hc-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Gary Gregory <garydgreg...@gmail.com>
Subject Re: [jira] [Commented] (HTTPCLIENT-1234) HTTPS + SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER leads to javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
Date Sun, 23 Sep 2012 16:22:13 GMT
What about the latest java 7?

Gary

On Sep 23, 2012, at 12:12, "Oleg Kalnichevski (JIRA)" <jira@apache.org> wrote:

>
>    [ https://issues.apache.org/jira/browse/HTTPCLIENT-1234?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13461449#comment-13461449
]
>
> Oleg Kalnichevski commented on HTTPCLIENT-1234:
> -----------------------------------------------
>
> I think I found a difference in the way two JRE versions do the opening sequence of the
SSL handshake. For some reason I appears that JRE 1.6.0 falls back onto SSLv2 protocol version
in the middle of the opening sequence which prompts the server to reject the connection. I
do not think this problem has anything to do with HttpClient.
>
>
> JRE 1.7.0.01
> ---
> *** ClientHello, TLSv1
> ...
> [write] MD5 and SHA1 hashes:  len = 149
> ...
> main, WRITE: TLSv1 Handshake, length = 149
> [Raw write]: length = 154
> ...
> [Raw read]: length = 5
> 0000: 16 03 01 00 51                                     ....Q
> [Raw read]: length = 81
> ...
> main, READ: TLSv1 Handshake, length = 81
> *** ServerHello, TLSv1
> RandomCookie:  GMT: 1348410688 bytes = { 210, 137, 120, 151, 141, 204, 17, 181, 25, 243,
201, 26, 184, 125, 141, 72, 59, 152, 57, 122, 107, 8, 163, 173, 203, 82, 49, 135 }
> Session ID:  {206, 47, 136, 138, 182, 213, 100, 57, 8, 199, 62, 173, 155, 182, 237, 164,
144, 1, 53, 143, 93, 21, 247, 169, 244, 107, 37, 10, 75, 36, 144, 127}
> Cipher Suite: SSL_RSA_WITH_RC4_128_SHA
> Compression Method: 0
> Extension renegotiation_info, renegotiated_connection: <empty>
> ***
> %% Initialized:  [Session-1, SSL_RSA_WITH_RC4_128_SHA]
> ** SSL_RSA_WITH_RC4_128_SHA
> ---
>
> JRE 1.6.0.29
> ---
> *** ClientHello, TLSv1
> ...
> [write] MD5 and SHA1 hashes:  len = 75
> ...
> main, WRITE: TLSv1 Handshake, length = 75
> [write] MD5 and SHA1 hashes:  len = 101
> ...
> main, WRITE: SSLv2 client hello message, length = 101
> ...
> main, handling exception: java.net.SocketException: Connection reset
> main, SEND TLSv1 ALERT:  fatal, description = unexpected_message
> ---
>
> The 'main, WRITE: SSLv2 client hello message, length = 101' seems to be the cause of
the problem.
>
> Oleg
>
>> HTTPS + SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER leads to javax.net.ssl.SSLPeerUnverifiedException:
peer not authenticated
>> ------------------------------------------------------------------------------------------------------------------------------
>>
>>                Key: HTTPCLIENT-1234
>>                URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1234
>>            Project: HttpComponents HttpClient
>>         Issue Type: Bug
>>         Components: HttpClient
>>   Affects Versions: 4.2.1
>>           Reporter: Philippe Mouawad
>>        Attachments: WebClientDevWrapper.java
>>
>>
>> Hello,
>> We got a report of an issue with JMeter:
>> http://stackoverflow.com/questions/12538233/javax-net-ssl-sslpeerunverifiedexception-peer-not-authenticated-when-load-testi
>> The reporter has setup a public site with his configuration:
>> https://ec2-50-17-85-212.compute-1.amazonaws.com:8443/hello/
>> I reproduced issue with JMeter but it seems it comes from HttpClient or it's a feature.
>> I created a simple test class I attach here not related to JMeter
>
> --
> This message is automatically generated by JIRA.
> If you think it was sent incorrectly, please contact your JIRA administrators
> For more information on JIRA, see: http://www.atlassian.com/software/jira
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
> For additional commands, e-mail: dev-help@hc.apache.org
>

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org


Mime
View raw message