Unable to access MapR Control System (MCS) due to SSL Protocol Error

Document created by jbubier Employee on Feb 7, 2016
Version 1Show Document
  • View in full screen mode

Author: Jonathan Bubier

 

Original Publication Date: December 8, 2014

 

Due to recent releases of the major browsers such as Google Chrome, FireFox, Safari and Internet Explorer you may be unable to access the MapR Control System. This issue affects MapR versions v3.1, 3.1.1, v4.0 and v4.0.1.  When attempting to access the URL of the MCS the browser will display an error similar to the following:

Unable to make a secure connection to the server. This may be a problem with the server, or it may be requiring a client authentication certificate that you don't have. 
Error code: ERR_SSL_PROTOCOL_ERROR

In /opt/mapr/logs/adminuiapp.log on the webserver node there will be errors similar to the following:

 

2014-11-19 13:52:56,900 WARN org.mortbay.log [779503941@qtp-267200496-9]: EXCEPTION

javax.net.ssl.SSLHandshakeException: no cipher suites in common

  at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)

  at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1884)

  at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:276)

  at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:266)

  at sun.security.ssl.ServerHandshaker.chooseCipherSuite(ServerHandshaker.java:894)

  at sun.security.ssl.ServerHandshaker.clientHello(ServerHandshaker.java:622)

  at sun.security.ssl.ServerHandshaker.processMessage(ServerHandshaker.java:167)

  at sun.security.ssl.Handshaker.processLoop(Handshaker.java:868)

  at sun.security.ssl.Handshaker.process_record(Handshaker.java:804)

  at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1016)

  at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1312)

  at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1339)

  at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1323)

  at org.mortbay.jetty.security.SslSocketConnector$SslConnection.run(SslSocketConnector.java:708)

  at org.mortbay.thread.QueuedThreadPool$PoolThread.run(QueuedThreadPool.java:582)

This behavior is caused by changes in recent versions of Chrome, Safari, Firefox and IE, specifically to drop support for certain ciphers used to encrypt web certificates.  As a result the MCS is not accessible using any of these browsers.  More detail regarding this issue including the necessary to resolve it are on MapR's documentation site at the following link: http://doc.mapr.com/display/RelNotes/MapR+Control+System+Certificate+Issue. It is important to determine whether MapR's security is in use on your cluster to properly apply the fix for this issue.

 

If you are still seeing issues with accessing the MCS after following the steps at the above link please gather a support-dump from the problematic webserver node in your cluster and contact MapR Support by using the Support Portal.

Attachments

    Outcomes