Unable to enable encryption exception

[robinbraemer]

I'm receiving an exception when trying to connect.

2020-02-09 19:43:38,493 main WARN Disabling terminal, you're running in an unsupported environment.
[19:43:41 INFO]: Booting up Velocity 1.0.5-SNAPSHOT (git-0c7a9957-b190)...
[19:43:43 INFO]: Connections will use epoll channels, native (Linux amd64) compression, Java ciphers
[19:43:43 INFO]: Loading plugins...
WARNING: An illegal reflective access operation has occurred
WARNING: Illegal reflective access by com.google.inject.internal.cglib.core.$ReflectUtils$1 (file:/home/minecraft/proxy.jar) to method java.lang.ClassLoader.defineClass(java.lang.String,byte[],int,int,java.security.ProtectionDomain)
WARNING: Please consider reporting this to the maintainers of com.google.inject.internal.cglib.core.$ReflectUtils$1
WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations
WARNING: All illegal access operations will be denied in a future release
[19:43:46 INFO]: Loaded 2 plugins
[19:43:46 INFO]: Done (7.4s)!
[19:43:46 INFO]: Listening on /0.0.0.0:25565
[19:43:52 ERROR]: Unable to enable encryption
java.util.concurrent.CompletionException: io.netty.handler.codec.DecoderException: io.netty.handler.ssl.NotSslRecordException: not an SSL/TLS record: 485454502f312e31203430302042616420526571756573740d0a636f6e74656e742d6c656e6774683a20300d0a636f6e6e656374696f6e3a20636c6f73650d0a0d0a
at java.util.concurrent.CompletableFuture.encodeThrowable(Unknown Source) ~[?:?]
at java.util.concurrent.CompletableFuture.completeThrowable(Unknown Source) ~[?:?]
at java.util.concurrent.CompletableFuture$UniAccept.tryFire(Unknown Source) ~[?:?]
at java.util.concurrent.CompletableFuture.postComplete(Unknown Source) ~[?:?]
at java.util.concurrent.CompletableFuture.completeExceptionally(Unknown Source) ~[?:?]
at com.velocitypowered.proxy.network.http.SimpleHttpResponseCollector.exceptionCaught(SimpleHttpResponseCollector.java:49) ~[proxy.jar:1.0.5-SNAPSHOT (git-0c7a9957-b190)]
at io.netty.channel.AbstractChannelHandlerContext.invokeExceptionCaught(AbstractChannelHandlerContext.java:297) ~[proxy.jar:1.0.5-SNAPSHOT (git-0c7a9957-b190)]
at io.netty.channel.AbstractChannelHandlerContext.invokeExceptionCaught(AbstractChannelHandlerContext.java:276) ~[proxy.jar:1.0.5-SNAPSHOT (git-0c7a9957-b190)]
at io.netty.channel.AbstractChannelHandlerContext.fireExceptionCaught(AbstractChannelHandlerContext.java:268) ~[proxy.jar:1.0.5-SNAPSHOT (git-0c7a9957-b190)]
at io.netty.channel.CombinedChannelDuplexHandler$DelegatingChannelHandlerContext.fireExceptionCaught(CombinedChannelDuplexHandler.java:426) ~[proxy.jar:1.0.5-SNAPSHOT (git-0c7a9957-b190)]
at io.netty.channel.ChannelHandlerAdapter.exceptionCaught(ChannelHandlerAdapter.java:92) ~[proxy.jar:1.0.5-SNAPSHOT (git-0c7a9957-b190)]
at io.netty.channel.CombinedChannelDuplexHandler$1.fireExceptionCaught(CombinedChannelDuplexHandler.java:147) ~[proxy.jar:1.0.5-SNAPSHOT (git-0c7a9957-b190)]
at io.netty.channel.ChannelInboundHandlerAdapter.exceptionCaught(ChannelInboundHandlerAdapter.java:143) ~[proxy.jar:1.0.5-SNAPSHOT (git-0c7a9957-b190)]
at io.netty.channel.CombinedChannelDuplexHandler.exceptionCaught(CombinedChannelDuplexHandler.java:233) ~[proxy.jar:1.0.5-SNAPSHOT (git-0c7a9957-b190)]
at io.netty.channel.AbstractChannelHandlerContext.invokeExceptionCaught(AbstractChannelHandlerContext.java:297) ~[proxy.jar:1.0.5-SNAPSHOT (git-0c7a9957-b190)]
at io.netty.channel.AbstractChannelHandlerContext.invokeExceptionCaught(AbstractChannelHandlerContext.java:276) ~[proxy.jar:1.0.5-SNAPSHOT (git-0c7a9957-b190)]
