Issue with NEST SniffingConnectionPool + TLS

Trying to establish connection to my ES cluster over TLS.

When I using SniffingConnectionPool, I getting the following exception: "The handshake failed due to an unexpected packet format."

Trying to connect without it works fine.

Is that is a bug or I missing something?

So you have an example of the requets you're making and the exception stack trace / debug information?

First call to NEST giving that exception. In my case, it was:

var isIndexExistsResponse = _elasticClient.IndexExists(new IndexExistsRequest(IndexName));

Some further questions about your TLS setup:

  1. How do you have SSL/TLS set up?
  2. Are you using self-signed certs?
  3. Are these generated using certgen?
  4. Are they issued from a trusted Certificate Authority (CA)?

Take a look at the working with certificates documentation for NEST.

Answering in the same order:

  1. I put Nginx in the front of ES, and configured it for SSL (Nginx performs SSL termination).
  2. No, I using standard LetsEncrypt certificates
  3. No, I using standard LetsEncrypt certificates
  4. Yes they are - I using standard LetsEncrypt certificates

BTW, when I switched to StaticConnectionPool - everything works fine (everything else exactly the same).

That sounds like it's the likely cause; SniffingConnectionPool seeds itself on startup and at intervals with known nodes in the cluster, based on what is returned from /_nodes/http,settings API call.

Do nodes have TLS configured for the HTTP layer? Would it be possible to capture what is returned from the first request with .DisableDirectStreaming() set on ConnectionSettings? It sounds like the client may not be handling this gracefully so any further detail that you can provide will help.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.