3

Getting "SSL peer shut down incorrectly" exception while trying to consume data from Alibaba Cloud's Object Storage Service (OSS) using its Java SDK. We are using Oracle Java 8.x, Hadoop 3.x. We are getting this exception while running it as a Oozie workflow and persit data into HDFS path. How to resolve this?

Gradle Dependency: compile(group:'com.aliyun.oss',name:'aliyun-sdk-oss',version:"2.8.3")

 // Create an OSSClient instance.
    ClientBuilderConfiguration clientConfig = new ClientBuilderConfiguration();
    clientConfig.setProxyHost(PROXY_HOST);
    clientConfig.setProxyPort(PROXY_PORT);
    clientConfig.setProtocol(Protocol.HTTPS);

    OSS ossClient = new OSSClientBuilder().build(ENDPOINT, ACCESS_KEY_ID, ACCESS_KEY_SECRET, clientConfig);
    String fileKey = "4868a87eb2a0f7a06c43";
    OSSObject ossObject = ossClient.getObject(BUCKET_NAME, fileKey);
    InputStream objectContent = ossObject.getObjectContent();

    try (InputStream inputStream = objectContent) {
        copyInputStreamToFile(inputStream, targetFile);
    }

Exception:

Failing Oozie Launcher, Main class [org.apache.oozie.action.hadoop.JavaMain], main() threw exception, javax.net.ssl.SSLException: SSL peer shut down incorrectly
org.apache.oozie.action.hadoop.JavaMainException: javax.net.ssl.SSLException: SSL peer shut down incorrectly
...
Caused by: javax.net.ssl.SSLException: SSL peer shut down incorrectly
    at sun.security.ssl.InputRecord.readV3Record(InputRecord.java:596)
    at sun.security.ssl.InputRecord.read(InputRecord.java:532)
    at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:975)
    at sun.security.ssl.SSLSocketImpl.readDataRecord(SSLSocketImpl.java:933)
    at sun.security.ssl.AppInputStream.read(AppInputStream.java:105)
    at org.apache.http.impl.io.SessionInputBufferImpl.streamRead(SessionInputBufferImpl.java:139)
    at org.apache.http.impl.io.SessionInputBufferImpl.read(SessionInputBufferImpl.java:200)
    at org.apache.http.impl.io.ContentLengthInputStream.read(ContentLengthInputStream.java:178)
    at org.apache.http.conn.EofSensorInputStream.read(EofSensorInputStream.java:137)
    at java.util.zip.CheckedInputStream.read(CheckedInputStream.java:82)
    at java.io.FilterInputStream.read(FilterInputStream.java:133)
    at com.aliyun.oss.event.ProgressInputStream.read(ProgressInputStream.java:116)
    at java.util.zip.CheckedInputStream.read(CheckedInputStream.java:82)
    at java.io.FilterInputStream.read(FilterInputStream.java:107)
    at org.apache.hadoop.io.IOUtils.copyBytes(IOUtils.java:100)
    at org.apache.hadoop.io.IOUtils.copyBytes(IOUtils.java:68)
    at org.apache.hadoop.io.IOUtils.copyBytes(IOUtils.java:129)
Divakar Jona
  • 31
  • 1
  • 2

1 Answers1

2

You got this issue randomly or consistently every time? Your have not provided enough information for people to help you. So far what are the solutions you have tried?

This error message SSL peer shut down incorrectly is a generic message, it could be caused by many reason. I suggest you read through this and try it one by one.

Try to check the remote SSL certificate, verify its validity, most likely the issue is there.

Also you can turn on this -Djavax.net.debug=ssl,handshake, then provide the handshake log, this can help to narrow down the root cause.

Update:

Turn on -Djavax.net.debug=ssl,handshake require you to have some level of understand on the handshake process which might be difficult some time. You can use tools like mitmproxy to inspect the https traffic.

You can also use online TLS checker to check the TLS support.

Sam YC
  • 10,725
  • 19
  • 102
  • 158
  • Thanks for taking time to answer. We tried this option -Djavax.net.debug=ssl,handshake. The log is huge. Is there anything specific in the log that I can share here? Please advise – Vasanth Subramanian Sep 30 '20 at 11:47
  • @VasanthSubramanian probably you can attach the log file in some share drive and share the link here. The log should tell you the certificate information. Anyway, you haven't answer this `You got this issue randomly or consistently every time`? – Sam YC Sep 30 '20 at 14:52
  • @VasanthSubramanian What is the OSS domain you are connecting to? You can use the domain to check the SSL cert details. I updated this in my answer too. – Sam YC Sep 30 '20 at 15:10
  • OSS domain we are connecting to is https://oss-cn-shanghai.aliyuncs.com. We are facing this issue frequently. Due to security reasons, I am unable to share the log file. We suspect the server timeout for a single connection might be one of the reason for our issue. – Vasanth Subramanian Oct 02 '20 at 07:08
  • alright, if it happens intermittently, likely it is network issue. – Sam YC Oct 02 '20 at 07:50