipher suites in common

[2024-12-10T18:34:18,759][WARN ][o.e.h.n.Netty4HttpServerTransport] [ES-L6-node1] received plaintext http traffic on an https channel, closing connection Netty4HttpChannel{localAddress=/xx.xx.1.198:9200, remoteAddress=/xx.xx.1.198:46635}
[2024-12-10T18:34:18,759][WARN ][o.e.h.n.Netty4HttpServerTransport] [ES-L6-node1] received plaintext http traffic on an https channel, closing connection Netty4HttpChannel{localAddress=/xx.xx.1.198:9200, remoteAddress=/xx.xx.1.198:49169}
[2024-12-10T18:34:18,760][WARN ][o.e.h.n.Netty4HttpServerTransport] [ES-L6-node1] received plaintext http traffic on an https channel, closing connection Netty4HttpChannel{localAddress=/xx.xx.1.198:9200, remoteAddress=/xx.xx.1.198:37497}
[2024-12-10T18:34:18,760][WARN ][o.e.h.n.Netty4HttpServerTransport] [ES-L6-node1] received plaintext http traffic on an https channel, closing connection Netty4HttpChannel{localAddress=/xx.xx.1.198:9200, remoteAddress=/xx.xx.1.198:58643}
[2024-12-10T18:34:18,760][WARN ][o.e.h.n.Netty4HttpServerTransport] [ES-L6-node1] received plaintext http traffic on an https channel, closing connection Netty4HttpChannel{localAddress=/xx.xx.1.198:9200, remoteAddress=/xx.xx.1.198:54913}
[2024-12-10T18:34:18,761][WARN ][o.e.h.n.Netty4HttpServerTransport] [ES-L6-node1] received plaintext http traffic on an https channel, closing connection Netty4HttpChannel{localAddress=/xx.xx.1.198:9200, remoteAddress=/xx.xx.1.198:38067}
[2024-12-10T18:34:18,761][WARN ][o.e.h.n.Netty4HttpServerTransport] [ES-L6-node1] received plaintext http traffic on an https channel, closing connection Netty4HttpChannel{localAddress=/xx.xx.1.198:9200, remoteAddress=/xx.xx.1.198:44509}
[2024-12-10T18:34:18,762][WARN ][o.e.t.TcpTransport       ] [ES-L6-node1] exception caught on transport layer [Netty4TcpChannel{localAddress=/xx.xx.1.198:9300, remoteAddress=/xx.xx.1.198:34695, profile=default}], closing connection
io.netty.handler.codec.DecoderException: javax.net.ssl.SSLHandshakeException: Client requested protocol SSLv3 is not enabled or supported in server context
	at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:499) ~[?:?]
	at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:290) ~[?:?]
	at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:444) ~[?:?]
	at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:420) ~[?:?]
	at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:412) ~[?:?]
	at io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1410) ~[?:?]
	at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:440) ~[?:?]
	at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:420) ~[?:?]
	at io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:919) ~[?:?]
	at io.netty.channel.nio.AbstractNioByteChannel$NioByteUnsafe.read(AbstractNioByteChannel.java:166) ~[?:?]
	at io.netty.channel.nio.NioEventLoop.processSelectedKey(NioEventLoop.java:788) ~[?:?]
	at io.netty.channel.nio.NioEventLoop.processSelectedKeysPlain(NioEventLoop.java:689) ~[?:?]
	at io.netty.channel.nio.NioEventLoop.processSelectedKeys(NioEventLoop.java:652) ~[?:?]
	at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:562) ~[?:?]
	at io.netty.util.concurrent.SingleThreadEventExecutor$4.run(SingleThreadEventExecutor.java:997) ~[?:?]
	at io.netty.util.internal.ThreadExecutorMap$2.run(ThreadExecutorMap.java:74) ~[?:?]
	at java.lang.Thread.run(Thread.java:1583) ~[?:?]
Caused by: javax.net.ssl.SSLHandshakeException: Client requested protocol SSLv3 is not enabled or supported in server context
	at sun.security.ssl.Alert.createSSLException(Alert.java:130) ~[?:?]
	at sun.security.ssl.Alert.createSSLException(Alert.java:117) ~[?:?]
	at sun.security.ssl.TransportContext.fatal(TransportContext.java:365) ~[?:?]
	at sun.security.ssl.TransportContext.fatal(TransportContext.java:321) ~[?:?]
	at sun.security.ssl.TransportContext.fatal(TransportContext.java:312) ~[?:?]
	at sun.security.ssl.ClientHello$ClientHelloConsumer.negotiateProtocol(ClientHello.java:870) ~[?:?]
	at sun.security.ssl.ClientHello$ClientHelloConsumer.onClientHello(ClientHello.java:822) ~[?:?]
	at sun.security.ssl.ClientHello$ClientHelloConsumer.consume(ClientHello.java:800) ~[?:?]
	at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:393) ~[?:?]
	at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:476) ~[?:?]
	at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1273) ~[?:?]
	at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1260) ~[?:?]
