io.netty.handler.ssl.NotSslRecordException: not an SSL/TLS record: 030000000500000000

DataStax JIRA | Stefania Alborghetti | 2 years ago
  1. 0

    {{cqlsh --ssl}} does not work with python 2.6.9. Please refer to [CASSANDRA-7973|https://issues.apache.org/jira/browse/CASSANDRA-7973] for full details. The reason is that SSLSocket in ssl.py does not override connect_ex() in 2.6.x. So the server throws this exception: {code} INFO 05:07:23 Unexpected exception during request; channel = [id: 0x6ce43cee, /127.0.0.1:37617 => /127.0.0.1:9042] io.netty.handler.ssl.NotSslRecordException: not an SSL/TLS record: 030000000500000000 at io.netty.handler.ssl.SslHandler.decode(SslHandler.java:860) ~[netty-all-4.0.23.Final.jar:4.0.23.Final] at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:249) ~[netty-all-4.0.23.Final.jar:4.0.23.Final] at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:149) ~[netty-all-4.0.23.Final.jar:4.0.23.Final] at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:333) ~[netty-all-4.0.23.Final.jar:4.0.23.Final] at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:319) ~[netty-all-4.0.23.Final.jar:4.0.23.Final] at io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:787) ~[netty-all-4.0.23.Final.jar:4.0.23.Final] at io.netty.channel.epoll.EpollSocketChannel$EpollSocketUnsafe.epollInReady(EpollSocketChannel.java:722) ~[netty-all-4.0.23.Final.jar:4.0.23.Final] at io.netty.channel.epoll.EpollEventLoop.processReady(EpollEventLoop.java:326) ~[netty-all-4.0.23.Final.jar:4.0.23.Final] at io.netty.channel.epoll.EpollEventLoop.run(EpollEventLoop.java:264) ~[netty-all-4.0.23.Final.jar:4.0.23.Final] at io.netty.util.concurrent.SingleThreadEventExecutor$2.run(SingleThreadEventExecutor.java:116) ~[netty-all-4.0.23.Final.jar:4.0.23.Final] at io.netty.util.concurrent.DefaultThreadFactory$DefaultRunnableDecorator.run(DefaultThreadFactory.java:137) ~[netty-all-4.0.23.Final.jar:4.0.23.Final] at java.lang.Thread.run(Thread.java:745) [na:1.8.0_45] {code} You can also verify it with openssl, the following commands convert a java keystore called _.keystore_ into an openssl valid certificate and key and then launch a test server that provides debug information, including all the data that it receives: {code} keytool -importkeystore -srckeystore .keystore -destkeystore keystore.p12 -deststoretype PKCS12 openssl pkcs12 -in keystore.p12 -nokeys -out cert.pem openssl pkcs12 -in keystore.p12 -nodes -nocerts -out key.pem openssl s_server -accept 9042 -cert cert.pem -key key.pem -debug {code} Replacing connect_ex() with connect() fixes the problem, for example in the asyncorereactor: {code} stefania@mia:~/git/cstar/python-driver$ git diff diff --git a/cassandra/io/asyncorereactor.py b/cassandra/io/asyncorereactor.py index ef687c3..9abf41c 100644 --- a/cassandra/io/asyncorereactor.py +++ b/cassandra/io/asyncorereactor.py @@ -217,7 +217,8 @@ class AsyncoreConnection(Connection, asyncore.dispatcher): self.connected = False self.connecting = True self.socket.settimeout(1.0) - err = self.socket.connect_ex(address) + self.socket.connect(address) + err = 0 if err in (EINPROGRESS, EALREADY, EWOULDBLOCK) \ or err == EINVAL and os.name in ('nt', 'ce'): raise ConnectionException("Timed out connecting to %s" % (address[0])) {code} Obviously the fix is required for all connections and you need to sort out the err properly The problem does not appear in python 2.7.x because SSLSocket does override connect_ex() as well as connect(). If you decide not to support python 2.6.x then you need to update [the documentation|http://datastax.github.io/python-driver/installation.html] as it clearly states 2.6.x at the moment.

