io.netty.handler.ssl.NotSslRecordException: not an SSL/TLS record: 030000000500000000

DataStax JIRA | Stefania Alborghetti | 2 years ago
tip
Click on the to mark the solution that helps you, Samebug will learn from it.
As a community member, you’ll be rewarded for you help.
  1. 0

    {{cqlsh --ssl}} does not work with python 2.6.9. Please refer to [CASSANDRA-7973|https://issues.apache.org/jira/browse/CASSANDRA-7973] for full details. The reason is that SSLSocket in ssl.py does not override connect_ex() in 2.6.x. So the server throws this exception: {code} INFO 05:07:23 Unexpected exception during request; channel = [id: 0x6ce43cee, /127.0.0.1:37617 => /127.0.0.1:9042] io.netty.handler.ssl.NotSslRecordException: not an SSL/TLS record: 030000000500000000 at io.netty.handler.ssl.SslHandler.decode(SslHandler.java:860) ~[netty-all-4.0.23.Final.jar:4.0.23.Final] at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:249) ~[netty-all-4.0.23.Final.jar:4.0.23.Final] at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:149) ~[netty-all-4.0.23.Final.jar:4.0.23.Final] at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:333) ~[netty-all-4.0.23.Final.jar:4.0.23.Final] at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:319) ~[netty-all-4.0.23.Final.jar:4.0.23.Final] at io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:787) ~[netty-all-4.0.23.Final.jar:4.0.23.Final] at io.netty.channel.epoll.EpollSocketChannel$EpollSocketUnsafe.epollInReady(EpollSocketChannel.java:722) ~[netty-all-4.0.23.Final.jar:4.0.23.Final] at io.netty.channel.epoll.EpollEventLoop.processReady(EpollEventLoop.java:326) ~[netty-all-4.0.23.Final.jar:4.0.23.Final] at io.netty.channel.epoll.EpollEventLoop.run(EpollEventLoop.java:264) ~[netty-all-4.0.23.Final.jar:4.0.23.Final] at io.netty.util.concurrent.SingleThreadEventExecutor$2.run(SingleThreadEventExecutor.java:116) ~[netty-all-4.0.23.Final.jar:4.0.23.Final] at io.netty.util.concurrent.DefaultThreadFactory$DefaultRunnableDecorator.run(DefaultThreadFactory.java:137) ~[netty-all-4.0.23.Final.jar:4.0.23.Final] at java.lang.Thread.run(Thread.java:745) [na:1.8.0_45] {code} You can also verify it with openssl, the following commands convert a java keystore called _.keystore_ into an openssl valid certificate and key and then launch a test server that provides debug information, including all the data that it receives: {code} keytool -importkeystore -srckeystore .keystore -destkeystore keystore.p12 -deststoretype PKCS12 openssl pkcs12 -in keystore.p12 -nokeys -out cert.pem openssl pkcs12 -in keystore.p12 -nodes -nocerts -out key.pem openssl s_server -accept 9042 -cert cert.pem -key key.pem -debug {code} Replacing connect_ex() with connect() fixes the problem, for example in the asyncorereactor: {code} stefania@mia:~/git/cstar/python-driver$ git diff diff --git a/cassandra/io/asyncorereactor.py b/cassandra/io/asyncorereactor.py index ef687c3..9abf41c 100644 --- a/cassandra/io/asyncorereactor.py +++ b/cassandra/io/asyncorereactor.py @@ -217,7 +217,8 @@ class AsyncoreConnection(Connection, asyncore.dispatcher): self.connected = False self.connecting = True self.socket.settimeout(1.0) - err = self.socket.connect_ex(address) + self.socket.connect(address) + err = 0 if err in (EINPROGRESS, EALREADY, EWOULDBLOCK) \ or err == EINVAL and os.name in ('nt', 'ce'): raise ConnectionException("Timed out connecting to %s" % (address[0])) {code} Obviously the fix is required for all connections and you need to sort out the err properly The problem does not appear in python 2.7.x because SSLSocket does override connect_ex() as well as connect(). If you decide not to support python 2.6.x then you need to update [the documentation|http://datastax.github.io/python-driver/installation.html] as it clearly states 2.6.x at the moment.

    DataStax JIRA | 2 years ago | Stefania Alborghetti
    io.netty.handler.ssl.NotSslRecordException: not an SSL/TLS record: 030000000500000000
  2. 0