	at java.security.AccessController.doPrivileged(AccessController.java:714) ~[?:?]
	at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1205) ~[?:?]
	at io.netty.handler.ssl.SslHandler.runDelegatedTasks(SslHandler.java:1558) ~[?:?]
	at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1404) ~[?:?]
	at io.netty.handler.ssl.SslHandler.decodeJdkCompatible(SslHandler.java:1245) ~[?:?]
	at io.netty.handler.ssl.SslHandler.decode(SslHandler.java:1294) ~[?:?]
	at io.netty.handler.codec.ByteToMessageDecoder.decodeRemovalReentryProtection(ByteToMessageDecoder.java:529) ~[?:?]
	at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:468) ~[?:?]
	... 16 more
[2024-12-10T18:34:18,763][WARN ][o.e.t.TcpTransport       ] [ES-L6-node1] exception caught on transport layer [Netty4TcpChannel{localAddress=/xx.xx.1.198:9300, remoteAddress=/xx.xx.1.198:52809, profile=default}], closing connection
io.netty.handler.codec.DecoderException: javax.net.ssl.SSLHandshakeException: Client requested protocol SSLv3 is not enabled or supported in server context
[2024-12-10T18:34:18,823][WARN ][o.e.t.TcpTransport       ] [ES-L6-node1] exception caught on transport layer [Netty4TcpChannel{localAddress=/xx.xx.1.198:9300, remoteAddress=/xx.xx.1.198:54855, profile=default}], closing connection
io.netty.handler.codec.DecoderException: javax.net.ssl.SSLHandshakeException: no cipher suites in common
	at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:499) ~[?:?]
	at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:290) ~[?:?]
	at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:444) ~[?:?]
	at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:420) ~[?:?]
	at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:412) ~[?:?]
	at io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1410) ~[?:?]
	at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:440) ~[?:?]
	at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:420) ~[?:?]
	at io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:919) ~[?:?]
	at io.netty.channel.nio.AbstractNioByteChannel$NioByteUnsafe.read(AbstractNioByteChannel.java:166) ~[?:?]
	at io.netty.channel.nio.NioEventLoop.processSelectedKey(NioEventLoop.java:788) ~[?:?]
	at io.netty.channel.nio.NioEventLoop.processSelectedKeysPlain(NioEventLoop.java:689) ~[?:?]
	at io.netty.channel.nio.NioEventLoop.processSelectedKeys(NioEventLoop.java:652) ~[?:?]
	at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:562) ~[?:?]
	at io.netty.util.concurrent.SingleThreadEventExecutor$4.run(SingleThreadEventExecutor.java:997) ~[?:?]
	at io.netty.util.internal.ThreadExecutorMap$2.run(ThreadExecutorMap.java:74) ~[?:?]
	at java.lang.Thread.run(Thread.java:1583) ~[?:?]
Caused by: javax.net.ssl.SSLHandshakeException: no cipher suites in common
	at sun.security.ssl.Alert.createSSLException(Alert.java:130) ~[?:?]
	at sun.security.ssl.Alert.createSSLException(Alert.java:117) ~[?:?]
	at sun.security.ssl.TransportContext.fatal(TransportContext.java:365) ~[?:?]
	at sun.security.ssl.TransportContext.fatal(TransportContext.java:321) ~[?:?]
	at sun.security.ssl.TransportContext.fatal(TransportContext.java:312) ~[?:?]
	at sun.security.ssl.ServerHello$T12ServerHelloProducer.chooseCipherSuite(ServerHello.java:466) ~[?:?]
	at sun.security.ssl.ServerHello$T12ServerHelloProducer.produce(ServerHello.java:292) ~[?:?]
	at sun.security.ssl.SSLHandshake.produce(SSLHandshake.java:437) ~[?:?]
	at sun.security.ssl.ClientHello$T12ClientHelloConsumer.consume(ClientHello.java:1108) ~[?:?]
	at sun.security.ssl.ClientHello$ClientHelloConsumer.onClientHello(ClientHello.java:841) ~[?:?]
	at sun.security.ssl.ClientHello$ClientHelloConsumer.consume(ClientHello.java:800) ~[?:?]
	at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:393) ~[?:?]
	at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:476) ~[?:?]
	at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1273) ~[?:?]
	at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1260) ~[?:?]
	at java.security.AccessController.doPrivileged(AccessController.java:714) ~[?:?]
	at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1205) ~[?:?]
	at io.netty.handler.ssl.SslHandler.runDelegatedTasks(SslHandler.java:1558) ~[?:?]
	at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1404) ~[?:?]
	at io.netty.handler.ssl.SslHandler.decodeJdkCompatible(SslHandler.java:1245) ~[?:?]
	at io.netty.handler.ssl.SslHandler.decode(SslHandler.java:1294) ~[?:?]
	at io.netty.handler.codec.ByteToMessageDecoder.decodeRemovalReentryProtection(ByteToMessageDecoder.java:529) ~[?:?]
