Unrecognized SSL Message Plaintext Connection

Error Message: “Unrecognized SSL message, plaintext connection?”



The following error message is observed when a user that resides only on an embedded LDAP server logs on to the device. In addition, the engine.properties has the following configuration: internal.ldap.ssl.enabled = true external.ldap.ssl.enabled = true ERROR Java: com.initiatesystems.hub.ldap.adapter.connection. LdapConnectionAdapterFactory: javax.naming. CommunicationException: simple link failed: hub.hostname.com:1389 [Root exception is javax.net.ssl. SSLException: unrecognised SSL message, plaintext connexion? ]

Solving the Issue

Since the Activate Hub System was designed to have an embedded LDAP server, the configuration should be as follows:

Embedded.ldap.ssl.enabled = real
External.ldap.ssl.enabled = real.

An internal LDAP server is configured only if you have a separate LDAP instance running on the same server as the hub server.

Introduction / Issue:

Having a message in the VSE log files below per minute-vse.log:

[OldIOPortServer: thread # 2] ERROR com.itko.lisa.vse.sio. OldIOSsion-An error occurred when attempting to process a client request.
Javax.net.ssl. SSLException: unrecognised SSL post, plain-text connexion?
Sun.security.ssl. InputRecord.handleUnknownRecord(InputRecord.java:710)
Sun.security.ssl. InputRecord.read(InputRecord.java:527)
Sun.security.ssl. SSLSocketImpl.readRecord(SSLSocketImpl.java:973)
Sun.security.ssl. SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375)
Sun.security.ssl. SSLSocketImpl.readDataRecord(SSLSocketImpl.java:928)
Sun.security.ssl. AppInputStream.read(AppInputStream.java:105)
Com.itko.lisa.vse.sio. OldIOSession.readIntoBuffer(OldIOSession.java:155)
Com.itko.lisa.vse.sio. OldIOSession.run(OldIOSession.java:111)
Java.util.concurrent. ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
Java.util.concurrent. ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
Java.lang. Thread.run(Thread.java:745)


We need to check whether there is a client programme that is attempting to access the VSM using an incorrect transport protocol.
We would not be able to see the amount of transactions which the Portal under Watch, VSE. These transactions fail until they are processed by the VSM.

To help troubleshoot this, we can use Wireshark on the VSE server and configure it to capture traffic when these messages are being printed in VSE log files.
By analysing the traffic that has been collected, we will try to distinguish which addresses are trying to enter the VSE in which ports.

We will also see these notifications while a vulnerability scan is running against the VSE server, but if this is the case, we will also have several other exceptions, and this is usually for a short period of time.