I'm using Scala 2.11 and Dispatch 0.11.3 for sending http requests, Docker version 20.10.21 with Ubuntu 18.04 inside the container. Http requests are working fine when the app is launched without Docker on my local machine.
From inside docker container, http requests seem to work, but not https, and the following exception is being returned:
org.jboss.netty.handler.ssl.NotSslRecordException: not an SSL/TLS record:17030309b9b433d9b492775290d413b0fe9d7303f319c1ee114b5e380e4291e8f003759c431fa0af1f61b28c8669c5977c090b26b8a75644d6687d30a69a61ab2bb557f97c7f99f2cbaee7afb1578adb02e9d545df44f4837928d0b6e6be79ff6bf2827832498b07d927cb105cec5453b0a14b8d99ba860da2469d9f6823d64196d1f7f55ddddaa599bfffb9cdb46ee2fcb19424d3c83c054ea189e65f3f923e1eb68f9965d423ca6bef6e7e7a2059178cb3b198f9be7548170c97bde8ea49b0e61a704b4a952570fbbcca121123bd976ae7e6badf0e0820620837882c1a0e8ac77fc5b1c54066ebb3fe03ca74638263f82d5c5b06f0b5233b32d920d7a0d00b82a3833838690d03f4df4617129b9fd50a89c260e1d8c2189e65fa514478437932637af75631a11c761a6b1ad76a993e885a4d46b0aa4be96d7514943f3cace24df1db765f07830c1acf1fba19c5ef383e94dbd25be1e9abe35c3ca1909b3b96e23961fe0a09be1ec048c80b27fd56af27e856b011dd86cb2e6dbec999a6d1facca02b69e578ff7e8d906477d1873e3b9660871e6c59143b84ff83d7532476c3f40daa64fb20b283337bbb638a17333eae5556f697cf0f5408580c270069a68dd9aa7985bbc392feeb593f86d0674bef22f93964f726ba7229b65c2a239a5b0712dfb1aa2c26b0d4b165ae7f8c6bb8626227654e48dd62593e3b3aa6221f9f7456ee50142f0aaa1b40068f3f2319b2c65c63e5caac7f7679633b182402d39c4460a3bd4722af7c72c71b9bf5840aa731f667228629566e1cff752850df33957d3adc785f0282b24b6e05b03b537ed92e17cd4d501df5c21828c7797e3acc1242a965b101a26f8eef75e1013a8c33450de4063b8dbfa0a33c6aba56de55a65c38cd8a074fbe4048c541413f73ae89c72d42e2b252af9861a1e6de2f27862a8ed2e1a2c5186ff3d789ec0ab9ed2c914c474190a4800117f7d9790559086114e6b93b341c6db61b423e81970883756f1ca45263fe2f91943529d36bc249d18c4ad55bf8f3cae770499cf742dbd4689e7167e530c64a3f1381db1bd5979655b76566b7303cf1693cd93cb5153b759828af01476cef7dac17c6e050277875403b1b87e348a4ed4bdc86b82c01503247f1762eab4255ded8d9113b74af4d55dca42d92ff7552f0ec484189ef970570b0e74deb120157420b15b230af801a19a6c016892315b1c65b20e8fdae9052a29e605369937f575e7d5200b9c262b7ab40d56cf399038609e0e07e13d0962bfaa40b4272b848c5b3cf3ae1ad72d7101d9154c04f7242f7b7c57bda8df26c4983519745328c77ef344d475a290afe8b1b917ba960dee90b2d17b325acdc3b56d348aeeb9e8295bc649d8367ba95f281880807e1d0d7d316efeb52a1910dfcb1312ca6da89a19992f08c0d65606b1a087fbe5dcf1acb2a47b05103a4d406e3c1f863350899c58f80cab6d181b0302c72b8a690f9c6a0e62ea6a1f21fc301bbb65dd42d0a3a7d6b7cbf938a66549dbc3154fc0e87e4e5badba98909978f688de5b5c79d5726c52a202d15d532e1ae0af5be64c57dd5e3765628159af287844abffe115c2bdcdc6ef5b1b21f090df0bf4ea663bca45952c6e2f89f44ac544bf8f220828c26957f94354c49b49a1635aeb739303682f7f0c5149e99cf46460b863a54251154cf878064ad77ca25e69bfc28f12783b536cd2a57ff18d702920ce6b802b82f14c8e3f8c29de60a562c7e06205a280e645b636d89499abfdbec6b48ca2f66d6b20c7e0727ca6f3206339804985d28e6f41693c785d86134e29b161fc39961fbb8bcd6d02e7eafc3cc89e8bdc776074a1d8566597bbdcf9ed6a55953a1809a8a8405035117cd8083d5cb1bae5a5164039b1e209c8a52a83a7d02cf40c014ab50035325e6003f15944320a5bf864cdc9220088ce8314176af40d682b410798080600af9a1bce9798184e231292788efe19e6f3ec69a8c9b4d1e900c9e098fb530d8f08570ddac762f6ff3a8ead3c9ec2f5c88c050252e103b8830e65f392c1e63f4f2e95d082ba8ff8ddfefc58f4db323d3f974a07077a80af1ecf22f60af85b7038fef75c836195f5d88089db25c4dc239ec8464d77ce40cb0fea90f3b388533c0990f2ceda354f89bedf9dfaf339f2937b8a4efceba880cc13669c7ec6b30e16f3678f418302971835720112c5e4060cd383686b7308b5e2645f9d0dd5e6cecdc81b4a0a6e37aa097fd858ffb429d93ae0d4babf9ac0f8505d4e8c4fbc2056148d9f3679b5fcc486f57ed7e65bb812989bffdb8a15db00e5f987e91d95078978a962ea7ac8312616ef7546fc9ab1538b580e1b2de3e7f08bc95f833697d36ec3d2e6bf785c0b64b0be4d069077d338e484576f767988dc8150086a5aa11fcee42b73d11