	at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:468) ~[?:?]
	... 16 more
[2024-12-10T18:34:18,824][WARN ][o.e.t.TcpTransport       ] [ES-L6-node1] exception caught on transport layer [Netty4TcpChannel{localAddress=/xx.xx.1.198:9300, remoteAddress=/xx.xx.1.198:38631, profile=default}], closing connection
io.netty.handler.codec.DecoderException: javax.net.ssl.SSLHandshakeException: no cipher suites in common
	at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:499) ~[?:?]
	at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:290) ~[?:?]
	at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:444) ~[?:?]
	at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:420) ~[?:?]
	at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:412) ~[?:?]
	at io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1410) ~[?:?]
	at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:440) ~[?:?]
	at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:420) ~[?:?]
	at io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:919) ~[?:?]
	at io.netty.channel.nio.AbstractNioByteChannel$NioByteUnsafe.read(AbstractNioByteChannel.java:166) ~[?:?]
	at io.netty.channel.nio.NioEventLoop.processSelectedKey(NioEventLoop.java:788) ~[?:?]
	at io.netty.channel.nio.NioEventLoop.processSelectedKeysPlain(NioEventLoop.java:689) ~[?:?]
	at io.netty.channel.nio.NioEventLoop.processSelectedKeys(NioEventLoop.java:652) ~[?:?]
	at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:562) ~[?:?]
	at io.netty.util.concurrent.SingleThreadEventExecutor$4.run(SingleThreadEventExecutor.java:997) ~[?:?]
	at io.netty.util.internal.ThreadExecutorMap$2.run(ThreadExecutorMap.java:74) ~[?:?]
	at java.lang.Thread.run(Thread.java:1583) ~[?:?]
Caused by: javax.net.ssl.SSLHandshakeException: no cipher suites in common
	at sun.security.ssl.Alert.createSSLException(Alert.java:130) ~[?:?]
	at sun.security.ssl.Alert.createSSLException(Alert.java:117) ~[?:?]
	at sun.security.ssl.TransportContext.fatal(TransportContext.java:365) ~[?:?]
	at sun.security.ssl.TransportContext.fatal(TransportContext.java:321) ~[?:?]
	at sun.security.ssl.TransportContext.fatal(TransportContext.java:312) ~[?:?]
	at sun.security.ssl.ServerHello$T12ServerHelloProducer.chooseCipherSuite(ServerHello.java:466) ~[?:?]
	at sun.security.ssl.ServerHello$T12ServerHelloProducer.produce(ServerHello.java:292) ~[?:?]
	at sun.security.ssl.SSLHandshake.produce(SSLHandshake.java:437) ~[?:?]
	at sun.security.ssl.ClientHello$T12ClientHelloConsumer.consume(ClientHello.java:1108) ~[?:?]
	at sun.security.ssl.ClientHello$ClientHelloConsumer.onClientHello(ClientHello.java:841) ~[?:?]
	at sun.security.ssl.ClientHello$ClientHelloConsumer.consume(ClientHello.java:800) ~[?:?]
	at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:393) ~[?:?]
	at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:476) ~[?:?]
	at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1273) ~[?:?]
	at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1260) ~[?:?]
	at java.security.AccessController.doPrivileged(AccessController.java:714) ~[?:?]
	at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1205) ~[?:?]
	at io.netty.handler.ssl.SslHandler.runDelegatedTasks(SslHandler.java:1558) ~[?:?]
	at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1404) ~[?:?]
	at io.netty.handler.ssl.SslHandler.decodeJdkCompatible(SslHandler.java:1245) ~[?:?]
	at io.netty.handler.ssl.SslHandler.decode(SslHandler.java:1294) ~[?:?]
	at io.netty.handler.codec.ByteToMessageDecoder.decodeRemovalReentryProtection(ByteToMessageDecoder.java:529) ~[?:?]
	at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:468) ~[?:?]
	... 16 more
[2024-12-10T18:34:18,825][WARN ][o.e.t.TcpTransport       ] [ES-L6-node1] exception caught on transport layer [Netty4TcpChannel{localAddress=/xx.xx.1.198:9300, remoteAddress=/xx.xx.1.198:46345, profile=default}], closing connection
io.netty.handler.codec.DecoderException: javax.net.ssl.SSLHandshakeException: The client supported protocol versions [TLSv1.3] are not accepted by server preferences [TLS12]
	at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:499) ~[?:?]
	at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:290) ~[?:?]
	at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:444) ~[?:?]
	at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:420) ~[?:?]
	at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:412) ~[?:?]
