'Connection reset by peer' when connecting from GCP to Astra
Description
I get the following exception when connecting from GCP Dataproc (tried Ubuntu and Debian) to Astra
The following snipet reprorduces the issue:
Environment
Pull Requests
Activity
The cipher is there
We've had reports of other issues that seem related to this. It could be related to the TLS version. Could you try forcing TLS 1.2?
Specifying ‑Djdk.tls.client.protocols="TLSv1.2" doesn’t solve the issue.
I tried connecting to DSE (ssl enabled) from Dataproc node and it worked. Not sure if my manual setup is equivalent to what secure bundle implies. I simply downloaded a certificate from OpsCenter, created a truststore and used it in a spark app.
btw. I asked about server side logs but there is no evidence of a connection. https://datastax.slack.com/archives/CUTBC5AUF/p1594377709273900
The problem only happens with Dataproc, not regular Compute Engine instances. Upon further investigation, the difference is that Dataproc uses the Conscrypt SSL provider by default. It looks like something is not working correctly with Conscrypt, it's hard to tell because we don't have any logs.
Conscrypt can be disabled via a Dataproc cluster property: dataproc:dataproc.conscrypt.provider.enable. This solves the issue.
So this is the recommended workaround for now. In the longer term, it would be a good idea to contact GCP support to find out what the Conscrypt issue is (possibly it relates to SNI), if there are any logs we can enable to debug it, etc.
Closing as "not a problem" since this was an environment issue, not a bug in the driver.
