SSL errors remaining after upgrade to 7.5.0

I'm getting the following error upon startup and I'm not sure how to get rid of them. Any quick thoughts?

elasticsearch_1  | {"type": "server", "timestamp": "2019-12-19T15:44:31,574Z", "level": "WARN", "component": "o.e.t.TcpTransport", "cluster.name": "logging", "node.name": "elasticsearch", "message": "exception caught on transport layer [Netty4TcpChannel{localAddress=/127.0.0.1:9300, remoteAddress=/127.0.0.1:50340}], closing connection",
elasticsearch_1  | "stacktrace": ["io.netty.handler.codec.DecoderException: javax.net.ssl.SSLHandshakeException: No available authentication scheme",
elasticsearch_1  | "at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:473) ~[netty-codec-4.1.43.Final.jar:4.1.43.Final]",
elasticsearch_1  | "at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:281) ~[netty-codec-4.1.43.Final.jar:4.1.43.Final]",
elasticsearch_1  | "at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:374) [netty-transport-4.1.43.Final.jar:4.1.43.Final]",
elasticsearch_1  | "at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:360) [netty-transport-4.1.43.Final.jar:4.1.43.Final]",
elasticsearch_1  | "at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:352) [netty-transport-4.1.43.Final.jar:4.1.43.Final]",
elasticsearch_1  | "at io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1422) [netty-transport-4.1.43.Final.jar:4.1.43.Final]",
elasticsearch_1  | "at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:374) [netty-transport-4.1.43.Final.jar:4.1.43.Final]",
elasticsearch_1  | "at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:360) [netty-transport-4.1.43.Final.jar:4.1.43.Final]",
elasticsearch_1  | "at io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:931) [netty-transport-4.1.43.Final.jar:4.1.43.Final]",
elasticsearch_1  | "at io.netty.channel.nio.AbstractNioByteChannel$NioByteUnsafe.read(AbstractNioByteChannel.java:163) [netty-transport-4.1.43.Final.jar:4.1.43.Final]",
elasticsearch_1  | "at io.netty.channel.nio.NioEventLoop.processSelectedKey(NioEventLoop.java:700) [netty-transport-4.1.43.Final.jar:4.1.43.Final]",
elasticsearch_1  | "at io.netty.channel.nio.NioEventLoop.processSelectedKeysPlain(NioEventLoop.java:600) [netty-transport-4.1.43.Final.jar:4.1.43.Final]",
elasticsearch_1  | "at io.netty.channel.nio.NioEventLoop.processSelectedKeys(NioEventLoop.java:554) [netty-transport-4.1.43.Final.jar:4.1.43.Final]",
elasticsearch_1  | "at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:514) [netty-transport-4.1.43.Final.jar:4.1.43.Final]",
elasticsearch_1  | "at io.netty.util.concurrent.SingleThreadEventExecutor$6.run(SingleThreadEventExecutor.java:1050) [netty-common-4.1.43.Final.jar:4.1.43.Final]",
elasticsearch_1  | "at io.netty.util.internal.ThreadExecutorMap$2.run(ThreadExecutorMap.java:74) [netty-common-4.1.43.Final.jar:4.1.43.Final]",
elasticsearch_1  | "at java.lang.Thread.run(Thread.java:830) [?:?]",
elasticsearch_1  | "Caused by: javax.net.ssl.SSLHandshakeException: No available authentication scheme",
elasticsearch_1  | "at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?]",
elasticsearch_1  | "at sun.security.ssl.Alert.createSSLException(Alert.java:117) ~[?:?]",
elasticsearch_1  | "at sun.security.ssl.TransportContext.fatal(TransportContext.java:311) ~[?:?]",
elasticsearch_1  | "at sun.security.ssl.TransportContext.fatal(TransportContext.java:267) ~[?:?]",
elasticsearch_1  | "at sun.security.ssl.TransportContext.fatal(TransportContext.java:258) ~[?:?]",
elasticsearch_1  | "at sun.security.ssl.CertificateMessage$T13CertificateProducer.onProduceCertificate(CertificateMessage.java:951) ~[?:?]",
elasticsearch_1  | "at sun.security.ssl.CertificateMessage$T13CertificateProducer.produce(CertificateMessage.java:940) ~[?:?]",
elasticsearch_1  | "at sun.security.ssl.SSLHandshake.produce(SSLHandshake.java:440) ~[?:?]",
elasticsearch_1  | "at sun.security.ssl.ClientHello$T13ClientHelloConsumer.goServerHello(ClientHello.java:1243) ~[?:?]",
elasticsearch_1  | "at sun.security.ssl.ClientHello$T13ClientHelloConsumer.consume(ClientHello.java:1179) ~[?:?]",
elasticsearch_1  | "at sun.security.ssl.ClientHello$ClientHelloConsumer.onClientHello(ClientHello.java:851) ~[?:?]",
elasticsearch_1  | "at sun.security.ssl.ClientHello$ClientHelloConsumer.consume(ClientHello.java:812) ~[?:?]",
elasticsearch_1  | "at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?]",
elasticsearch_1  | "at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:444) ~[?:?]",
elasticsearch_1  | "at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1260) ~[?:?]",
elasticsearch_1  | "at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1247) ~[?:?]",
elasticsearch_1  | "at java.security.AccessController.doPrivileged(AccessController.java:691) ~[?:?]",
elasticsearch_1  | "at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1192) ~[?:?]",
elasticsearch_1  | "at io.netty.handler.ssl.SslHandler.runAllDelegatedTasks(SslHandler.java:1502) ~[netty-handler-4.1.43.Final.jar:4.1.43.Final]",
elasticsearch_1  | "at io.netty.handler.ssl.SslHandler.runDelegatedTasks(SslHandler.java:1516) ~[netty-handler-4.1.43.Final.jar:4.1.43.Final]",
elasticsearch_1  | "at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1400) ~[netty-handler-4.1.43.Final.jar:4.1.43.Final]",
elasticsearch_1  | "at io.netty.handler.ssl.SslHandler.decodeJdkCompatible(SslHandler.java:1227) ~[netty-handler-4.1.43.Final.jar:4.1.43.Final]",
elasticsearch_1  | "at io.netty.handler.ssl.SslHandler.decode(SslHandler.java:1274) ~[netty-handler-4.1.43.Final.jar:4.1.43.Final]",
elasticsearch_1  | "at io.netty.handler.codec.ByteToMessageDecoder.decodeRemovalReentryProtection(ByteToMessageDecoder.java:503) ~[netty-codec-4.1.43.Final.jar:4.1.43.Final]",
elasticsearch_1  | "at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:442) ~[netty-codec-4.1.43.Final.jar:4.1.43.Final]",
elasticsearch_1  | "... 16 more"] }

