[jira] [Created] (HTTPCLIENT-2368) IllegalStateException: "TLS already activated" with HttpAsyncClient and HTTPS Proxy

Tue, 06 May 2025 07:07:08 -0700 

Akash created HTTPCLIENT-2368:
---------------------------------

             Summary: IllegalStateException: "TLS already activated" with 
HttpAsyncClient and HTTPS Proxy
                 Key: HTTPCLIENT-2368
                 URL: https://issues.apache.org/jira/browse/HTTPCLIENT-2368
             Project: HttpComponents HttpClient
          Issue Type: Bug
          Components: HttpClient (async)
    Affects Versions: 5.4
            Reporter: Akash


*Getting error: java.util.concurrent.ExecutionException: 
java.lang.IllegalStateException: TLS already activated*

 

Has anyone encountered this issue or knows how to properly handle double TLS 
handshake with HttpAsyncClient when using an HTTPS proxy?

When HttpAsyncClient is configured to use a proxy, it uses the HTTP CONNECT 
protocol. Here's the flow that leads to this error:

1. The client connects over TLS to the proxy
2. Client issues an HTTP CONNECT request to the proxy
3. Proxy opens a TCP connection to the target URL's host
4. If successful, proxy replies with 200 OK
5. For HTTPS targets, client attempts another TLS handshake with the target host
6. This second TLS handshake fails with IllegalStateException because the 
connection already has a TLS context

Stack Trace:

