Hi,
we encountered the same problem.
You'll have to use a custom SSLProtocolFactory that will explicitly enable
SSLv3 protocol on the SSLSocket in the createSocket methods with something like
:
sslSocket.setEnabledProtocols(new String[] { "SSLv3" });
Read carefully http://hc.apache.org/httpclient-3.x/sslguide.html
and start with
http://svn.apache.org/viewvc/httpcomponents/oac.hc3x/trunk/src/contrib/org/apache/commons/httpclient/contrib/ssl/StrictSSLProtocolSocketFactory.java?view=markup
or
http://svn.apache.org/viewvc/httpcomponents/oac.hc3x/trunk/src/contrib/org/apache/commons/httpclient/contrib/ssl/AuthSSLProtocolSocketFactory.java?view=markup
christophe
> -----Message d'origine-----
> De : [email protected] [mailto:[email protected]]
> Envoyé : vendredi 13 février 2009 17:14
> À : [email protected]
> Objet : Fwd: Httpclient sslv3 & bad_record_mac error
>
> I am trying to get httpClient work for sslv3 connection currently we
> are
> connecting to sslv2 and it works but connecting to sslv3 does not work.
>
> The problem is very similar to the one describe in the following link
>
> http://www.mailinglistarchive.com/httpclient-
> [email protected]/msg00380.html
>
> this is the following error I get
>
> javax.net.ssl.SSLException: Received fatal alert: bad_record_mac
>
>
> import org.apache.commons.httpclient.HttpClient;
> import org.apache.commons.httpclient.Header;
> import org.apache.commons.httpclient.methods.GetMethod;
> import org.apache.commons.httpclient.protocol.Protocol;
> import org.apache.commons.httpclient.protocol.ProtocolSocketFactory;
> import org.apache.commons.httpclient.protocol.SSLProtocolSocketFactory;
>
>
> public class SSLv3Test {
>
> final static String SSL_TEST_URL = "https://localhost/index.html";;
>
> public static void main(String[] args) throws Exception {
>
>
> GetMethod method = new GetMethod(SSL_TEST_URL);
> HttpClient http = new HttpClient();
>
> long t0 = System.currentTimeMillis();
> int status = http.executeMethod(method); // This is the line i get a
> the
> error
> }
> }
>
>
> Any help on this topic is greatly appreciated.
> Thanks,
> PM
Ce message et les pièces jointes sont confidentiels et réservés à l'usage
exclusif de ses destinataires. Il peut également être protégé par le secret
professionnel. Si vous recevez ce message par erreur, merci d'en avertir
immédiatement l'expéditeur et de le détruire. L'intégrité du message ne pouvant
être assurée sur Internet, la responsabilité du groupe Atos Origin ne pourra
être recherchée quant au contenu de ce message. Bien que les meilleurs efforts
soient faits pour maintenir cette transmission exempte de tout virus,
l'expéditeur ne donne aucune garantie à cet égard et sa responsabilité ne
saurait être recherchée pour tout dommage résultant d'un virus transmis.
This e-mail and the documents attached are confidential and intended solely for
the addressee; it may also be privileged. If you receive this e-mail in error,
please notify the sender immediately and destroy it. As its integrity cannot be
secured on the Internet, the Atos Origin group liability cannot be triggered
for the message content. Although the sender endeavours to maintain a computer
virus-free network, the sender does not warrant that this transmission is
virus-free and will not be liable for any damages resulting from any virus
transmitted.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
