Unable to Establish a Secure Connection

This section describes secure connection issues.

Recent versions of Safari and Chrome web browsers have removed support for older certificate cipher algorithms, including those used by some versions of MapR. Because of this, users of these new browser versions may lose the ability to log into the Control System.

A fix for this issue is available in MapR Versions 4.0.2 and later. Existing clusters can be patched to workaround this issue. Information and installation instructions for this patch are found later in this document. For additional fixes that you may also want to apply at this time, see Web Browser Security Issues.

Affected Versions

To determine whether you will be affected, your MapR version must be in the range listed in the MapR section below, and you must be accessing the Control System using a browser version listed in either the Safari or Chrome sections.

  • MapR - Versions 3.1, 3.1.1, 4.0.0, and 4.0.1
  • Safari - Versions 7.0 and higher.
  • Chrome - Versions 39.0 and higher.

Symptoms

Error message for Chrome:

          SSL connection error. Unable to make a secure connection to the server. 
          This maybe a problem with the server, 
          or it may be requiring a client authentication certificate that you don't have. 
          Error code: ERR_SSL_PROTOCOL_ERROR
        
Error message for Safari

          Safari can't open the page <URL> 
          because Safari can't establish a secure connection to the server <server name>.
        

Patching your Cluster

The steps to implement the fix for a secure cluster (cluster with wire-level security) differ from the steps to implement the fix on a non-secure cluster. However, in both cases, you will use the fixssl script to generate new versions of the ssl_keystore and ssl_truststore.

While you are implementing the fix on a non-secure cluster, the webserver will experience a brief downtime. The impact on a secure cluster will be greater, as more services will need to be restarted for the patch to take effect. You have a secure cluster if you use wire-level security to encrypt data transmission between the nodes in your cluster.