Getting 401 With secure websockets on AWS

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Getting 401 With secure websockets on AWS

Knapp, Michael

Hi,

 

I am getting a 401, unauthorized, with all secure (and non-secure) websocket calls while running on AWS.  I have configured the server properly to use a signed certificate, I have tested and all HTTPS calls are successful.  I also have LDAP working.  Still, the websocket calls are all failing.

 

I have a security group setup, it allows inbound TCP traffic over port 443 from all sources (0.0.0.0/0).  I believe that alone should have been adequate.

 

I set JAVA_OPTS=’-Djavax.net.debug=all’ and watched the standard output.  Every time the websockets attempt to connect, I see these printed to standard out:

 

qtp1622006612-39, called closeInbound()

qtp1622006612-39, fatal error: 80: Inbound closed before receiving peer's close_notify: possible truncation attack?

javax.net.ssl.SSLException: Inbound closed before receiving peer's close_notify: possible truncation attack?

%% Invalidated:  [Session-50, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256]

qtp1622006612-39, SEND TLSv1.2 ALERT:  fatal, description = internal_error

qtp1622006612-39, WRITE: TLSv1.2 Alert, length = 2

 

Nothing is written the the log file when these websocket requests fail.

 

Can somebody please tell me why this is still not working?

 

Michael Knapp



The information contained in this e-mail is confidential and/or proprietary to Capital One and/or its affiliates and may only be used solely in performance of work or services for Capital One. The information transmitted herewith is intended only for use by the individual or entity to which it is addressed. If the reader of this message is not the intended recipient, you are hereby notified that any review, retransmission, dissemination, distribution, copying or other use of, or taking of any action in reliance upon this information is strictly prohibited. If you have received this communication in error, please contact the sender and delete the material from your computer.

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Getting 401 With secure websockets on AWS

Khalid Huseynov-3
Hi Michael,

Which version of Zeppelin are you using?

On Sat, Apr 22, 2017 at 3:10 AM, Knapp, Michael <[hidden email]> wrote:

Hi,

 

I am getting a 401, unauthorized, with all secure (and non-secure) websocket calls while running on AWS.  I have configured the server properly to use a signed certificate, I have tested and all HTTPS calls are successful.  I also have LDAP working.  Still, the websocket calls are all failing.

 

I have a security group setup, it allows inbound TCP traffic over port 443 from all sources (0.0.0.0/0).  I believe that alone should have been adequate.

 

I set JAVA_OPTS=’-Djavax.net.debug=all’ and watched the standard output.  Every time the websockets attempt to connect, I see these printed to standard out:

 

qtp1622006612-39, called closeInbound()

qtp1622006612-39, fatal error: 80: Inbound closed before receiving peer's close_notify: possible truncation attack?

javax.net.ssl.SSLException: Inbound closed before receiving peer's close_notify: possible truncation attack?

%% Invalidated:  [Session-50, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256]

qtp1622006612-39, SEND TLSv1.2 ALERT:  fatal, description = internal_error

qtp1622006612-39, WRITE: TLSv1.2 Alert, length = 2

 

Nothing is written the the log file when these websocket requests fail.

 

Can somebody please tell me why this is still not working?

 

Michael Knapp



The information contained in this e-mail is confidential and/or proprietary to Capital One and/or its affiliates and may only be used solely in performance of work or services for Capital One. The information transmitted herewith is intended only for use by the individual or entity to which it is addressed. If the reader of this message is not the intended recipient, you are hereby notified that any review, retransmission, dissemination, distribution, copying or other use of, or taking of any action in reliance upon this information is strictly prohibited. If you have received this communication in error, please contact the sender and delete the material from your computer.


Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Getting 401 With secure websockets on AWS

Knapp, Michael

Sorry it took me a while to respond, I got side-tracked.  This is still a major problem for me.

 

I am using Zeppelin 0.7.0, I can try upgrading.

 

Other factors:

·         We are using proxies

·         This is running in docker and kubernetes now, but in the original email it was installed directly on an ec2.

 

 

 

From: Khalid Huseynov <[hidden email]>
Reply-To: "[hidden email]" <[hidden email]>
Date: Thursday, May 4, 2017 at 4:30 AM
To: "[hidden email]" <[hidden email]>
Subject: Re: Getting 401 With secure websockets on AWS

 

Hi Michael,

 

Which version of Zeppelin are you using?

 

On Sat, Apr 22, 2017 at 3:10 AM, Knapp, Michael <[hidden email]> wrote:

Hi,

 

I am getting a 401, unauthorized, with all secure (and non-secure) websocket calls while running on AWS.  I have configured the server properly to use a signed certificate, I have tested and all HTTPS calls are successful.  I also have LDAP working.  Still, the websocket calls are all failing.

 

I have a security group setup, it allows inbound TCP traffic over port 443 from all sources (0.0.0.0/0).  I believe that alone should have been adequate.

 

I set JAVA_OPTS=’-Djavax.net.debug=all’ and watched the standard output.  Every time the websockets attempt to connect, I see these printed to standard out:

 

qtp1622006612-39, called closeInbound()

qtp1622006612-39, fatal error: 80: Inbound closed before receiving peer's close_notify: possible truncation attack?

javax.net.ssl.SSLException: Inbound closed before receiving peer's close_notify: possible truncation attack?

%% Invalidated:  [Session-50, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256]

qtp1622006612-39, SEND TLSv1.2 ALERT:  fatal, description = internal_error

qtp1622006612-39, WRITE: TLSv1.2 Alert, length = 2

 

Nothing is written the the log file when these websocket requests fail.

 

Can somebody please tell me why this is still not working?

 

Michael Knapp

 


The information contained in this e-mail is confidential and/or proprietary to Capital One and/or its affiliates and may only be used solely in performance of work or services for Capital One. The information transmitted herewith is intended only for use by the individual or entity to which it is addressed. If the reader of this message is not the intended recipient, you are hereby notified that any review, retransmission, dissemination, distribution, copying or other use of, or taking of any action in reliance upon this information is strictly prohibited. If you have received this communication in error, please contact the sender and delete the material from your computer.

 



The information contained in this e-mail is confidential and/or proprietary to Capital One and/or its affiliates and may only be used solely in performance of work or services for Capital One. The information transmitted herewith is intended only for use by the individual or entity to which it is addressed. If the reader of this message is not the intended recipient, you are hereby notified that any review, retransmission, dissemination, distribution, copying or other use of, or taking of any action in reliance upon this information is strictly prohibited. If you have received this communication in error, please contact the sender and delete the material from your computer.

Loading...