at io.netty.channel.AbstractChannelHandlerContext.fireExceptionCaught(AbstractChannelHandlerContext.java:268) ~[proxy.jar:1.0.5-SNAPSHOT (git-0c7a9957-b190)]
at io.netty.handler.ssl.SslHandler.exceptionCaught(SslHandler.java:1095) ~[proxy.jar:1.0.5-SNAPSHOT (git-0c7a9957-b190)]
at io.netty.channel.AbstractChannelHandlerContext.invokeExceptionCaught(AbstractChannelHandlerContext.java:297) ~[proxy.jar:1.0.5-SNAPSHOT (git-0c7a9957-b190)]
at io.netty.channel.AbstractChannelHandlerContext.notifyHandlerException(AbstractChannelHandlerContext.java:831) ~[proxy.jar:1.0.5-SNAPSHOT (git-0c7a9957-b190)]
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:376) ~[proxy.jar:1.0.5-SNAPSHOT (git-0c7a9957-b190)]
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:360) ~[proxy.jar:1.0.5-SNAPSHOT (git-0c7a9957-b190)]
at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:352) ~[proxy.jar:1.0.5-SNAPSHOT (git-0c7a9957-b190)]
at io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1408) ~[proxy.jar:1.0.5-SNAPSHOT (git-0c7a9957-b190)]
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:374) ~[proxy.jar:1.0.5-SNAPSHOT (git-0c7a9957-b190)]
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:360) ~[proxy.jar:1.0.5-SNAPSHOT (git-0c7a9957-b190)]
at io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:930) ~[proxy.jar:1.0.5-SNAPSHOT (git-0c7a9957-b190)]
at io.netty.channel.epoll.AbstractEpollStreamChannel$EpollStreamUnsafe.epollInReady(AbstractEpollStreamChannel.java:792) ~[proxy.jar:1.0.5-SNAPSHOT (git-0c7a9957-b190)]
at io.netty.channel.epoll.EpollEventLoop.processReady(EpollEventLoop.java:424) ~[proxy.jar:1.0.5-SNAPSHOT (git-0c7a9957-b190)]
at io.netty.channel.epoll.EpollEventLoop.run(EpollEventLoop.java:326) ~[proxy.jar:1.0.5-SNAPSHOT (git-0c7a9957-b190)]
at io.netty.util.concurrent.SingleThreadEventExecutor$5.run(SingleThreadEventExecutor.java:918) ~[proxy.jar:1.0.5-SNAPSHOT (git-0c7a9957-b190)]
at io.netty.util.internal.ThreadExecutorMap$2.run(ThreadExecutorMap.java:74) ~[proxy.jar:1.0.5-SNAPSHOT (git-0c7a9957-b190)]
at java.lang.Thread.run(Unknown Source) [?:?]
Caused by: io.netty.handler.codec.DecoderException: io.netty.handler.ssl.NotSslRecordException: not an SSL/TLS record: 485454502f312e31203430302042616420526571756573740d0a636f6e74656e742d6c656e6774683a20300d0a636f6e6e656374696f6e3a20636c6f73650d0a0d0a
at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:470) ~[proxy.jar:1.0.5-SNAPSHOT (git-0c7a9957-b190)]
at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:276) ~[proxy.jar:1.0.5-SNAPSHOT (git-0c7a9957-b190)]
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:374) ~[proxy.jar:1.0.5-SNAPSHOT (git-0c7a9957-b190)]
... 12 more
Caused by: io.netty.handler.ssl.NotSslRecordException: not an SSL/TLS record: 485454502f312e31203430302042616420526571756573740d0a636f6e74656e742d6c656e6774683a20300d0a636f6e6e656374696f6e3a20636c6f73650d0a0d0a
at io.netty.handler.ssl.SslHandler.decodeJdkCompatible(SslHandler.java:1203) ~[proxy.jar:1.0.5-SNAPSHOT (git-0c7a9957-b190)]
at io.netty.handler.ssl.SslHandler.decode(SslHandler.java:1271) ~[proxy.jar:1.0.5-SNAPSHOT (git-0c7a9957-b190)]
at io.netty.handler.codec.ByteToMessageDecoder.decodeRemovalReentryProtection(ByteToMessageDecoder.java:500) ~[proxy.jar:1.0.5-SNAPSHOT (git-0c7a9957-b190)]
at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:439) ~[proxy.jar:1.0.5-SNAPSHOT (git-0c7a9957-b190)]
at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:276) ~[proxy.jar:1.0.5-SNAPSHOT (git-0c7a9957-b190)]
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:374) ~[proxy.jar:1.0.5-SNAPSHOT (git-0c7a9957-b190)]
... 12 more
[19:43:52 INFO]: [initial connection] /127.0.0.1:53612 has disconnected

