Why no SSL!? Port is open!

Okay, this has taken me too long to not post.. So here it is..:

When your firewall is blocking SSL traffic but allowing HTTP traffic, openssl s_client will show this:

my_host:joris [/etc/stores] openssl s_client -host external_host -port 12345
CONNECTED(00000003)
write:errno=104
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and written 247 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
---

To be complete;

Apache Kafka will show this error if you try to connect over SSL while the SSL traffic is blocked:

[2017-01-04 11:27:32,395] DEBUG Node -1 disconnected. (org.apache.kafka.clients.NetworkClient)
[2017-01-04 11:27:32,395] DEBUG Created socket with SO_RCVBUF = 32768, SO_SNDBUF = 124928, SO_TIMEOUT = 0 to node -2 (org.apache.kafka.common.network.Selector)
[2017-01-04 11:27:32,395] DEBUG Completed connection to node -2 (org.apache.kafka.clients.NetworkClient)
[2017-01-04 11:27:32,397] DEBUG Connection with myhost/10.10.10.10 disconnected (org.apache.kafka.common.network.Selector)
java.io.IOException: Connection reset by peer
 at sun.nio.ch.FileDispatcherImpl.read0(Native Method)
 at sun.nio.ch.SocketDispatcher.read(SocketDispatcher.java:39)
 at sun.nio.ch.IOUtil.readIntoNativeBuffer(IOUtil.java:223)
 at sun.nio.ch.IOUtil.read(IOUtil.java:197)
 at sun.nio.ch.SocketChannelImpl.read(SocketChannelImpl.java:380)
 at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:403)
 at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:270)
 at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:62)
 at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:338)
 at org.apache.kafka.common.network.Selector.poll(Selector.java:291)
 at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:260)
 at org.apache.kafka.clients.producer.internals.Sender.run(Sender.java:236)
 at org.apache.kafka.clients.producer.internals.Sender.run(Sender.java:135)
 at java.lang.Thread.run(Thread.java:745)
[2017-01-04 11:27:32,397] WARN Failed to send SSL Close message (org.apache.kafka.common.network.SslTransportLayer)
java.io.IOException: Broken pipe
 at sun.nio.ch.FileDispatcherImpl.write0(Native Method)
 at sun.nio.ch.SocketDispatcher.write(SocketDispatcher.java:47)
 at sun.nio.ch.IOUtil.writeFromNativeBuffer(IOUtil.java:93)
 at sun.nio.ch.IOUtil.write(IOUtil.java:65)
 at sun.nio.ch.SocketChannelImpl.write(SocketChannelImpl.java:471)
 at org.apache.kafka.common.network.SslTransportLayer.flush(SslTransportLayer.java:195)
 at org.apache.kafka.common.network.SslTransportLayer.close(SslTransportLayer.java:163)
 at org.apache.kafka.common.utils.Utils.closeAll(Utils.java:690)
 at org.apache.kafka.common.network.KafkaChannel.close(KafkaChannel.java:47)
 at org.apache.kafka.common.network.Selector.close(Selector.java:487)
 at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:368)
 at org.apache.kafka.common.network.Selector.poll(Selector.java:291)
 at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:260)
 at org.apache.kafka.clients.producer.internals.Sender.run(Sender.java:236)
 at org.apache.kafka.clients.producer.internals.Sender.run(Sender.java:135)
 at java.lang.Thread.run(Thread.java:745)
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s