[
https://issues.apache.org/jira/browse/HTTPCLIENT-1234?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13461449#comment-13461449
]
Oleg Kalnichevski commented on HTTPCLIENT-1234:
-----------------------------------------------
I think I found a difference in the way two JRE versions do the opening
sequence of the SSL handshake. For some reason I appears that JRE 1.6.0 falls
back onto SSLv2 protocol version in the middle of the opening sequence which
prompts the server to reject the connection. I do not think this problem has
anything to do with HttpClient.
JRE 1.7.0.01
---
*** ClientHello, TLSv1
...
[write] MD5 and SHA1 hashes: len = 149
...
main, WRITE: TLSv1 Handshake, length = 149
[Raw write]: length = 154
...
[Raw read]: length = 5
0000: 16 03 01 00 51 ....Q
[Raw read]: length = 81
...
main, READ: TLSv1 Handshake, length = 81
*** ServerHello, TLSv1
RandomCookie: GMT: 1348410688 bytes = { 210, 137, 120, 151, 141, 204, 17, 181,
25, 243, 201, 26, 184, 125, 141, 72, 59, 152, 57, 122, 107, 8, 163, 173, 203,
82, 49, 135 }
Session ID: {206, 47, 136, 138, 182, 213, 100, 57, 8, 199, 62, 173, 155, 182,
237, 164, 144, 1, 53, 143, 93, 21, 247, 169, 244, 107, 37, 10, 75, 36, 144, 127}
Cipher Suite: SSL_RSA_WITH_RC4_128_SHA
Compression Method: 0
Extension renegotiation_info, renegotiated_connection: <empty>
***
%% Initialized: [Session-1, SSL_RSA_WITH_RC4_128_SHA]
** SSL_RSA_WITH_RC4_128_SHA
---
JRE 1.6.0.29
---
*** ClientHello, TLSv1
...
[write] MD5 and SHA1 hashes: len = 75
...
main, WRITE: TLSv1 Handshake, length = 75
[write] MD5 and SHA1 hashes: len = 101
...
main, WRITE: SSLv2 client hello message, length = 101
...
main, handling exception: java.net.SocketException: Connection reset
main, SEND TLSv1 ALERT: fatal, description = unexpected_message
---
The 'main, WRITE: SSLv2 client hello message, length = 101' seems to be the
cause of the problem.
Oleg
> HTTPS + SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER leads to
> javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
> ------------------------------------------------------------------------------------------------------------------------------
>
> Key: HTTPCLIENT-1234
> URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1234
> Project: HttpComponents HttpClient
> Issue Type: Bug
> Components: HttpClient
> Affects Versions: 4.2.1
> Reporter: Philippe Mouawad
> Attachments: WebClientDevWrapper.java
>
>
> Hello,
> We got a report of an issue with JMeter:
> http://stackoverflow.com/questions/12538233/javax-net-ssl-sslpeerunverifiedexception-peer-not-authenticated-when-load-testi
> The reporter has setup a public site with his configuration:
> https://ec2-50-17-85-212.compute-1.amazonaws.com:8443/hello/
> I reproduced issue with JMeter but it seems it comes from HttpClient or it's
> a feature.
> I created a simple test class I attach here not related to JMeter
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
