'Connection reset by peer' when connecting from GCP to Astra

Description

I get the following exception when connecting from GCP Dataproc (tried Ubuntu and Debian) to Astra

The following snipet reprorduces the issue:

Environment

None

Pull Requests

None

Activity

Show:
Jaroslaw Grabowski
July 10, 2020, 11:03 AM

The cipher is there

Olivier Michallat
July 16, 2020, 4:35 PM

We've had reports of other issues that seem related to this. It could be related to the TLS version. Could you try forcing TLS 1.2?

Jaroslaw Grabowski
July 17, 2020, 11:44 AM

Specifying ‑Djdk.tls.client.protocols="TLSv1.2" doesn’t solve the issue.
I tried connecting to DSE (ssl enabled) from Dataproc node and it worked. Not sure if my manual setup is equivalent to what secure bundle implies. I simply downloaded a certificate from OpsCenter, created a truststore and used it in a spark app.

Jaroslaw Grabowski
July 21, 2020, 2:15 PM

btw. I asked about server side logs but there is no evidence of a connection. https://datastax.slack.com/archives/CUTBC5AUF/p1594377709273900

Olivier Michallat
July 29, 2020, 5:05 PM
Edited

The problem only happens with Dataproc, not regular Compute Engine instances. Upon further investigation, the difference is that Dataproc uses the Conscrypt SSL provider by default. It looks like something is not working correctly with Conscrypt, it's hard to tell because we don't have any logs.

Conscrypt can be disabled via a Dataproc cluster property: dataproc:dataproc.conscrypt.provider.enable. This solves the issue.

So this is the recommended workaround for now. In the longer term, it would be a good idea to contact GCP support to find out what the Conscrypt issue is (possibly it relates to SNI), if there are any logs we can enable to debug it, etc.

Closing as "not a problem" since this was an environment issue, not a bug in the driver.

Not a Problem

Assignee

Unassigned

Reporter

Jaroslaw Grabowski

Labels

PM Priority

None

Reproduced in

None

Affects versions

Fix versions

None

Pull Request

None

Doc Impact

None

Size

None

External issue ID

None

External issue ID

None

Priority

Major
Configure