[ https://issues.apache.org/jira/browse/MESOS-10218?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17316105#comment-17316105 ]
prasadkulkarni0711 commented on MESOS-10218: -------------------------------------------- [~apeters] W0406 19:31:36.607918 2077 openssl.cpp:530] Failed SSL connections will be downgraded to a non-SSL socket W0406 19:31:36.608258 2077 process.cpp:1055] Failed SSL connections will be downgraded to a non-SSL socket W0406 19:31:36.648947 2117 process.cpp:1480] Failed to link to 'xx.xx.xx.xx:5050', connect: Failed connect: connection closed W0406 19:31:36.649329 2117 process.cpp:1480] Failed to link to 'xx.xx.xx.xx:5050', connect: Failed connect: connection closed W0406 19:31:48.005637 2117 process.cpp:1480] Failed to link to 'xx.xx.xx.xx:5050', connect: Failed connect: connection closed W0406 19:31:48.005774 2117 process.cpp:1480] Failed to link to 'xx.xx.xx.xx:5050', connect: Failed connect: connection closed W0406 19:32:08.935016 2117 process.cpp:911] Failed to accept socket: Failed accept: connection error: error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown W0406 19:32:08.937510 2117 process.cpp:911] Failed to accept socket: Failed accept: connection error: error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown W0406 19:32:11.991623 2117 process.cpp:911] Failed to accept socket: Failed accept: connection error: error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown W0406 19:32:11.991729 2117 process.cpp:911] Failed to accept socket: Failed accept: connection error: error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown W0406 19:32:12.463171 2117 process.cpp:911] Failed to accept socket: Failed accept: connection error: error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown W0406 19:32:12.463286 2117 process.cpp:911] Failed to accept socket: Failed accept: connection error: error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown W0406 19:32:12.465955 2117 process.cpp:911] Failed to accept socket: Failed accept: connection error: error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown W0406 19:32:12.466050 2117 process.cpp:911] Failed to accept socket: Failed accept: connection error: error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown W0406 19:32:12.468428 2117 process.cpp:911] Failed to accept socket: Failed accept: connection error: error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown W0406 19:33:16.004748 2117 process.cpp:1480] Failed to link to 'xx.xx.xx.xx:5050', connect: Failed connect: connection closed W0406 19:33:28.013123 2117 process.cpp:1480] Failed to link to 'xx.xx.xx.xx:30980', connect: Failed connect: connection closed I have added the CA cert to the java trust store though, not sure why it still says certificate unknown > Mesos slave fails to connect after enabling ssl > ----------------------------------------------- > > Key: MESOS-10218 > URL: https://issues.apache.org/jira/browse/MESOS-10218 > Project: Mesos > Issue Type: Bug > Components: agent > Affects Versions: 1.9.0 > Reporter: prasadkulkarni0711 > Priority: Major > > Mesos agent fails to connect to the master after setting the following > variables: > LIBPROCESS_SSL_ENABLED=1 > LIBPROCESS_SSL_KEY_FILE=/etc/mesos/conf/ssl/server.key > LIBPROCESS_SSL_CERT_FILE=/etc/mesos/conf/ssl/server.pem > LIBPROCESS_SSL_REQUIRE_CERT=false > LIBPROCESS_SSL_VERIFY_SERVER_CERT=false > LIBPROCESS_SSL_REQUIRE_CLIENT_CERT=false > LIBPROCESS_SSL_HOSTNAME_VALIDATION_SCHEME=openssl > LIBPROCESS_SSL_VERIFY_CERT=false > LIBPROCESS_SSL_CA_DIR=/etc/mesos/conf/ssl > LIBPROCESS_SSL_CA_FILE=/etc/mesos/conf/ssl/ca.pem > LIBPROCESS_SSL_SUPPORT_DOWNGRADE=false > LIBPROCESS_SSL_VERIFY_IPADD=false > #LIBPROCESS_SSL_ENABLE_TLS_V1_2=true > Error in logs: > Failed to accept socket: Failed accept: connection error: error:1407609C:SSL > routines:SSL23_GET_CLIENT_HELLO:http request > Connectivity works after setting: > LIBPROCESS_SSL_SUPPORT_DOWNGRADE=true > But then the sandbox fails to open in the web UI: > Potential reasons: > * The agent is not accessible > * The agent timed out or went offline > With the following error in the logs: > Failed to recv on socket 38 to peer 'unknown': Failed recv, connection error: > Connection reset by peer -- This message was sent by Atlassian Jira (v8.3.4#803005)