Exception during establishing a SSL connection: io.netty.handler.ssl.NotSslRecordException: not an SSL/TLS record:

Nirosh_Kumar · May 5, 2020, 1:46pm

Hello,
I have installed elastic search 7.6.2 with HTTP support which is working fine. But, when I installed the same version with https enabled, I am getting below error when I start the elasticsearch.

search guard 7.6.2.40.0 used for https feature enable in elastic7.6.2.

    [2020-05-05T09:31:40,395][INFO ][o.e.c.r.a.AllocationService] [node-
    emf169104.nms.fnc.fujitsu.com] Cluster health status changed from [RED] to [YELLOW] (reason: [shards started [[filebeat-7.6.2-2020.04.30-000001][1]]]).
    [2020-05-05T09:31:44,077][ERROR]**[c.f.s.s.h.n.SearchGuardSSLNettyHttpServerTransport] [node-emf169104.nms.fnc.fujitsu.com] Exception during establishing a SSL connection: io.netty.handler.ssl.NotSslRecordException: not an SSL/TLS record:** 474554205f636c75737465722f6865616c74683f666f726d61743d6a736f6e20485454502f312e310d0a436f6e74656e742d4c656e6774683a20300d0a486f73743a20656d663136393130343a393230300d0a436f6e6e656374696f6e3a204b6565702d416c6976650d0a557365722d4167656e743a204170616368652d487474704173796e63436c69656e742f342e312e3320284a6176612f312e382e305f313231290d0a0d0a
    io.netty.handler.ssl.NotSslRecordException: not an SSL/TLS record: 474554205f636c75737465722f6865616c74683f666f726d61743d6a736f6e20485454502f312e310d0a436f6e74656e742d4c656e6774683a20300d0a486f73743a20656d663136393130343a393230300d0a436f6e6e656374696f6e3a204b6565702d416c6976650d0a557365722d4167656e743a204170616368652d487474704173796e63436c69656e742f342e312e3320284a6176612f312e382e305f313231290d0a0d0a
            at io.netty.handler.ssl.SslHandler.decodeJdkCompatible(SslHandler.java:1206) ~[netty-handler-4.1.43.Final.jar:4.1.43.Final]
            at io.netty.handler.ssl.SslHandler.decode(SslHandler.java:1274) ~[netty-handler-4.1.43.Final.jar:4.1.43.Final]
            at io.netty.handler.codec.ByteToMessageDecoder.decodeRemovalReentryProtection(ByteToMessageDecoder.java:503) ~[netty-codec-4.1.43.Final.jar:4.1.43.Final]
            at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:442) ~[netty-codec-4.1.43.Final.jar:4.1.43.Final]
            at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:281) ~[netty-codec-4.1.43.Final.jar:4.1.43.Final]
            at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:374) [netty-transport-4.1.43.Final.jar:4.1.43.Final]
            at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:360) [netty-transport-4.1.43.Final.jar:4.1.43.Final]
            at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:352) [netty-transport-4.1.43.Final.jar:4.1.43.Final]
            at io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1422) [netty-transport-4.1.43.Final.jar:4.1.43.Final]
            at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:374) [netty-transport-4.1.43.Final.jar:4.1.43.Final]
            at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:360) [netty-transport-4.1.43.Final.jar:4.1.43.Final]
            at io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:931) [netty-transport-4.1.43.Final.jar:4.1.43.Final]
            at io.netty.channel.nio.AbstractNioByteChannel$NioByteUnsafe.read(AbstractNioByteChannel.java:163) [netty-transport-4.1.43.Final.jar:4.1.43.Final]
            at io.netty.channel.nio.NioEventLoop.processSelectedKey(NioEventLoop.java:700) [netty-transport-4.1.43.Final.jar:4.1.43.Final]
            at io.netty.channel.nio.NioEventLoop.processSelectedKeysPlain(NioEventLoop.java:600) [netty-transport-4.1.43.Final.jar:4.1.43.Final]
            at io.netty.channel.nio.NioEventLoop.processSelectedKeys(NioEventLoop.java:554) [netty-transport-4.1.43.Final.jar:4.1.43.Final]
            at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:514) [netty-transport-4.1.43.Final.jar:4.1.43.Final]
            at io.netty.util.concurrent.SingleThreadEventExecutor$6.run(SingleThreadEventExecutor.java:1050) [netty-common-4.1.43.Final.jar:4.1.43.Final]
            at io.netty.util.internal.ThreadExecutorMap$2.run(ThreadExecutorMap.java:74) [netty-common-4.1.43.Final.jar:4.1.43.Final]
            at java.lang.Thread.run(Thread.java:748) [?:1.8.0_201-R5]
    [2020-05-05T09:31:44,081][WARN ][o.e.h.AbstractHttpServerTransport] [node-emf169104.nms.fnc.fujitsu.com] caught exception while handling client http traffic, closing connection Netty4HttpChannel{localAddress=0.0.0.0/0.0.0.0:9200, remoteAddress=/167.254.165.118:40212}
    io.netty.handler.codec.DecoderException: io.netty.handler.ssl.NotSslRecordException: not an SSL/TLS record: 474554205f636c75737465722f6865616c74683f666f726d61743d6a736f6e20485454502f312e310d0a436f6e74656e742d4c656e6774683a20300d0a486f73743a20656d663136393130343a393230300d0a436f6e6e656374696f6e3a204b6565702d416c6976650d0a557365722d4167656e743a204170616368652d487474704173796e63436c69656e742f342e312e3320284a6176612f312e382e305f313231290d0a0d0a
            at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:473) ~[netty-codec-4.1.43.Final.jar:4.1.43.Final]
            at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:281) ~[netty-codec-4.1.43.Final.jar:4.1.43.Final]
            at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:374) [netty-transport-4.1.43.Final.jar:4.1.43.Final]
            at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:360) [netty-transport-4.1.43.Final.jar:4.1.43.Final]
            at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:352) [netty-transport-4.1.43.Final.jar:4.1.43.Final]
            at io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1422) [netty-transport-4.1.43.Final.jar:4.1.43.Final]
            at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:374) [netty-transport-4.1.43.Final.jar:4.1.43.Final]
            at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:360) [netty-transport-4.1.43.Final.jar:4.1.43.Final]
            at io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:931) [netty-transport-4.1.43.Final.jar:4.1.43.Final]
            at io.netty.channel.nio.AbstractNioByteChannel$NioByteUnsafe.read(AbstractNioByteChannel.java:163) [netty-transport-4.1.43.Final.jar:4.1.43.Final]
            at io.netty.channel.nio.NioEventLoop.processSelectedKey(NioEventLoop.java:700) [netty-transport-4.1.43.Final.jar:4.1.43.Final]
            at io.netty.channel.nio.NioEventLoop.processSelectedKeysPlain(NioEventLoop.java:600) [netty-transport-4.1.43.Final.jar:4.1.43.Final]
            at io.netty.channel.nio.NioEventLoop.processSelectedKeys(NioEventLoop.java:554) [netty-transport-4.1.43.Final.jar:4.1.43.Final]
            at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:514) [netty-transport-4.1.43.Final.jar:4.1.43.Final]
            at io.netty.util.concurrent.SingleThreadEventExecutor$6.run(SingleThreadEventExecutor.java:1050) [netty-common-4.1.43.Final.jar:4.1.43.Final]
            at io.netty.util.internal.ThreadExecutorMap$2.run(ThreadExecutorMap.java:74) [netty-common-4.1.43.Final.jar:4.1.43.Final]
            at java.lang.Thread.run(Thread.java:748) [?:1.8.0_201-R5]
    Caused by: io.netty.handler.ssl.NotSslRecordException: not an SSL/TLS record: 474554205f636c75737465722f6865616c74683f666f726d61743d6a736f6e20485454502f312e310d0a436f6e74656e742d4c656e6774683a20300d0a486f73743a20656d663136393130343a393230300d0a436f6e6e656374696f6e3a204b6565702d416c6976650d0a557365722d4167656e743a204170616368652d487474704173796e63436c69656e742f342e312e3320284a6176612f312e382e305f313231290d0a0d0a
            at io.netty.handler.ssl.SslHandler.decodeJdkCompatible(SslHandler.java:1206) ~[netty-handler-4.1.43.Final.jar:4.1.43.Final]
            at io.netty.handler.ssl.SslHandler.decode(SslHandler.java:1274) ~[netty-handler-4.1.43.Final.jar:4.1.43.Final]
            at io.netty.handler.codec.ByteToMessageDecoder.decodeRemovalReentryProtection(ByteToMessageDecoder.java:503) ~[netty-codec-4.1.43.Final.jar:4.1.43.Final]
            at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:442) ~[netty-codec-4.1.43.Final.jar:4.1.43.Final]
            ... 16 more


