io.netty.handler.codec.DecoderException: javax.net.ssl.SSLHandshakeException: Client requested protocol SSLv3 not enabled or not supported

[Naftoli Gugenheim]

Hi, can anyone shed some light on this? I’m seeing it in the logs of a Play 2.5.10 app.

2017-02-28 22:10:30,841 [ERROR] from play.core.server.netty.PlayRequestHandler in netty-event-loop-1 - Exception caught in Netty
io.netty.handler.codec.DecoderException: javax.net.ssl.SSLHandshakeException: Client requested protocol SSLv3 not enabled or not supported
    at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:442)
    at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:248)
    at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:366)
    at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:352)
    at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:345)
    at io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1294)
    at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:366)
    at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:352)
    at io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:911)
    at io.netty.channel.nio.AbstractNioByteChannel$NioByteUnsafe.read(AbstractNioByteChannel.java:131)
    at io.netty.channel.nio.NioEventLoop.processSelectedKey(NioEventLoop.java:611)
    at io.netty.channel.nio.NioEventLoop.processSelectedKeysOptimized(NioEventLoop.java:552)
    at io.netty.channel.nio.NioEventLoop.processSelectedKeys(NioEventLoop.java:466)
    at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:438)
    at io.netty.util.concurrent.SingleThreadEventExecutor$2.run(SingleThreadEventExecutor.java:140)
    at java.lang.Thread.run(Thread.java:745)
Caused by: javax.net.ssl.SSLHandshakeException: Client requested protocol SSLv3 not enabled or not supported
    at sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1431)
    at sun.security.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:535)
    at sun.security.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:813)
    at sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:781)
    at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:624)
    at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1094)
    at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:966)
    at io.netty.handler.ssl.SslHandler.decode(SslHandler.java:900)
    at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:411)
    ... 15 common frames omitted
Caused by: javax.net.ssl.SSLHandshakeException: Client requested protocol SSLv3 not enabled or not supported
    at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
    at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1666)
    at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:304)
    at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:292)
    at sun.security.ssl.ServerHandshaker.clientHello(ServerHandshaker.java:515)
    at sun.security.ssl.ServerHandshaker.processMessage(ServerHandshaker.java:221)
    at sun.security.ssl.Handshaker.processLoop(Handshaker.java:979)
    at sun.security.ssl.Handshaker$1.run(Handshaker.java:919)
    at sun.security.ssl.Handshaker$1.run(Handshaker.java:916)
    at java.security.AccessController.doPrivileged(Native Method)
    at sun.security.ssl.Handshaker$DelegatedTask.run(Handshaker.java:1369)
    at io.netty.handler.ssl.SslHandler.runDelegatedTasks(SslHandler.java:1120)
    at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1005)
    ... 17 common frames omitted

​

[Naftoli Gugenheim]

I should mention the SSL is being handled by Play, I'm not using nginx in front (letting docker get it onto port 80/443).

[Igmar Palsenberg]

Op woensdag 1 maart 2017 05:07:21 UTC+1 schreef nafg:

Hi, can anyone shed some light on this? I’m seeing it in the logs of a Play 2.5.10 app.

Shed a light on what ? The message itself can't be more clear : Some client is negotiating SSLv3, for which out-of-the-box support has been dropped some while ago.

 

Igmar

[Will Sargent]

SSLv3 is disabled in JSSE, as it's an insecure protocol.

https://stackoverflow.com/questions/28236091/how-to-enable-ssl-3-in-java

--

Will Sargent

Engineer, Lightbend, Inc.

will.s...@lightbend.com

--
You received this message because you are subscribed to the Google Groups "Play Framework" group.
To unsubscribe from this group and stop receiving emails from it, send an email to play-framework+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/play-framework/3b6dc446-76ac-4cb5-8ec5-a8bf8f59670b%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

[Naftoli Gugenheim]

Ah right, it predates TLS, right?

What client would that be, as far as I know the customer uses it from iPads and computers with Google Chrome...

Maybe it's some bot... any way to find out more about where it's coming from?

On Wed, Mar 1, 2017 at 11:32 AM Will Sargent <will.s...@lightbend.com> wrote:

SSLv3 is disabled in JSSE, as it's an insecure protocol.

https://stackoverflow.com/questions/28236091/how-to-enable-ssl-3-in-java

--

Will Sargent

Engineer, Lightbend, Inc.

will.s...@lightbend.com

On Wed, Mar 1, 2017 at 3:41 AM, Igmar Palsenberg <ig...@palsenberg.com> wrote:

Op woensdag 1 maart 2017 05:07:21 UTC+1 schreef nafg:

Hi, can anyone shed some light on this? I’m seeing it in the logs of a Play 2.5.10 app.

Shed a light on what ? The message itself can't be more clear : Some client is negotiating SSLv3, for which out-of-the-box support has been dropped some while ago.

 

Igmar

--
You received this message because you are subscribed to the Google Groups "Play Framework" group.

To unsubscribe from this group and stop receiving emails from it, send an email to play-framewor...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/play-framework/3b6dc446-76ac-4cb5-8ec5-a8bf8f59670b%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "Play Framework" group.

To unsubscribe from this group and stop receiving emails from it, send an email to play-framewor...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/play-framework/CAJmgB627uQCjtfK653qtwX4zhM5GYuZbRw%2BYsfrv6brT9ocKyg%40mail.gmail.com.