	at io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1410) ~[?:?]
	at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:440) ~[?:?]
	at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:420) ~[?:?]
	at io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:919) ~[?:?]
	at io.netty.channel.nio.AbstractNioByteChannel$NioByteUnsafe.read(AbstractNioByteChannel.java:166) ~[?:?]
	at io.netty.channel.nio.NioEventLoop.processSelectedKey(NioEventLoop.java:788) ~[?:?]
	at io.netty.channel.nio.NioEventLoop.processSelectedKeysPlain(NioEventLoop.java:689) ~[?:?]
	at io.netty.channel.nio.NioEventLoop.processSelectedKeys(NioEventLoop.java:652) ~[?:?]
	at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:562) ~[?:?]
	at io.netty.util.concurrent.SingleThreadEventExecutor$4.run(SingleThreadEventExecutor.java:997) ~[?:?]
	at io.netty.util.internal.ThreadExecutorMap$2.run(ThreadExecutorMap.java:74) ~[?:?]
	at java.lang.Thread.run(Thread.java:1583) ~[?:?]
Caused by: javax.net.ssl.SSLHandshakeException: The client supported protocol versions [TLSv1.3] are not accepted by server preferences [TLS12]
	at sun.security.ssl.Alert.createSSLException(Alert.java:130) ~[?:?]
	at sun.security.ssl.Alert.createSSLException(Alert.java:117) ~[?:?]
	at sun.security.ssl.TransportContext.fatal(TransportContext.java:365) ~[?:?]
	at sun.security.ssl.TransportContext.fatal(TransportContext.java:321) ~[?:?]
	at sun.security.ssl.TransportContext.fatal(TransportContext.java:312) ~[?:?]
	at sun.security.ssl.ClientHello$ClientHelloConsumer.negotiateProtocol(ClientHello.java:903) ~[?:?]
	at sun.security.ssl.ClientHello$ClientHelloConsumer.onClientHello(ClientHello.java:819) ~[?:?]
	at sun.security.ssl.ClientHello$ClientHelloConsumer.consume(ClientHello.java:800) ~[?:?]
	at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:393) ~[?:?]
	at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:476) ~[?:?]
	at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1273) ~[?:?]
	at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1260) ~[?:?]
	at java.security.AccessController.doPrivileged(AccessController.java:714) ~[?:?]
	at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1205) ~[?:?]
	at io.netty.handler.ssl.SslHandler.runDelegatedTasks(SslHandler.java:1558) ~[?:?]
	at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1404) ~[?:?]
	at io.netty.handler.ssl.SslHandler.decodeJdkCompatible(SslHandler.java:1245) ~[?:?]
	at io.netty.handler.ssl.SslHandler.decode(SslHandler.java:1294) ~[?:?]
	at io.netty.handler.codec.ByteToMessageDecoder.decodeRemovalReentryProtection(ByteToMessageDecoder.java:529) ~[?:?]
	at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:468) ~[?:?]
	... 16 more
[2024-12-10T18:34:18,829][WARN ][o.e.x.c.s.t.n.SecurityNetty4Transport] [ES-L6-node1] received plaintext traffic on an encrypted channel, closing connection Netty4TcpChannel{localAddress=/xx.xx.1.198:9300, remoteAddress=/xx.xx.1.198:42321, profile=default}
[2024-12-10T18:34:18,830][WARN ][o.e.x.c.s.t.n.SecurityNetty4Transport] [ES-L6-node1] received plaintext traffic on an encrypted channel, closing connection Netty4TcpChannel{localAddress=/xx.xx.1.198:9300, remoteAddress=/xx.xx.1.198:36457, profile=default}
[2024-12-10T18:34:18,830][WARN ][o.e.x.c.s.t.n.SecurityNetty4Transport] [ES-L6-node1] received plaintext traffic on an encrypted channel, closing connection Netty4TcpChannel{localAddress=/xx.xx.1.198:9300, remoteAddress=/xx.xx.1.198:45139, profile=default}
[2024-12-10T18:34:18,830][WARN ][o.e.x.c.s.t.n.SecurityNetty4Transport] [ES-L6-node1] received plaintext traffic on an encrypted channel, closing connection Netty4TcpChannel{localAddress=/xx.xx.1.198:9300, remoteAddress=/xx.xx.1.198:40431, profile=default}
[2024-12-10T18:34:18,831][WARN ][o.e.x.c.s.t.n.SecurityNetty4Transport] [ES-L6-node1] received plaintext traffic on an encrypted channel, closing connection Netty4TcpChannel{localAddress=/xx.xx.1.198:9300, remoteAddress=/xx.xx.1.198:44133, profile=default}
[2024-12-10T18:34:18,831][WARN ][o.e.x.c.s.t.n.SecurityNetty4Transport] [ES-L6-node1] received plaintext traffic on an encrypted channel, closing connection Netty4TcpChannel{localAddress=/xx.xx.1.198:9300, remoteAddress=/xx.xx.1.198:60701, profile=default}
[2024-12-10T18:34:18,831][WARN ][o.e.x.c.s.t.n.SecurityNetty4Transport] [ES-L6-node1] received plaintext traffic on an encrypted channel, closing connection Netty4TcpChannel{localAddress=/xx.xx.1.198:9300, remoteAddress=/xx.xx.1.198:58677, profile=default}

