Hello,
I have a client application attempting to connect to a Jetty 9.4.7 server. It works fine using http but I can't get it working using https (at least with a self-signed certificate).
AsyncHttpClient client = new AsyncHttpClient(); // version 1.9.18
Response resp = client.prepareGet("https://localhost:8443").execute().get();
System.out.println(resp.getResponseBody());
client.close();
Using Java 1.8.0_131. Exception stack below.
I've tried...
- using same keystore for both (specifying truststore on client)
- exporting certificate from keystore and creating separate truststore
- specifying ciphers and protocols (using Java system properties and in code)
- trying different system property workarounds found online on both client and server (-Dcom.sun.net.ssl.enableECC=false -Djsse.enableSNIExtension=false)
- many various ways of specifying SSLContext/etc for AsyncHttpClient
(eg. http://people.apache.org/~simonetripodi/ahc/ssl.html)
- enabling Java ssl debug...
New I/O worker #10, READ: TLSv1.2 Alert, length = 2
New I/O worker #10, RECV TLSv1.2 ALERT: fatal, unexpected_message
New I/O worker #10, fatal: engine already closed. Rethrowing javax.net.ssl.SSLException: Received fatal alert: unexpected_message
New I/O worker #10, fatal: engine already closed. Rethrowing javax.net.ssl.SSLException: Received fatal alert: unexpected_message
New I/O worker #10, called closeOutbound()
New I/O worker #10, closeOutboundInternal()
New I/O worker #10, SEND TLSv1.2 ALERT: warning, description = close_notify
New I/O worker #10, WRITE: TLSv1.2 Alert, length = 2
New I/O worker #10, called closeInbound()
New I/O worker #10, fatal: engine already closed. Rethrowing javax.net.ssl.SSLException: Inbound closed before receiving peer's close_notify: possible truncation attack?
Pretty much nothing I do/try changes the result. I can connect fine to the server using a browser (after accepting the self-signed warning). Any ideas? Thanks.
Exception in thread "main" java.util.concurrent.ExecutionException: java.net.ConnectException: Received fatal alert: unexpected_message
at com.ning.http.client.providers.netty.future.NettyResponseFuture.abort(NettyResponseFuture.java:231)
at com.ning.http.client.providers.netty.request.NettyConnectListener.onFutureFailure(NettyConnectListener.java:132)
at com.ning.http.client.providers.netty.request.NettyConnectListener.access$200(NettyConnectListener.java:37)
at com.ning.http.client.providers.netty.request.NettyConnectListener$1.operationComplete(NettyConnectListener.java:101)
at org.jboss.netty.channel.DefaultChannelFuture.notifyListener(DefaultChannelFuture.java:409)
at org.jboss.netty.channel.DefaultChannelFuture.notifyListeners(DefaultChannelFuture.java:395)
at org.jboss.netty.channel.DefaultChannelFuture.setFailure(DefaultChannelFuture.java:362)
at org.jboss.netty.handler.ssl.SslHandler.setHandshakeFailure(SslHandler.java:1452)
at org.jboss.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1306)
at org.jboss.netty.handler.ssl.SslHandler.decode(SslHandler.java:852)
at org.jboss.netty.handler.codec.frame.FrameDecoder.callDecode(FrameDecoder.java:425)
at org.jboss.netty.handler.codec.frame.FrameDecoder.messageReceived(FrameDecoder.java:303)
at org.jboss.netty.channel.SimpleChannelUpstreamHandler.handleUpstream(SimpleChannelUpstreamHandler.java:70)
at org.jboss.netty.channel.DefaultChannelPipeline.sendUpstream(DefaultChannelPipeline.java:564)
at org.jboss.netty.channel.DefaultChannelPipeline.sendUpstream(DefaultChannelPipeline.java:559)
at org.jboss.netty.channel.Channels.fireMessageReceived(Channels.java:268)
at org.jboss.netty.channel.Channels.fireMessageReceived(Channels.java:255)
at org.jboss.netty.channel.socket.nio.NioWorker.read(NioWorker.java:88)
at org.jboss.netty.channel.socket.nio.AbstractNioWorker.process(AbstractNioWorker.java:108)
at org.jboss.netty.channel.socket.nio.AbstractNioSelector.run(AbstractNioSelector.java:337)
at org.jboss.netty.channel.socket.nio.AbstractNioWorker.run(AbstractNioWorker.java:89)
at org.jboss.netty.channel.socket.nio.NioWorker.run(NioWorker.java:178)
at org.jboss.netty.util.ThreadRenamingRunnable.run(ThreadRenamingRunnable.java:108)
at org.jboss.netty.util.internal.DeadLockProofWorker$1.run(DeadLockProofWorker.java:42)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:748)
Caused by: java.net.ConnectException: Received fatal alert: unexpected_message
at com.ning.http.client.providers.netty.request.NettyConnectListener.onFutureFailure(NettyConnectListener.java:128)
... 25 more
Caused by: javax.net.ssl.SSLException: Received fatal alert: unexpected_message
at sun.security.ssl.Alerts.getSSLException(Alerts.java:208)
at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1666)
at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1634)
at sun.security.ssl.SSLEngineImpl.recvAlert(SSLEngineImpl.java:1800)
at sun.security.ssl.SSLEngineImpl.readRecord(SSLEngineImpl.java:1083)
at sun.security.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:907)
at sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:781)
at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:624)
at org.jboss.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1220)
... 18 more