error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol

java ssl hadoop openssl cloudera
25,968

error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol

It appears there is no SSL/TLS server listening on 10.0.10.90:50060. There is a server listening, its just not SSL/TLS.

I can duplicate it when connecting to my gateway over port 80 (rather than 443).

$ openssl s_client -connect 192.168.1.1:80
CONNECTED(00000003)
140735109476828:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:s23_clnt.c:787:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 7 bytes and written 517 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
---

And if you use the -debug flag, you will see the HTTP in the response that OpenSSL is trying to interpret as SSL/TLS protocol data:

$ openssl s_client -connect 192.168.1.1:80 -debug
CONNECTED(00000003)
write to 0x7fbf58422b90 [0x7fbf58811800] (348 bytes => 348 (0x15C))
0000 - 16 03 01 01 57 01 00 01-53 03 03 64 1d 01 29 f0   ....W...S..d..).
...
0150 - 03 02 01 02 02 02 03 00-0f 00 01 01               ............
read from 0x7fbf58422b90 [0x7fbf58816e00] (7 bytes => 7 (0x7))
0000 - 48 54 54 50 2f 31 2e                              HTTP/1.
140735203164636:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:s23_clnt.c:794:
Share:
25,968
Saurabh Gokhale
Author by

Saurabh Gokhale

Updated on July 23, 2022

Comments

  • Saurabh Gokhale
    Saurabh Gokhale almost 2 years

    I'm currently trying to test the implemented changes for achieving security with Encrypted Shuffle in Cloudera Hadoop Environment.

    I've created the certificates and keystores and kept them in appropriate locations.

    I'm testing TaskTracker's HTTPS port of 50060.

    When I do a curl on that port, I get below error response.

    ubuntu@node2:~$ curl -v -k "https://10.0.10.90:50060"
* About to connect() to 10.0.10.90 port 50060 (#0)
*   Trying 10.0.10.90... connected
* successfully set certificate verify locations:
*   CAfile: none
  CApath: /etc/ssl/certs
* SSLv3, TLS handshake, Client hello (1):
* error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol
* Closing connection #0
curl: (35) error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol

    When I did check with open ssl client, i got below response

     ubuntu@node2:~$ openssl s_client -connect 10.0.10.90:50060
CONNECTED(00000003)
139749924464288:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:s23_clnt.c:749:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 7 bytes and written 225 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
---

    I'm not able to figure out what might be causing this issue ?

    Is there something that I'm missing ?

    PS : I've updated the ca-certificates.crt file and also kept the server .crt file under /usr/share/ca-certificates/mozilla

  • func0der
    func0der over 8 years
    I had this issue with my apache server. The access logs told me something like this: my.host.com:80 [IPv6_address] - - [24/Jan/2016:00:29:23 +0100] "\x16\x03\x01\x02" 400 0 "-" "-" or my.host.com:443 [IPv6_address] - - [24/Jan/2016:00:29:23 +0100] "\x16\x03\x01\x02" 400 0 "-" "-" which I found very odd. But the answer was right in there: the IPv6 address which the clients used to connect. Why? I do not know. But you answer gave me the final hint: No one was listening for them. So no match here.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

SSL Handshake_failure in Java test client while connecting to server with two-way authentication
Need assistance with running the WordCount.java provided by Cloudera
Connecting to Kerberrized HDFS , java.lang.IllegalArgumentException: Failed to specify server's Kerberos principal name;
Yarn container is running out of memory
SSL/TLS protocols and cipher suites with the AndroidHttpClient
Creating .p12 truststore with openssl
Invalid URI for NameNode address
openssl p12 generation failing with CA bundle chain option
SSL routines:ssl3_read_bytes:tlsv1 alert decrypt error on mutual authendication
Unable to establish a JDBC connection to Hive from Eclipse