    {{cqlsh --ssl}} does not work with python 2.6.9. Please refer to [CASSANDRA-7973|https://issues.apache.org/jira/browse/CASSANDRA-7973] for full details. The reason is that SSLSocket in ssl.py does not override connect_ex() in 2.6.x. So the server throws this exception: {code} INFO 05:07:23 Unexpected exception during request; channel = [id: 0x6ce43cee, /127.0.0.1:37617 => /127.0.0.1:9042] io.netty.handler.ssl.NotSslRecordException: not an SSL/TLS record: 030000000500000000 at io.netty.handler.ssl.SslHandler.decode(SslHandler.java:860) ~[netty-all-4.0.23.Final.jar:4.0.23.Final] at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:249) ~[netty-all-4.0.23.Final.jar:4.0.23.Final] at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:149) ~[netty-all-4.0.23.Final.jar:4.0.23.Final] at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:333) ~[netty-all-4.0.23.Final.jar:4.0.23.Final] at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:319) ~[netty-all-4.0.23.Final.jar:4.0.23.Final] at io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:787) ~[netty-all-4.0.23.Final.jar:4.0.23.Final] at io.netty.channel.epoll.EpollSocketChannel$EpollSocketUnsafe.epollInReady(EpollSocketChannel.java:722) ~[netty-all-4.0.23.Final.jar:4.0.23.Final] at io.netty.channel.epoll.EpollEventLoop.processReady(EpollEventLoop.java:326) ~[netty-all-4.0.23.Final.jar:4.0.23.Final] at io.netty.channel.epoll.EpollEventLoop.run(EpollEventLoop.java:264) ~[netty-all-4.0.23.Final.jar:4.0.23.Final] at io.netty.util.concurrent.SingleThreadEventExecutor$2.run(SingleThreadEventExecutor.java:116) ~[netty-all-4.0.23.Final.jar:4.0.23.Final] at io.netty.util.concurrent.DefaultThreadFactory$DefaultRunnableDecorator.run(DefaultThreadFactory.java:137) ~[netty-all-4.0.23.Final.jar:4.0.23.Final] at java.lang.Thread.run(Thread.java:745) [na:1.8.0_45] {code} You can also verify it with openssl, the following commands convert a java keystore called _.keystore_ into an openssl valid certificate and key and then launch a test server that provides debug information, including all the data that it receives: {code} keytool -importkeystore -srckeystore .keystore -destkeystore keystore.p12 -deststoretype PKCS12 openssl pkcs12 -in keystore.p12 -nokeys -out cert.pem openssl pkcs12 -in keystore.p12 -nodes -nocerts -out key.pem openssl s_server -accept 9042 -cert cert.pem -key key.pem -debug {code} Replacing connect_ex() with connect() fixes the problem, for example in the asyncorereactor: {code} stefania@mia:~/git/cstar/python-driver$ git diff diff --git a/cassandra/io/asyncorereactor.py b/cassandra/io/asyncorereactor.py index ef687c3..9abf41c 100644 --- a/cassandra/io/asyncorereactor.py +++ b/cassandra/io/asyncorereactor.py @@ -217,7 +217,8 @@ class AsyncoreConnection(Connection, asyncore.dispatcher): self.connected = False self.connecting = True self.socket.settimeout(1.0) - err = self.socket.connect_ex(address) + self.socket.connect(address) + err = 0 if err in (EINPROGRESS, EALREADY, EWOULDBLOCK) \ or err == EINVAL and os.name in ('nt', 'ce'): raise ConnectionException("Timed out connecting to %s" % (address[0])) {code} Obviously the fix is required for all connections and you need to sort out the err properly The problem does not appear in python 2.7.x because SSLSocket does override connect_ex() as well as connect(). If you decide not to support python 2.6.x then you need to update [the documentation|http://datastax.github.io/python-driver/installation.html] as it clearly states 2.6.x at the moment.

    DataStax JIRA | 2 years ago | Stefania Alborghetti
    io.netty.handler.ssl.NotSslRecordException: not an SSL/TLS record: 030000000500000000
  3. 0

    Direct proxy forces SSL

    GitHub | 4 months ago | igorspasic
    io.netty.handler.ssl.NotSslRecordException: not an SSL/TLS record: 474554202f6765745f626f6f6b7320485454502f312e310d0a436f6e6e656374696f6e3a20436c6f73650d0a486f73743a206c6f63616c686f73743a313038300d0a557365722d4167656e743a204a6f646420485454500d0a0d0a
  4. Speed up your debug routine!

    Automated exception search integrated into your IDE

  5. 0

    NotSslRecordException when closing browser tab

    GitHub | 5 months ago | oliverhausler
    io.netty.handler.ssl.NotSslRecordException: not an SSL/TLS record: 9880f5a41349d44e298884b76d2f528fafbe88d7334b506a73827e175cfded263cac14a0c80959619d226a40883757c403

  1. Toasty 4 times, last 3 months ago
2 unregistered visitors

Root Cause Analysis

  1. io.netty.handler.ssl.NotSslRecordException

    not an SSL/TLS record: 030000000500000000

    at io.netty.handler.ssl.SslHandler.decode()
  2. Netty
    DefaultThreadFactory$DefaultRunnableDecorator.run
    1. io.netty.handler.ssl.SslHandler.decode(SslHandler.java:860)[netty-all-4.0.23.Final.jar:4.0.23.Final]
    2. io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:249)[netty-all-4.0.23.Final.jar:4.0.23.Final]
    3. io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:149)[netty-all-4.0.23.Final.jar:4.0.23.Final]
    4. io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:333)[netty-all-4.0.23.Final.jar:4.0.23.Final]
    5. io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:319)[netty-all-4.0.23.Final.jar:4.0.23.Final]
    6. io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:787)[netty-all-4.0.23.Final.jar:4.0.23.Final]
    7. io.netty.channel.epoll.EpollSocketChannel$EpollSocketUnsafe.epollInReady(EpollSocketChannel.java:722)[netty-all-4.0.23.Final.jar:4.0.23.Final]
    8. io.netty.channel.epoll.EpollEventLoop.processReady(EpollEventLoop.java:326)[netty-all-4.0.23.Final.jar:4.0.23.Final]
    9. io.netty.channel.epoll.EpollEventLoop.run(EpollEventLoop.java:264)[netty-all-4.0.23.Final.jar:4.0.23.Final]
    10. io.netty.util.concurrent.SingleThreadEventExecutor$2.run(SingleThreadEventExecutor.java:116)[netty-all-4.0.23.Final.jar:4.0.23.Final]
    11. io.netty.util.concurrent.DefaultThreadFactory$DefaultRunnableDecorator.run(DefaultThreadFactory.java:137)[netty-all-4.0.23.Final.jar:4.0.23.Final]
    11 frames
  3. Java RT
    Thread.run
    1. java.lang.Thread.run(Thread.java:745)[na:1.8.0_45]
    1 frame