My config:

# Config version. Do not change this
config-version = "1.0"

# What port should the proxy be bound to? By default, we'll bind to all addresses on port 25577.
bind = "0.0.0.0:25565"

# What should be the MOTD? This gets displayed when the player adds your server to
# their server list. Legacy color codes and JSON are accepted.
motd = "&7Loading..."

# What should we display for the maximum number of players? (Velocity does not support a cap
# on the number of players online.)
show-max-players = 400

# Should we authenticate players with Mojang? By default, this is on.
online-mode = true

# Should we forward IP addresses and other data to backend servers?
# Available options:
# - "none":   No forwarding will be done. All players will appear to be connecting from the
#             proxy and will have offline-mode UUIDs.
# - "legacy": Forward player IPs and UUIDs in a BungeeCord-compatible format. Use this if
#             you run servers using Minecraft 1.12 or lower.
# - "modern": Forward player IPs and UUIDs as part of the login process using Velocity's
#             native forwarding. Only applicable for Minecraft 1.13 or higher.
player-info-forwarding-mode = "legacy"

# If you are using modern IP forwarding, configure an unique secret here.
forwarding-secret = "none"

# Announce whether or not your server supports Forge. If you run a modded server, we
# suggest turning this on.
announce-forge = false

[servers]
# Configure your servers here. Each key represents the server's name, and the value
# represents the IP address of the server to connect to.
lobbies = "lobbies.lobby.svc.cluster.local:25565"
kubes = "kubes.kube.svc.cluster.local:25565"

# In what order we should try servers when a player logs in or is kicked from a server.
try = [
   "lobbies"
]

[forced-hosts]
# Configure your forced hosts here.
# "lobby.example.com" = [
#   "lobby"
# ]

[advanced]
# How large a Minecraft packet has to be before we compress it. Setting this to zero will
# compress all packets, and setting it to -1 will disable compression entirely.
compression-threshold = 256

# How much compression should be done (from 0-9). The default is -1, which uses the
# default level of 6.
compression-level = -1

# How fast (in milliseconds) are clients allowed to connect after the last connection? By
# default, this is three seconds. Disable this by setting this to 0.
login-ratelimit = 3000

# Specify a custom timeout for connection timeouts here. The default is five seconds.
connection-timeout = 5000

# Specify a read timeout for connections here. The default is 30 seconds.
read-timeout = 30000

# Enables compatibility with HAProxy.
proxy-protocol = false

[query]
# Whether to enable responding to GameSpy 4 query responses or not.
enabled = false

# If query is enabled, on what port should the query protocol listen on?
port = 25577

# This is the map name that is reported to the query services.
map = "Velocity"

# Whether plugins should be shown in query response by default or not
show-plugins = false

[metrics]
# Whether metrics will be reported to bStats (https://bstats.org).
# bStats collects some basic information, like how many people use Velocity and their
# player count. We recommend keeping bStats enabled, but if you're not comfortable with
# this, you can turn this setting off. There is no performance penalty associated with
# having metrics enabled, and data sent to bStats can't identify your server.
enabled = false

# A unique, anonymous ID to identify this proxy with.
#id = will be generated each time

log-failure = false

[electronicboy]

https://netty.io/4.0/api/io/netty/handler/ssl/NotSslRecordException.html aka, more an issue with your setup/network vs an issue with velocity?

[robinbraemer]

Probably thx, but why does it even need SSL?

[electronicboy]

it would be kinda sketchy if mojangs authentication service didn't...

[robinbraemer]

Oh, so it is because velocity can't connect to mojang's API?

[electronicboy]

Correct, something is breaking your connection between the proxy and mojangs auth services

[robinbraemer]

Thank you! Fixed it, closing now.

[astei]

I'm late to the party, but I hex-decoded that and it's 'HTTP/1.1 400 Bad Request\r\ncontent-length: 0\r\nconnection: close\r\n\r\n' - in order words, a plain-text HTTP response.

Definitely doesn't sound like an SSL record to me!