    DataStax JIRA | 2 years ago | Stefania Alborghetti
    io.netty.handler.ssl.NotSslRecordException: not an SSL/TLS record: 030000000500000000
  2. 0

    {{cqlsh --ssl}} does not work with python 2.6.9. Please refer to [CASSANDRA-7973|https://issues.apache.org/jira/browse/CASSANDRA-7973] for full details. The reason is that SSLSocket in ssl.py does not override connect_ex() in 2.6.x. So the server throws this exception: {code} INFO 05:07:23 Unexpected exception during request; channel = [id: 0x6ce43cee, /127.0.0.1:37617 => /127.0.0.1:9042] io.netty.handler.ssl.NotSslRecordException: not an SSL/TLS record: 030000000500000000 at io.netty.handler.ssl.SslHandler.decode(SslHandler.java:860) ~[netty-all-4.0.23.Final.jar:4.0.23.Final] at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:249) ~[netty-all-4.0.23.Final.jar:4.0.23.Final] at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:149) ~[netty-all-4.0.23.Final.jar:4.0.23.Final] at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:333) ~[netty-all-4.0.23.Final.jar:4.0.23.Final] at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:319) ~[netty-all-4.0.23.Final.jar:4.0.23.Final] at io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:787) ~[netty-all-4.0.23.Final.jar:4.0.23.Final] at io.netty.channel.epoll.EpollSocketChannel$EpollSocketUnsafe.epollInReady(EpollSocketChannel.java:722) ~[netty-all-4.0.23.Final.jar:4.0.23.Final] at io.netty.channel.epoll.EpollEventLoop.processReady(EpollEventLoop.java:326) ~[netty-all-4.0.23.Final.jar:4.0.23.Final] at io.netty.channel.epoll.EpollEventLoop.run(EpollEventLoop.java:264) ~[netty-all-4.0.23.Final.jar:4.0.23.Final] at io.netty.util.concurrent.SingleThreadEventExecutor$2.run(SingleThreadEventExecutor.java:116) ~[netty-all-4.0.23.Final.jar:4.0.23.Final] at io.netty.util.concurrent.DefaultThreadFactory$DefaultRunnableDecorator.run(DefaultThreadFactory.java:137) ~[netty-all-4.0.23.Final.jar:4.0.23.Final] at java.lang.Thread.run(Thread.java:745) [na:1.8.0_45] {code} You can also verify it with openssl, the following commands convert a java keystore called _.keystore_ into an openssl valid certificate and key and then launch a test server that provides debug information, including all the data that it receives: {code} keytool -importkeystore -srckeystore .keystore -destkeystore keystore.p12 -deststoretype PKCS12 openssl pkcs12 -in keystore.p12 -nokeys -out cert.pem openssl pkcs12 -in keystore.p12 -nodes -nocerts -out key.pem openssl s_server -accept 9042 -cert cert.pem -key key.pem -debug {code} Replacing connect_ex() with connect() fixes the problem, for example in the asyncorereactor: {code} stefania@mia:~/git/cstar/python-driver$ git diff diff --git a/cassandra/io/asyncorereactor.py b/cassandra/io/asyncorereactor.py index ef687c3..9abf41c 100644 --- a/cassandra/io/asyncorereactor.py +++ b/cassandra/io/asyncorereactor.py @@ -217,7 +217,8 @@ class AsyncoreConnection(Connection, asyncore.dispatcher): self.connected = False self.connecting = True self.socket.settimeout(1.0) - err = self.socket.connect_ex(address) + self.socket.connect(address) + err = 0 if err in (EINPROGRESS, EALREADY, EWOULDBLOCK) \ or err == EINVAL and os.name in ('nt', 'ce'): raise ConnectionException("Timed out connecting to %s" % (address[0])) {code} Obviously the fix is required for all connections and you need to sort out the err properly The problem does not appear in python 2.7.x because SSLSocket does override connect_ex() as well as connect(). If you decide not to support python 2.6.x then you need to update [the documentation|http://datastax.github.io/python-driver/installation.html] as it clearly states 2.6.x at the moment.

