Share via

The SSL connection could not be establishedThe SSL connection could not be established

Anh Khoa Nguyen 0 Reputation points
2024-10-07T04:44:29.0933333+00:00

I using .net 6 write log to elastic search, 6 server working ok but 1 server cannot insert log and return error as below.

  • I checked telnet from this server to domain elastic ok
  • I tried access to domain on chrome in this server ok
  • I check SSL certificate this domainn ok
    Please help me resolve this problem

Audit trail of this API call:

  • [1] BadRequest: Node: https:/xxx.xxx.com/ Took: 00:00:00.0168167

OriginalException: System.Net.Http.HttpRequestException: The SSL connection could not be established, see inner exception.

---> System.Security.Authentication.AuthenticationException: Authentication failed because the remote party sent a TLS alert: 'HandshakeFailure'.

---> System.ComponentModel.Win32Exception (0x80090326): The message received was unexpected or badly formatted.

--- End of inner exception stack trace ---

at System.Net.Security.SslStream.ForceAuthenticationAsyncTIOAdapter

at System.Net.Http.ConnectHelper.EstablishSslConnectionAsync(SslClientAuthenticationOptions sslOptions, HttpRequestMessage request, Boolean async, Stream stream, CancellationToken cancellationToken)

--- End of inner exception stack trace ---

at System.Net.Http.ConnectHelper.EstablishSslConnectionAsync(SslClientAuthenticationOptions sslOptions, HttpRequestMessage request, Boolean async, Stream stream, CancellationToken cancellationToken)

at System.Net.Http.HttpConnectionPool.ConnectAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)

at System.Net.Http.HttpConnectionPool.CreateHttp11ConnectionAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)

at System.Net.Http.HttpConnectionPool.AddHttp11ConnectionAsync(HttpRequestMessage request)

at System.Threading.Tasks.TaskCompletionSourceWithCancellation`1.WaitWithCancellationAsync(CancellationToken cancellationToken)

at System.Net.Http.HttpConnectionPool.GetHttp11ConnectionAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)

at System.Net.Http.HttpConnectionPool.SendWithVersionDetectionAndRetryAsync(HttpRequestMessage request, Boolean async, Boolean doRequestAuth, CancellationToken cancellationToken)

at System.Net.Http.DiagnosticsHandler.SendAsyncCore(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)

at System.Net.Http.RedirectHandler.SendAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)

at System.Net.Http.HttpClient.<SendAsync>g__Core|83_0(HttpRequestMessage request, HttpCompletionOption completionOption, CancellationTokenSource cts, Boolean disposeCts, CancellationTokenSource pendingRequestsCts, CancellationToken originalCancellationToken)

at Elasticsearch.Net.HttpConnection.RequestAsyncTResponse

Request:

<Request stream not captured or already read to completion by serializer. Set DisableDirectStreaming() on ConnectionSettings to force it to be set on the response.>

Response:

<Response stream not captured or already read to completion by serializer. Set DisableDirectStreaming() on ConnectionSettings to force it to be set on the response.>

Developer technologies .NET Other
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Anonymous
    2024-10-07T09:52:11.6966667+00:00

    Hi @Anh Khoa Nguyen , Welcome to Microsoft Q&A,

    The error you're encountering indicates that the SSL handshake between your server and the Elasticsearch domain failed due to an unexpected or malformed message, which typically indicates an issue with TLS compatibility or SSL certificate configuration.

    Make sure both the server and Elasticsearch are using compatible TLS versions. By default, .NET Core 3.1 and later (including .NET 6) use TLS 1.2 or 1.3. However, older servers might still attempt to use outdated protocols such as TLS 1.0 or 1.1. To force the use of TLS 1.2/1.3, you can explicitly configure it in your code:

    
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12 | SecurityProtocolType.Tls13;

    Although you mentioned that the SSL certificate is valid, you should ensure that:

    • The full certificate chain, including any intermediate certificates, is correctly installed.
    • The server trusts the root certificate authority (CA) used by Elasticsearch. If the certificate is self-signed or issued by an internal CA, ensure that it is installed in the server's trust store.

    If you suspect the problem is with SSL certificate validation, you can temporarily disable SSL validation to verify this:

    
var connectionSettings = new ConnectionSettings(new Uri("https://xxx.xxx.com")) .ServerCertificateValidationCallback((sender, certificate, chain, sslPolicyErrors) => true); 
var elasticClient = new ElasticClient(connectionSettings);

    This should only be used for debugging purposes. If this resolves the issue, then there is an SSL certificate or chain issue.

    Best Regards,

    Jiale

    If the answer is the right solution, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment". 

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.