localAddress=/xx.xx.1.198:9200, remoteAddress=/xx.xx.1.198:37995

Starting with the http traffic, the call is coming from inside the house -- is there other software running on these nodes like metricbeat, filebeat, kibana, etc? Something related to liferay?

Can you review the liferay elasticsearch connector log and determine if there are correlated errors in liferay?

There are no entries in liferay logs. I was observing these warnings even when Liferay servers were shut down.
I dont have anything else running on the elasticsearch servers.

Am i reading the message right here?
does it mean an external client is connecting to node1 on port 37995 and/or 9200

Is there any additional logging that can be enabled to get more info. I added these but did not get any additional info
logger.org.elasticsearch.env.NodeEnvironment: DEBUG
logger.org.elasticsearch.transport.TcpTransport: DEBUG
logger.org.elasticsearch.xpack.core.security.transport.netty4.SecurityNetty4Transport: DEBUG

Assuming these xx.xx are the same, then the call is coming from software on the node running Elasticsearch. Something is initiating a connection from a dynamic port (54855) to ES on the same host running on port 9300.

It will be difficult to find identifying information about the client because it's failing so early in the process, during the ssl/tls negotiation. You might be able to capture a tcpdump or something similar that might give you more info on what process is initiating the network request.

You could try temporarily adding SSLv3 to the list of supported ciphers so that the connection can be established and then run netstat (maybe something like netstat -nputwc or something similar) to identify which processes on the host are making these connections to elasticsearch.

Alternatively if you have auditctl available, something like: auditctl -a exit,always -F arch=b64 -S connect -k MYCONNECT

Thank you William!
I will try to setup audit on the server and get more info

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.