{{{*}Caused by: java.util.concurrent.ExecutionException: 
java.lang.IllegalStateException: TLS already activated{*}
*at org.apache.hc.core5.concurrent.BasicFuture.getResult(BasicFuture.java:84) 
~[Apache-HttpComponents-HttpCore5-5.0.x.jar:?]*
*at org.apache.hc.core5.concurrent.BasicFuture.get(BasicFuture.java:122) 
~[Apache-HttpComponents-HttpCore5-5.0.x.jar:?]*
*at 
com.amazon.mons.control.http.client.apache.ApacheHttpClient5AsyncBuffered.execute(ApacheHttpClient5AsyncBuffered.java:103)
 ~[main/:?]*
*... 16 more*
*Caused by: java.lang.IllegalStateException: TLS already activated*
*at 
org.apache.hc.core5.reactor.InternalDataChannel.startTls(InternalDataChannel.java:253)
 ~[Apache-HttpComponents-HttpCore5-5.0.x.jar:?]*
*at 
org.apache.hc.client5.http.impl.nio.DefaultManagedAsyncClientConnection.startTls(DefaultManagedAsyncClientConnection.java:171)
 ~[Apache-HttpComponents-HttpClient5-5.0.x.jar:?]*
*at 
org.apache.hc.client5.http.ssl.AbstractClientTlsStrategy.upgrade(AbstractClientTlsStrategy.java:127)
 ~[Apache-HttpComponents-HttpClient5-5.0.x.jar:?]*
*at 
org.apache.hc.client5.http.ssl.DefaultClientTlsStrategy.upgrade(DefaultClientTlsStrategy.java:48)
 ~[Apache-HttpComponents-HttpClient5-5.0.x.jar:?]*
*at 
org.apache.hc.client5.http.impl.nio.DefaultAsyncClientConnectionOperator.upgrade(DefaultAsyncClientConnectionOperator.java:206)
 ~[Apache-HttpComponents-HttpClient5-5.0.x.jar:?]*
*at 
org.apache.hc.client5.http.impl.nio.PoolingAsyncClientConnectionManager.upgrade(PoolingAsyncClientConnectionManager.java:505)
 ~[Apache-HttpComponents-HttpClient5-5.0.x.jar:?]*
*at 
org.apache.hc.client5.http.impl.async.InternalHttpAsyncExecRuntime.upgradeTls(InternalHttpAsyncExecRuntime.java:267)
 ~[Apache-HttpComponents-HttpClient5-5.0.x.jar:?]*
*at 
org.apache.hc.client5.http.impl.async.AsyncConnectExec.doProceedToNextHop(AsyncConnectExec.java:336)
 ~[Apache-HttpComponents-HttpClient5-5.0.x.jar:?]*
*at 
org.apache.hc.client5.http.impl.async.AsyncConnectExec.proceedToNextHop(AsyncConnectExec.java:195)
 ~[Apache-HttpComponents-HttpClient5-5.0.x.jar:?]*
*at 
org.apache.hc.client5.http.impl.async.AsyncConnectExec.access$000(AsyncConnectExec.java:90)
 ~[Apache-HttpComponents-HttpClient5-5.0.x.jar:?]*
*at 
org.apache.hc.client5.http.impl.async.AsyncConnectExec$4.completed(AsyncConnectExec.java:313)
 ~[Apache-HttpComponents-HttpClient5-5.0.x.jar:?]*
*at 
org.apache.hc.client5.http.impl.async.AsyncConnectExec$6.consumeResponse(AsyncConnectExec.java:468)
 ~[Apache-HttpComponents-HttpClient5-5.0.x.jar:?]*
*at 
org.apache.hc.core5.http.impl.nio.ClientHttp1StreamHandler.consumeHeader(ClientHttp1StreamHandler.java:252)
 ~[Apache-HttpComponents-HttpCore5-5.0.x.jar:?]*
*at 
org.apache.hc.core5.http.impl.nio.ClientHttp1StreamDuplexer.consumeHeader(ClientHttp1StreamDuplexer.java:348)
 ~[Apache-HttpComponents-HttpCore5-5.0.x.jar:?]*
*at 
org.apache.hc.core5.http.impl.nio.ClientHttp1StreamDuplexer.consumeHeader(ClientHttp1StreamDuplexer.java:80)
 ~[Apache-HttpComponents-HttpCore5-5.0.x.jar:?]*
*at 
org.apache.hc.core5.http.impl.nio.AbstractHttp1StreamDuplexer.onInput(AbstractHttp1StreamDuplexer.java:301)
 ~[Apache-HttpComponents-HttpCore5-5.0.x.jar:?]*
*at 
org.apache.hc.core5.http.impl.nio.AbstractHttp1IOEventHandler.inputReady(AbstractHttp1IOEventHandler.java:64)
 ~[Apache-HttpComponents-HttpCore5-5.0.x.jar:?]*
*at 
org.apache.hc.core5.http.impl.nio.ClientHttp1IOEventHandler.inputReady(ClientHttp1IOEventHandler.java:41)
 ~[Apache-HttpComponents-HttpCore5-5.0.x.jar:?]*
*at 
org.apache.hc.core5.reactor.ssl.SSLIOSession.decryptData(SSLIOSession.java:618) 
~[Apache-HttpComponents-HttpCore5-5.0.x.jar:?]*
*at 
org.apache.hc.core5.reactor.ssl.SSLIOSession.access$200(SSLIOSession.java:74) 
~[Apache-HttpComponents-HttpCore5-5.0.x.jar:?]*
*at 
org.apache.hc.core5.reactor.ssl.SSLIOSession$1.inputReady(SSLIOSession.java:204)
 ~[Apache-HttpComponents-HttpCore5-5.0.x.jar:?]*
*at 
org.apache.hc.core5.reactor.InternalDataChannel.onIOEvent(InternalDataChannel.java:143)
 ~[Apache-HttpComponents-HttpCore5-5.0.x.jar:?]*
*at 
org.apache.hc.core5.reactor.InternalChannel.handleIOEvent(InternalChannel.java:51)
 ~[Apache-HttpComponents-HttpCore5-5.0.x.jar:?]*
*at 
org.apache.hc.core5.reactor.SingleCoreIOReactor.processEvents(SingleCoreIOReactor.java:176)
 ~[Apache-HttpComponents-HttpCore5-5.0.x.jar:?]*
*at 
org.apache.hc.core5.reactor.SingleCoreIOReactor.doExecute(SingleCoreIOReactor.java:125)
 ~[Apache-HttpComponents-HttpCore5-5.0.x.jar:?]*
*at 
org.apache.hc.core5.reactor.AbstractSingleCoreIOReactor.execute(AbstractSingleCoreIOReactor.java:92)
 ~[Apache-HttpComponents-HttpCore5-5.0.x.jar:?]*
*at org.apache.hc.core5.reactor.IOReactorWorker.run(IOReactorWorker.java:44) 
~[Apache-HttpComponents-HttpCore5-5.0.x.jar:?]*
*at java.lang.Thread.run(Thread.java:1583) [?:?]*
}}

*Code:*

 

 

 

{{{noformat}}}

{{{}{}}}{*}java{*}
*HttpRoutePlanner planner = (target, context) → {*
{*}HttpHost httpHost = new HttpHost("{*}{*}https",{*} *target.getHostName(),* 
*443 );*
*HttpHost proxy = new HttpHost("https", proxynode, 443);*
*HttpRoute route = new HttpRoute(*
*httpHost,*
*null,*
*proxy,*
*true,*
*RouteInfo.TunnelType.TUNNELLED,*
*RouteInfo.LayerType.LAYERED*
*);*
*return route;*
*};*

*CachingHttpAsyncClients.custom()*
*//...*
*.setRoutePlanner(planner)*
*.build();*

*future = httpAsyncClient.execute(*
*asyncRequestProducer,*
*SimpleResponseConsumer.create(),*
*null,*
*cacheContext,*
*null*
*);*

 

{{{noformat}}}



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@hc.apache.org
For additional commands, e-mail: dev-h...@hc.apache.org

Reply via email to