faa06f9290e407b2ffd93f058dc5d511fd4c505bdab199501bdf5be2861a942f9981458eb809b1921e4e9bd4746e4dd7adf1a726bf1159f7ebc7d3d076cb057bca8d7c80fe4e40ef4b1614c9992972aaf7728fc63e346946fe3c695ecee02dffdb1767b3d1b12c58940ff2f3993cb0542479f308d879bc1574bf793401209a4dcc8946a647dbf5616e3930fe0a68d32958a00ba7f1b4e5c36a02976895ce4c34523493ee294f088bf11db7805cf63a6bdd2ee5caabb4d3060f0a0d6e7cde3bb76b3e4f38784d33b2d709c384869358e0a4bafb09ce7db0bb314378629428b828b34a28201f7ee4bdbc8ab0d7f163dda964de1815e1c77dd5179ae2761ac90da553c0f32f711183c47a4434d80f6fdc4147e377d505d73d570058d30715d19ffdacff721b7dad26a0cee286a59d50213a4e0a6aa22a42dcb24d624b71710d876a6a6b1ba8880afa6c238279686a65cf2dbf05f77c136bec9ead01471ef0a4590eb2f6c3fde572a06c2c4f46c6368df45a798feaea67401659061f3e071b30c4b09a259cff5f782dc67587077292971b5c7079810d8761441fd4c2cac94af3b2acc0873d5ff1738e7bfff2a5b41142af40e86b32a5977e6b75df869d5653131226f1de6defa39796bfca143dbd9e2d4f824470b665819918486771524cd37ad48b2c82c5b578c74654bf9330d519694e26b420408ac0dd922601ea067325b7cee54749dc29c4d31cd626882092c86c6301a82b91fffbe793d80e7d86ee36173ebac814c2f46f0d7aa7d501081ccd68d2150fe6f8852ddba179ecdc5a41bb3a3ea3d3e71aa51524c55be17d4fd417d4407b9eb1f4911527b5fc53428cc23f119d51d96c19f5af965c2c5e6cd1966e06595123604a07086077f53c7497a441ee9f62a1dfc9bb8c856374e436b7f761ec5e7c8eba66df5fa9ccd0918493021b6d7eb6f01e7066b76fb4e518bbf6d8562394bbae02e8d497a02367a39fe296e283c2a1accf63262f5115e953a5e183bde1000ed27c58ccf869159176d86e5abdf93aff5fda0f9675de56d2d52355f26ccca972c71b39dd181d2560b5aeb0f7e011c87bdca93d6fa8b2d158a0fceec3
Stacktrace:
org.jboss.netty.handler.ssl.SslHandler.decode(SslHandler.java:858)
org.jboss.netty.handler.codec.frame.FrameDecoder.callDecode(FrameDecoder.java:425)
org.jboss.netty.handler.codec.frame.FrameDecoder.messageReceived(FrameDecoder.java:310)
org.jboss.netty.channel.SimpleChannelUpstreamHandler.handleUpstream(SimpleChannelUpstreamHandler.java:70)
org.jboss.netty.channel.DefaultChannelPipeline.sendUpstream(DefaultChannelPipeline.java:564)
org.jboss.netty.channel.DefaultChannelPipeline.sendUpstream(DefaultChannelPipeline.java:559)
org.jboss.netty.channel.Channels.fireMessageReceived(Channels.java:268)
org.jboss.netty.channel.Channels.fireMessageReceived(Channels.java:255)
org.jboss.netty.channel.socket.nio.NioWorker.read(NioWorker.java:88)
org.jboss.netty.channel.socket.nio.AbstractNioWorker.process(AbstractNioWorker.java:108)
org.jboss.netty.channel.socket.nio.AbstractNioSelector.run(AbstractNioSelector.java:337)
org.jboss.netty.channel.socket.nio.AbstractNioWorker.run(AbstractNioWorker.java:89)
org.jboss.netty.channel.socket.nio.NioWorker.run(NioWorker.java:178)
org.jboss.netty.util.ThreadRenamingRunnable.run(ThreadRenamingRunnable.java:108)
org.jboss.netty.util.internal.DeadLockProofWorker$1.run(DeadLockProofWorker.java:42)
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
java.lang.Thread.run(Thread.java:750)
Until few days ago, requests were working just fine, no any changes or updates to any libs/tools were done. Old containers that were built few days ago also work fine.
I have very little knowledge of SSL. Can anybody advise how to find the reason and where to look further to solve this?
CodePudding user response:
Solved: The problem is in the Dispatch library.
I've created a simple test application with same versions of Scala&Java, and Dockerized it, so I was able to test components isolately. After changing the Dispatch lib to scalaj-http, requests started to work. Indeed I'm curious what made the library stop working with https/ssl.
Updated: The problem was caused by Ubuntu security update 5719-1. Apparantly, OpendJDK uses TLS 1.3 by default which is not supported by Dispatch library. It was decided to stick to the ubuntu version before the update. Now we are planning to update http library to the one that supports TLS 1.3.