Error closing inbound of SSL/TLS connection

Hello and apologies if this is the wrong place for this question.

I am having an issue with a (Python) paho-mqtt client connection receiving a [SSL: TLSV1_ALERT_INTERNAL_ERROR] tlsv1 alert internal error from Chariot (and crashing) when the “Stop server” button is clicked (or the service is stopped) on the Chariot broker.
On the Chariot side I see the error:
“Error closing inbound of SSL/TLS connection with ID ######: closing inbound before receiving peer’s close_notify”

Normally, my Python client will “walk” to the next available server if the server it is connected to goes down. This is tested to be working on:

  • Chariot without SSL
  • Mosquitto broker with/without SSL
  • Chariot with SSL *** ONLY if the docker container containing Chariot is restarted, or if access to port 8883 is blocked via firewall ****

There seems to be something in the Chariot shutdown process that is causing this error. Preliminary Googling seems to suggest either a bug in JVM 11, or a mix-up in the order of closing the request and the reader.

Any suggestions?

Tested using:

  • Both Linux and Windows Chariot v2.2.3
  • Python client is using Open SSL 1.1.1q and connected via TLSv1.2

We were able to reproduce this behavior. This is due to the Chariot server forcefully closing the connection with the client on server shutdown and not first attempting a “cleaner” disconnect/closure. The next release of Chariot will have this behavior addressed and the (Python) Paho-MQTT client should experience a cleaner disconnect without errors.
For now, you should be able to catch the TLSV1_ALERT_INTERNAL_ERROR and attempt any logic (like walking to the next server) without having the application crash.

1 Like