Java – Error: 140770FC: SSL routines: SSL23_GET_SERVER_HELLO: unknown protocol

Error: 140770FC: SSL routines: SSL23_GET_SERVER_HELLO: unknown protocol… here is a solution to the problem.

Error: 140770FC: SSL routines: SSL23_GET_SERVER_HELLO: unknown protocol

I’m currently trying to test the changes implemented to implement security with Encrypted Shuffle in a Cloudera Hadoop environment.

I have created the certificate and keystore and saved them in the appropriate places.

I’m testing TaskTracker’s HTTPS port 50060.

When I perform a curl operation on that port, I get the following error response.

ubuntu@node2:~$ curl -v -k "https://10.0.10.90:50060"
* About to connect() to 10.0.10.90 port 50060 (#0)
*   Trying 10.0.10.90... connected
* successfully set certificate verify locations:
*   CAfile: none
  CApath: /etc/ssl/certs
* SSLv3, TLS handshake, Client hello (1):
* error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol
* Closing connection #0
curl: (35) error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol

When I check the open SSL client, I get the following response

 ubuntu@node2:~$ openssl s_client -connect 10.0.10.90:50060
CONNECTED(00000003)
139749924464288:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:s23_clnt.c:749:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 7 bytes and written 225 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
---

I can’t figure out what is causing this issue?

Is there anything I’m missing?

PS: I have updated the ca-certificates.crt file

and also saved the server .crt file/mosla under /usr/share/ca-certificates

Solution

error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol

There doesn’t seem to be an SSL/TLS server listening on 10.0.10.90:50060. There are servers listening, just not SSL/TLS.

When connecting to my gateway over port 80 instead of 443, I can replicate it.

$ openssl s_client -connect 192.168.1.1:80
CONNECTED(00000003)
140735109476828:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:s23_clnt.c:787:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 7 bytes and written 517 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
---

If you use the -debug flag, you will see HTTP: in the response that OpenSSL attempts to interpret as SSL/TLS protocol data

$ openssl s_client -connect 192.168.1.1:80 -debug
CONNECTED(00000003)
write to 0x7fbf58422b90 [0x7fbf58811800] (348 bytes => 348 (0x15C))
0000 - 16 03 01 01 57 01 00 01-53 03 03 64 1d 01 29 f0   .... W... S.. d..).
...
0150 - 03 02 01 02 02 02 03 00-0f 00 01 01               ............
read from 0x7fbf58422b90 [0x7fbf58816e00] (7 bytes => 7 (0x7))
0000 - 48 54 54 50 2f 31 2e                              HTTP/1.
140735203164636:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:s23_clnt.c:794:

Related Problems and Solutions

  1. Hadoop installation: Namenode cannot be started
  2. R symbols and methods cannot be resolved
  3. Hadoop image processing on javacv code (template matching)
  4. eclipse hadoop connection was rejected
  5. ArrayList is not initialized with a predefined size
  6. How to get the current time for a given time zone in the hive
  7. Can I rely on the garbage collector to stop AsyncTask?
  8. The difference between Jenkins and AntHillPro