**Below is my elasticsearch.yml configuration:**
    xpack.security.enabled: false
    searchguard.ssl.transport.keystore_filepath: keystore.jks
    searchguard.ssl.transport.keystore_password: password
    searchguard.ssl.transport.truststore_filepath: cacerts.jks
    searchguard.ssl.transport.truststore_password: password
    searchguard.ssl.transport.enforce_hostname_verification: false
    searchguard.ssl.http.enabled: true
    searchguard.ssl.http.keystore_filepath: keystore.jks
    searchguard.ssl.http.keystore_password: password
    searchguard.ssl.http.truststore_filepath: cacerts.jks
    searchguard.ssl.http.truststore_password: password


    searchguard.ssl.transport.enabled_protocols:
    - "TLSv1.2"
    searchguard.ssl.http.enabled_protocols:
    - "TLSv1.1"
    - "TLSv1.2"

    searchguard.authcz.admin_dn:
     - CN=virtuora,OU=Fujitsu Network Communications Inc,O=FNC,L=Richardson,ST=Texas,C=US

    node.master: true
    node.data: true
    transport.tcp.port: 9300

    searchguard.disabled: false

dadoonet · May 5, 2020, 2:07pm

Welcome!

You should probably ask the authors of this 3rd party plugin for help.

system · June 2, 2020, 2:07pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.