Getting 400 Bad Request Response Code with Error "The plain HTTP request was sent to HTTPS port"

Google Cloud Apigee
1

We are getting the 400 Bad Request response code with the following error message:

<html>
<head>
<title>400 The plain HTTP request was sent to HTTPS port</title>
</head>
<body bgcolor="white">
<center>
<h1>400 Bad Request</h1>
</center>
<center>The plain HTTP request was sent to HTTPS port</center>
</body>
</html>

We did check the target server settings used in the API Proxy is configured for secure connection with HTTPS port # 443 as follows:

{
"host": "mytarget.domain.com",
"isEnabled": true,
"name": "mytarget",
"port": 443,
"sSLInfo": {
    "ciphers": [],
    "clientAuthEnabled": "false",
    "enabled": "true",
    "ignoreValidationErrors": false,
    "protocols": []
  }
}

Here’s the Target Endpoint configuration:

<HTTPTargetConnection>
<LoadBalancer>
<MaxFailures>0</MaxFailures>
<RetryEnabled>true</RetryEnabled>
<Server name="mytarget">
<IsEnabled>true</IsEnabled>
<IsFallback>false</IsFallback>
<Weight>1</Weight>
</Server>
</LoadBalancer>
<Properties/>
</HTTPTargetConnection>

Can you please check why are we getting this error ?

2

  1. Gathered a tcpdump when the API request was made.

  2. Analysed the tcpdump and confirmed that the target port # was 443.

  3. However, the HTTP request was being sent from the Message Processor to the backend server. I could see the following error in Wireshark:

    [Unencrypted HTTP protocol detected over encrypted port, could indicate a dangerous misconfiguration.]

  4. Then we realized that initially the target server definition was created without the SSLInfo section as follows:

    { 
"host": "mytarget.domain.com", 
"isEnabled": true, 
"name": "mytarget", 
"port": 443 
}

  5. So it was considered to be a non SSL or HTTP connection.

  6. Later the target server definition was updated with SSLInfo section to make it secure connection.

  7. But this was not update on the the Message Processors (MP).

  8. So MP continued to send HTTP request to HTTPS port 443 and we were getting the error:

    The plain HTTP request was sent to HTTPS port

  9. We restarted both the Message Processors to ensure the latest definition of the target server is picked up.

With this, the issue was resolved.