io.netty.handler.ssl.NotSslRecordException: not an SSL/TLS record:

meetdave2611997 · May 8, 2018, 11:32am

Hello,

I have installed x-pack and configured each and every node of my elastic cluster for SSL certificates using certutil tool provided by x-pack. A forwarder is configured to ingest data into elastic cluster, I checked twice that forwarder must use https instead of http but unable to ingest data. Here is the error shown in log file of elasticsearch. I have also configured kibana which is working very fine the problem is forwarder is not able to connect.

[2018-05-08T16:53:40,343][WARN ][o.e.x.s.t.n.SecurityNetty4HttpServerTransport] [node-1] caught exception while handling client http traffic, closing connection [id: 0x7c39ca2f, L:0.0.0.0/0.0.0.0:9200 ! R:/10.0.1.1:53205]
io.netty.handler.codec.DecoderException: io.netty.handler.ssl.NotSslRecordException: not an SSL/TLS record: 0300002b26e00000000000436f6f6b69653a206d737473686173683d68656c6c6f0d0a0100080003000000
        at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:459) ~[netty-codec-4.1.16.Final.jar:4.1.16.Final]
        at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:265) ~[netty-codec-4.1.16.Final.jar:4.1.16.Final]
        at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:362) [netty-transport-4.1.16.Final.jar:4.1.16.Final]
        at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:348) [netty-transport-4.1.16.Final.jar:4.1.16.Final]
        at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:340) [netty-transport-4.1.16.Final.jar:4.1.16.Final]
        at io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1359) [netty-transport-4.1.16.Final.jar:4.1.16.Final]
        at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:362) [netty-transport-4.1.16.Final.jar:4.1.16.Final]
        at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:348) [netty-transport-4.1.16.Final.jar:4.1.16.Final]
        at io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:935) [netty-transport-4.1.16.Final.jar:4.1.16.Final]
        at io.netty.channel.nio.AbstractNioByteChannel$NioByteUnsafe.read(AbstractNioByteChannel.java:134) [netty-transport-4.1.16.Final.jar:4.1.16.Final]
        at io.netty.channel.nio.NioEventLoop.processSelectedKey(NioEventLoop.java:645) [netty-transport-4.1.16.Final.jar:4.1.16.Final]
        at io.netty.channel.nio.NioEventLoop.processSelectedKeysPlain(NioEventLoop.java:545) [netty-transport-4.1.16.Final.jar:4.1.16.Final]
        at io.netty.channel.nio.NioEventLoop.processSelectedKeys(NioEventLoop.java:499) [netty-transport-4.1.16.Final.jar:4.1.16.Final]
        at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:459) [netty-transport-4.1.16.Final.jar:4.1.16.Final]
        at io.netty.util.concurrent.SingleThreadEventExecutor$5.run(SingleThreadEventExecutor.java:858) [netty-common-4.1.16.Final.jar:4.1.16.Final]
        at java.lang.Thread.run(Thread.java:748) [?:1.8.0_161]
Caused by: io.netty.handler.ssl.NotSslRecordException: not an SSL/TLS record: 0300002b26e00000000000436f6f6b69653a206d737473686173683d68656c6c6f0d0a0100080003000000
        at io.netty.handler.ssl.SslHandler.decodeJdkCompatible(SslHandler.java:1106) ~[?:?]
        at io.netty.handler.ssl.SslHandler.decode(SslHandler.java:1162) ~[?:?]
        at io.netty.handler.codec.ByteToMessageDecoder.decodeRemovalReentryProtection(ByteToMessageDecoder.java:489) ~[?:?]
        at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:428) ~[?:?]
        o.netty.handler.ssl.NotSslRecordException: not an SSL/TLS record:... 15 more

Thanks,
Meet

ikakavas · May 8, 2018, 11:57am

Hi

If by forwarder you mean a Logstash forwarder, is there any specific reason why you don't use Filebeat instead?

How did you check this? Can you share your config ?

Can you share more details on how does this problem manifest ? What are the symptoms? What are you expecting to happen that doesn't happen?

The error you pasted clearly states that something is sending plaintext traffic to Elasticsearch and
0300002b26e00000000000436f6f6b69653a206d737473686173683d68656c6c6f0d0a0100080003000000 is the request it receives hex encoded and decodes to

+&àCookie: mstshash=hello

but seems to be unrelated to Elasticsearch or the Forwarder, it looks like something is tryintg to connect over RDP to the port Elasticsearch is listening at ?

system · June 5, 2018, 11:58am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
"io.netty.handler.ssl.NotSslRecordException: not an SSL/TLS record" after ssl enabling my cluster Elasticsearch	10	43514	April 18, 2017
Using Shield and getting NotSslRecordException in cluster logs Elasticsearch elastic-stack-security	1	2995	July 6, 2017
Exception [not an SSL/TLS record] in es log and [None of the configured nodes are available] in java Elasticsearch elastic-stack-security	6	809	January 14, 2019
Enabling TLS - NotSslRecordException Elasticsearch elastic-stack-security	3	4459	July 23, 2019
Elastic search v 7.17.10 : x-pack-SSL authentication Kibana elastic-stack-security , elastic-stack-alerting	1	192	November 14, 2023

io.netty.handler.ssl.NotSslRecordException: not an SSL/TLS record:

Related Topics