Recieved close_notify during handshake
795 views
Skip to first unread message
Ronny Bradston
Mar 7, 2016, 12:40:26 PM3/7/16
to Search Guard
Hey guys,
I setup elasticsearch 2.2.0 with searchguard 2.2.0.0-alpha2. Here is the content my elasticsearch.yml file :
network.host: 172.31.61.107
searchguard.enabled: true
security.manager.enabled: false
searchguard.authcz.admin_dn:
- "CN=kirk,OU=client,O=client,l=tEst, C=De"
searchguard.ssl.transport.enabled: true
searchguard.ssl.transport.keystore_filepath: kirk-keystore.jks
searchguard.ssl.transport.truststore_filepath: truststore.jks
I started elasticsearch and everything worked fine. In /var/log/elasticsearch/elasticsearch.log , I got this warning :
[2016-03-07 14:00:18,102][WARN ][com.floragunn.searchguard.http.HTTPBasicAuthenticator] Invalid 'Authorization' header, send 401 and 'WWW-Authenticate Basic'
But after a while I got an exception in /var/log/elasticsearch/elasticsearch.log :
[2016-03-07 14:18:18,882][WARN ][com.floragunn.searchguard.ssl.transport.SearchGuardSSLNettyTransport] [Metal Master] exception caught on transport layer [[id: 0xb3042946, /41.205.22.21:45333 => /172.31.61.107:9300]], closing connection
javax.net.ssl.SSLException: Received close_notify during handshake
at sun.security.ssl.Alerts.getSSLException(Alerts.java:208)
at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1666)
at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1634)
at sun.security.ssl.SSLEngineImpl.recvAlert(SSLEngineImpl.java:1776)
at sun.security.ssl.SSLEngineImpl.readRecord(SSLEngineImpl.java:1083)
at sun.security.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:907)
at sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:781)
at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:624)
at org.jboss.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1218)
at org.jboss.netty.handler.ssl.SslHandler.decode(SslHandler.java:852)
at org.jboss.netty.handler.codec.frame.FrameDecoder.callDecode(FrameDecoder.java:425)
at org.jboss.netty.handler.codec.frame.FrameDecoder.messageReceived(FrameDecoder.java:303)
at org.jboss.netty.channel.SimpleChannelUpstreamHandler.handleUpstream(SimpleChannelUpstreamHandler.java:70)
at org.jboss.netty.channel.DefaultChannelPipeline.sendUpstream(DefaultChannelPipeline.java:564)
at org.jboss.netty.channel.DefaultChannelPipeline.sendUpstream(DefaultChannelPipeline.java:559)
at org.jboss.netty.channel.Channels.fireMessageReceived(Channels.java:268)
at org.jboss.netty.channel.Channels.fireMessageReceived(Channels.java:255)
at org.jboss.netty.channel.socket.nio.NioWorker.read(NioWorker.java:88)
at org.jboss.netty.channel.socket.nio.AbstractNioWorker.process(AbstractNioWorker.java:108)
at org.jboss.netty.channel.socket.nio.AbstractNioSelector.run(AbstractNioSelector.java:337)
at org.jboss.netty.channel.socket.nio.AbstractNioWorker.run(AbstractNioWorker.java:89)
at org.jboss.netty.channel.socket.nio.NioWorker.run(NioWorker.java:178)
at org.jboss.netty.util.ThreadRenamingRunnable.run(ThreadRenamingRunnable.java:108)
at org.jboss.netty.util.internal.DeadLockProofWorker$1.run(DeadLockProofWorker.java:42)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:745)
I don't want to enable searchguard ssl http. How can I solve this issue?
I setup elasticsearch 2.2.0 with searchguard 2.2.0.0-alpha2. Here is the content my elasticsearch.yml file :
network.host: 172.31.61.107
searchguard.enabled: true
security.manager.enabled: false
searchguard.authcz.admin_dn:
- "CN=kirk,OU=client,O=client,l=tEst, C=De"
searchguard.ssl.transport.enabled: true
searchguard.ssl.transport.keystore_filepath: kirk-keystore.jks
searchguard.ssl.transport.truststore_filepath: truststore.jks
I started elasticsearch and everything worked fine. In /var/log/elasticsearch/elasticsearch.log , I got this warning :
[2016-03-07 14:00:18,102][WARN ][com.floragunn.searchguard.http.HTTPBasicAuthenticator] Invalid 'Authorization' header, send 401 and 'WWW-Authenticate Basic'
But after a while I got an exception in /var/log/elasticsearch/elasticsearch.log :
[2016-03-07 14:18:18,882][WARN ][com.floragunn.searchguard.ssl.transport.SearchGuardSSLNettyTransport] [Metal Master] exception caught on transport layer [[id: 0xb3042946, /41.205.22.21:45333 => /172.31.61.107:9300]], closing connection
javax.net.ssl.SSLException: Received close_notify during handshake
at sun.security.ssl.Alerts.getSSLException(Alerts.java:208)
at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1666)
at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1634)
at sun.security.ssl.SSLEngineImpl.recvAlert(SSLEngineImpl.java:1776)
at sun.security.ssl.SSLEngineImpl.readRecord(SSLEngineImpl.java:1083)
at sun.security.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:907)
at sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:781)
at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:624)
at org.jboss.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1218)
at org.jboss.netty.handler.ssl.SslHandler.decode(SslHandler.java:852)
at org.jboss.netty.handler.codec.frame.FrameDecoder.callDecode(FrameDecoder.java:425)
at org.jboss.netty.handler.codec.frame.FrameDecoder.messageReceived(FrameDecoder.java:303)
at org.jboss.netty.channel.SimpleChannelUpstreamHandler.handleUpstream(SimpleChannelUpstreamHandler.java:70)
at org.jboss.netty.channel.DefaultChannelPipeline.sendUpstream(DefaultChannelPipeline.java:564)
at org.jboss.netty.channel.DefaultChannelPipeline.sendUpstream(DefaultChannelPipeline.java:559)
at org.jboss.netty.channel.Channels.fireMessageReceived(Channels.java:268)
at org.jboss.netty.channel.Channels.fireMessageReceived(Channels.java:255)
at org.jboss.netty.channel.socket.nio.NioWorker.read(NioWorker.java:88)
at org.jboss.netty.channel.socket.nio.AbstractNioWorker.process(AbstractNioWorker.java:108)
at org.jboss.netty.channel.socket.nio.AbstractNioSelector.run(AbstractNioSelector.java:337)
at org.jboss.netty.channel.socket.nio.AbstractNioWorker.run(AbstractNioWorker.java:89)
at org.jboss.netty.channel.socket.nio.NioWorker.run(NioWorker.java:178)
at org.jboss.netty.util.ThreadRenamingRunnable.run(ThreadRenamingRunnable.java:108)
at org.jboss.netty.util.internal.DeadLockProofWorker$1.run(DeadLockProofWorker.java:42)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:745)
I don't want to enable searchguard ssl http. How can I solve this issue?
in...@search-guard.com
Mar 26, 2016, 8:11:00 AM3/26/16
to Search Guard
both are just warnings? what is the concrete issue (what did you expect to work but it did not?) and what does your request to elasticsearch looks like?
Reply all
Reply to author
Forward
0 new messages