Here is my configuration:

cluster.name                       : logging
network.host                       : 0.0.0.0
node.name: "elasticsearch"
cluster.initial_master_nodes: ["elasticsearch"]
# changes for 7.5.0
node.master: true
node.data: true
xpack.security.enabled: true


xpack.security.http.ssl.enabled : true
xpack.security.http.ssl.certificate :  /usr/share/elasticsearch/config/certs/service.crt
xpack.security.http.ssl.key :  /usr/share/elasticsearch/config/certs/service.key
xpack.security.transport.ssl.enabled : true
xpack.security.transport.ssl.verification_mode : certificate
xpack.security.transport.ssl.certificate_authorities : /usr/share/elasticsearch/config/certs/ca.crt

xpack:
  security:
    authc:
      realms:
        ldap.ldap1:
          order         : 0
          url           : "ldaps://ldap.jumpcloud.com:636"
          bind_dn       : "uid=application.bind,ou=Users,o=54899d1f318ab54f7100d8f0,dc=jumpcloud,dc=com"
          bind_password : "*****"
          user_search :
            base_dn : "ou=Users,o=54899d1f318ab54f7100d8f0,dc=jumpcloud,dc=com"
          group_search :
            base_dn : "ou=Users,o=54899d1f318ab54f7100d8f0,dc=jumpcloud,dc=com"
          files:
            role_mapping : /usr/share/elasticsearch/config/x-pack/role_mapping.yml
          unmapped_groups_as_roles : false
          ssl.verification_mode    : none

You haven't configured a certificate and key for transport.ssl.
You must set :

  • xpack.security.transport.ssl.keystore.path, OR
  • both xpack.security.transport.ssl.certificate and xpack.security.transport.ssl.key

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.