hc-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Oleg Kalnichevski (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HTTPCLIENT-1234) HTTPS + SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER leads to javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
Date Sun, 23 Sep 2012 16:12:07 GMT

    [ https://issues.apache.org/jira/browse/HTTPCLIENT-1234?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13461449#comment-13461449
] 

Oleg Kalnichevski commented on HTTPCLIENT-1234:
-----------------------------------------------

I think I found a difference in the way two JRE versions do the opening sequence of the SSL
handshake. For some reason I appears that JRE 1.6.0 falls back onto SSLv2 protocol version
in the middle of the opening sequence which prompts the server to reject the connection. I
do not think this problem has anything to do with HttpClient.


JRE 1.7.0.01
---
*** ClientHello, TLSv1
...
[write] MD5 and SHA1 hashes:  len = 149
...
main, WRITE: TLSv1 Handshake, length = 149
[Raw write]: length = 154
...
[Raw read]: length = 5
0000: 16 03 01 00 51                                     ....Q
[Raw read]: length = 81
...
main, READ: TLSv1 Handshake, length = 81
*** ServerHello, TLSv1
RandomCookie:  GMT: 1348410688 bytes = { 210, 137, 120, 151, 141, 204, 17, 181, 25, 243, 201,
26, 184, 125, 141, 72, 59, 152, 57, 122, 107, 8, 163, 173, 203, 82, 49, 135 }
Session ID:  {206, 47, 136, 138, 182, 213, 100, 57, 8, 199, 62, 173, 155, 182, 237, 164, 144,
1, 53, 143, 93, 21, 247, 169, 244, 107, 37, 10, 75, 36, 144, 127}
Cipher Suite: SSL_RSA_WITH_RC4_128_SHA
Compression Method: 0
Extension renegotiation_info, renegotiated_connection: <empty>
***
%% Initialized:  [Session-1, SSL_RSA_WITH_RC4_128_SHA]
** SSL_RSA_WITH_RC4_128_SHA
---

JRE 1.6.0.29
---
*** ClientHello, TLSv1
...
[write] MD5 and SHA1 hashes:  len = 75
...
main, WRITE: TLSv1 Handshake, length = 75
[write] MD5 and SHA1 hashes:  len = 101
...
main, WRITE: SSLv2 client hello message, length = 101
...
main, handling exception: java.net.SocketException: Connection reset
main, SEND TLSv1 ALERT:  fatal, description = unexpected_message
---

The 'main, WRITE: SSLv2 client hello message, length = 101' seems to be the cause of the problem.

Oleg
                
> HTTPS + SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER leads to javax.net.ssl.SSLPeerUnverifiedException:
peer not authenticated
> ------------------------------------------------------------------------------------------------------------------------------
>
>                 Key: HTTPCLIENT-1234
>                 URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1234
>             Project: HttpComponents HttpClient
>          Issue Type: Bug
>          Components: HttpClient
>    Affects Versions: 4.2.1
>            Reporter: Philippe Mouawad
>         Attachments: WebClientDevWrapper.java
>
>
> Hello,
> We got a report of an issue with JMeter:
> http://stackoverflow.com/questions/12538233/javax-net-ssl-sslpeerunverifiedexception-peer-not-authenticated-when-load-testi
> The reporter has setup a public site with his configuration:
> https://ec2-50-17-85-212.compute-1.amazonaws.com:8443/hello/
> I reproduced issue with JMeter but it seems it comes from HttpClient or it's a feature.
> I created a simple test class I attach here not related to JMeter

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org


Mime
View raw message