    DataStax JIRA | 2 years ago | Stefania Alborghetti
    io.netty.handler.ssl.NotSslRecordException: not an SSL/TLS record: 030000000500000000
  3. 0

    NotSslRecordException when closing browser tab

    GitHub | 1 month ago | oliverhausler
    io.netty.handler.ssl.NotSslRecordException: not an SSL/TLS record: 9880f5a41349d44e298884b76d2f528fafbe88d7334b506a73827e175cfded263cac14a0c80959619d226a40883757c403
  4. Speed up your debug routine!

    Automated exception search integrated into your IDE

  5. 0

    Ratpack can't handle proxy authentication over SSL

    GitHub | 9 months ago | pledbrook
    io.netty.handler.ssl.NotSslRecordException: not an SSL/TLS record: 434f4e4e45435420617573342e6d6f7a696c6c612e6f72673a34343320485454502f312e310d0a557365722d4167656e743a204d6f7a696c6c612f352e3020284d6163696e746f73683b20496e74656c204d6163204f5320582031302e31313b2072763a34302e3029204765636b6f2f32303130303130312046697265666f782f34302e300d0a50726f78792d436f6e6e656374696f6e3a206b6565702d616c6976650d0a436f6e6e656374696f6e3a206b6565702d616c6976650d0a486f73743a20617573342e6d6f7a696c6c612e6f72673a3434330d0a0d0a
  6. 0

    Issues in netty 4.0 CR2 when SslHandler is followed by MessageToMessageEncoder

    GitHub | 4 years ago | jentfoo
    io.netty.handler.ssl.NotSslRecordException: not an SSL/TLS record: 088cb3dcb7dc27

    2 unregistered visitors
    Not finding the right solution?
    Take a tour to get the most out of Samebug.

    Tired of useless tips?

    Automated exception search integrated into your IDE

    Root Cause Analysis

    1. io.netty.handler.ssl.NotSslRecordException

      not an SSL/TLS record: 030000000500000000

      at io.netty.handler.ssl.SslHandler.decode()
    2. Netty
      DefaultThreadFactory$DefaultRunnableDecorator.run
      1. io.netty.handler.ssl.SslHandler.decode(SslHandler.java:860)[netty-all-4.0.23.Final.jar:4.0.23.Final]
      2. io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:249)[netty-all-4.0.23.Final.jar:4.0.23.Final]
      3. io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:149)[netty-all-4.0.23.Final.jar:4.0.23.Final]
      4. io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:333)[netty-all-4.0.23.Final.jar:4.0.23.Final]
      5. io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:319)[netty-all-4.0.23.Final.jar:4.0.23.Final]
      6. io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:787)[netty-all-4.0.23.Final.jar:4.0.23.Final]
      7. io.netty.channel.epoll.EpollSocketChannel$EpollSocketUnsafe.epollInReady(EpollSocketChannel.java:722)[netty-all-4.0.23.Final.jar:4.0.23.Final]
      8. io.netty.channel.epoll.EpollEventLoop.processReady(EpollEventLoop.java:326)[netty-all-4.0.23.Final.jar:4.0.23.Final]
      9. io.netty.channel.epoll.EpollEventLoop.run(EpollEventLoop.java:264)[netty-all-4.0.23.Final.jar:4.0.23.Final]
      10. io.netty.util.concurrent.SingleThreadEventExecutor$2.run(SingleThreadEventExecutor.java:116)[netty-all-4.0.23.Final.jar:4.0.23.Final]
      11. io.netty.util.concurrent.DefaultThreadFactory$DefaultRunnableDecorator.run(DefaultThreadFactory.java:137)[netty-all-4.0.23.Final.jar:4.0.23.Final]
      11 frames
    3. Java RT
      Thread.run
      1. java.lang.Thread.run(Thread.java:745)[na:1.8.0_45]
      1 frame