javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection?
search cancel

javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection?

book

Article ID: 115813

calendar_today

Updated On:

Products

CA Application Test CA Continuous Application Insight (PathFinder) Service Virtualization

Issue/Introduction

Getting the message below every minute in the VSE log files - vse.log:
[OldIOPortServer: thread #2] ERROR com.itko.lisa.vse.sio.OldIOSession - An error occurred trying to process a client request.
javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection?
at sun.security.ssl.InputRecord.handleUnknownRecord(InputRecord.java:710)
at sun.security.ssl.InputRecord.read(InputRecord.java:527)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:973)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375)
at sun.security.ssl.SSLSocketImpl.readDataRecord(SSLSocketImpl.java:928)
at sun.security.ssl.AppInputStream.read(AppInputStream.java:105)
at com.itko.lisa.vse.sio.OldIOSession.readIntoBuffer(OldIOSession.java:155)
at com.itko.lisa.vse.sio.OldIOSession.run(OldIOSession.java:111)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:745)

Environment

All Supported DevTest releases

Cause

This exception usually happens when an SSL enabled virtual service receives HTTP requests or an HTTP virtual service receives HTTPS requests.

Resolution

Needed to verify if there is a client application trying to access the VSM using the incorrect transport protocol.
Won't be able to see the number of transactions increasing the Portal under Monitor, VSE. These transactions are failing before the VSM is processing them.

To help to troubleshoot it, use Wireshark in the VSE server and configure it to capture traffic while these messages are printed in the VSE log files.
By analyzing the captured traffic, can try to identify which addresses are trying to reach the VSE in which ports.

Can also see these messages when a vulnerability scan is running against the VSE server, however, when that is the case, will also see some other exceptions and it usually is for a specific period of time.