Closing inbound before receiving peer's close_notify

dev support
1

Hello,
is it normal to have lots of errors like these in catalina.out?

** BEGIN NESTED EXCEPTION **

javax.net.ssl.SSLException
MESSAGE: closing inbound before receiving peer's close_notify

STACKTRACE:

javax.net.ssl.SSLException: closing inbound before receiving peer's close_notify
	at java.base/sun.security.ssl.Alert.createSSLException(Unknown Source)
	at java.base/sun.security.ssl.Alert.createSSLException(Unknown Source)
	at java.base/sun.security.ssl.TransportContext.fatal(Unknown Source)
	at java.base/sun.security.ssl.TransportContext.fatal(Unknown Source)
	at java.base/sun.security.ssl.TransportContext.fatal(Unknown Source)
	at java.base/sun.security.ssl.SSLSocketImpl.shutdownInput(Unknown Source)
	at java.base/sun.security.ssl.SSLSocketImpl.shutdownInput(Unknown Source)
	at com.mysql.jdbc.MysqlIO.quit(MysqlIO.java:2239)
	at com.mysql.jdbc.ConnectionImpl.realClose(ConnectionImpl.java:4267)
	at com.mysql.jdbc.ConnectionImpl.close(ConnectionImpl.java:1531)
	at lucee.commons.io.IOUtil.closeEL(IOUtil.java:429)
	at lucee.runtime.db.DatasourceConnectionPool.releaseDatasourceConnection(DatasourceConnectionPool.java:171)
	at lucee.runtime.db.DatasourceManagerImpl.releaseConnection(DatasourceManagerImpl.java:178)
	at lucee.runtime.db.DatasourceManagerImpl.releaseConnection(DatasourceManagerImpl.java:173)
	at lucee.runtime.tag.Query.executeDatasoure(Query.java:1137)
	at lucee.runtime.tag.Query._doEndTag(Query.java:699)
	at lucee.runtime.tag.Query.doEndTag(Query.java:565)
	at schedule.newsletter_cfm$cf.call(/schedule/newsletter.cfm:10)
	at lucee.runtime.PageContextImpl._doInclude(PageContextImpl.java:1019)
	at lucee.runtime.PageContextImpl._doInclude(PageContextImpl.java:911)
	at lucee.runtime.listener.ModernAppListener._onRequest(ModernAppListener.java:216)
	at lucee.runtime.listener.MixedAppListener.onRequest(MixedAppListener.java:42)
	at lucee.runtime.PageContextImpl.execute(PageContextImpl.java:2442)
	at lucee.runtime.PageContextImpl._execute(PageContextImpl.java:2432)
	at lucee.runtime.PageContextImpl.executeCFML(PageContextImpl.java:2403)
	at lucee.runtime.engine.Request.exe(Request.java:44)
	at lucee.runtime.engine.CFMLEngineImpl._service(CFMLEngineImpl.java:1174)
	at lucee.runtime.engine.CFMLEngineImpl.serviceCFML(CFMLEngineImpl.java:1120)
	at lucee.loader.engine.CFMLEngineWrapper.serviceCFML(CFMLEngineWrapper.java:97)
	at lucee.loader.servlet.CFMLServlet.service(CFMLServlet.java:51)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:741)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
	at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:53)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:200)
	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)
	at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:490)
	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:139)
	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92)
	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74)
	at org.apache.catalina.valves.RemoteIpValve.invoke(RemoteIpValve.java:679)
	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343)
	at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:408)
	at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
	at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:836)
	at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1747)
	at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
	at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
	at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
	at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
	at java.base/java.lang.Thread.run(Unknown Source)


** END NESTED EXCEPTION **


** BEGIN NESTED EXCEPTION **

javax.net.ssl.SSLException
MESSAGE: closing inbound before receiving peer's close_notify

STACKTRACE:

javax.net.ssl.SSLException: closing inbound before receiving peer's close_notify
	at java.base/sun.security.ssl.Alert.createSSLException(Unknown Source)
	at java.base/sun.security.ssl.Alert.createSSLException(Unknown Source)
	at java.base/sun.security.ssl.TransportContext.fatal(Unknown Source)
	at java.base/sun.security.ssl.TransportContext.fatal(Unknown Source)
	at java.base/sun.security.ssl.TransportContext.fatal(Unknown Source)
	at java.base/sun.security.ssl.SSLSocketImpl.shutdownInput(Unknown Source)
	at java.base/sun.security.ssl.SSLSocketImpl.shutdownInput(Unknown Source)
	at com.mysql.jdbc.MysqlIO.quit(MysqlIO.java:2239)
	at com.mysql.jdbc.ConnectionImpl.realClose(ConnectionImpl.java:4267)
	at com.mysql.jdbc.ConnectionImpl.close(ConnectionImpl.java:1531)
	at lucee.runtime.db.DatasourceConnectionImpl.close(DatasourceConnectionImpl.java:289)
	at lucee.runtime.db.DCStack.clear(DCStack.java:168)
	at lucee.runtime.db.DCStack.clear(DCStack.java:147)
	at lucee.runtime.db.DatasourceConnectionPool.clear(DatasourceConnectionPool.java:191)
	at lucee.runtime.engine.Controler.control(Controler.java:337)
	at lucee.runtime.engine.Controler.control(Controler.java:243)
	at lucee.runtime.engine.Controler.access$000(Controler.java:58)
	at lucee.runtime.engine.Controler$ControlerThread.run(Controler.java:113)


** END NESTED EXCEPTION **

Version: Lucee 5.3.8.138-SNAPSHOT
Servlet Container: Apache Tomcat/9.0.19
Java: 11.0.8 (AdoptOpenJDK) 64bit
OS: Linux (4.15.0-130-generic) 64bit
MySQL: 5.7.32 
MySQL JDBC: 5.1.40
2

No, I don’t think that is normal. Looks like at least one of your datasources SSL connection to your database is failing. Is that database on the same machine? Does it need to have SSL activated? If not, deactivate it. If SSL is needed, there was a bug in a mysql connector. Check your connectors version and verify if it’s also in your connector. If so, I’d try to update it.

https://bugs.mysql.com/bug.php?id=93590

1 Like
3

hi Andreas,
yes, mysql is on the same server as lucee.

Now I have disabled ssl with adding skip_ssl in mysqld.cnf

now the only error I have left is the following:

Sun Jan 10 12:39:08 CET 2021 WARN: Establishing SSL connection without server's identity verification is not recommended. According to MySQL 5.5.45+, 5.6.26+ and 5.7.6+ requirements SSL connection must be established by default if explicit option isn't set. For compliance with existing applications not using SSL the verifyServerCertificate property is set to 'false'. You need either to explicitly disable SSL by setting useSSL=false, or set useSSL=true and provide truststore for server certificate verification.

unfortunately in lucee administrator → datasource there is no useSSL=false option, so I guess the only way to do this is via application.cfc, like so:

this.datasource = {
 database: "mydb"
	// etc
 ,custom: {
   useSSL: false
 }
};

it’s right?

4

I would try seting it like documented in the docs and add the url variable
useSSL=false to the connection string.

1 Like