Received fatal alert: unexpected_message

1,031 views
Skip to first unread message

seandaw...@gmail.com

unread,
Nov 13, 2017, 5:33:01 PM11/13/17
to asynchttpclient

Hello,

I have a client application attempting to connect to a Jetty 9.4.7 server. It works fine using http but I can't get it working using https (at least with a self-signed certificate).

AsyncHttpClient client = new AsyncHttpClient(); // version 1.9.18
Response resp = client.prepareGet("https://localhost:8443").execute().get();
System.out.println(resp.getResponseBody());
client.close();

Using Java 1.8.0_131. Exception stack below.

I've tried...

- using same keystore for both (specifying truststore on client)
- exporting certificate from keystore and creating separate truststore
- specifying ciphers and protocols (using Java system properties and in code)
- trying different system property workarounds found online on both client and server (-Dcom.sun.net.ssl.enableECC=false -Djsse.enableSNIExtension=false)
- many various ways of specifying SSLContext/etc for AsyncHttpClient
     (eg. http://people.apache.org/~simonetripodi/ahc/ssl.html)
- enabling Java ssl debug...
New I/O worker #10, READ: TLSv1.2 Alert, length = 2
New I/O worker #10, RECV TLSv1.2 ALERT:  fatal, unexpected_message
New I/O worker #10, fatal: engine already closed.  Rethrowing javax.net.ssl.SSLException: Received fatal alert: unexpected_message
New I/O worker #10, fatal: engine already closed.  Rethrowing javax.net.ssl.SSLException: Received fatal alert: unexpected_message
New I/O worker #10, called closeOutbound()
New I/O worker #10, closeOutboundInternal()
New I/O worker #10, SEND TLSv1.2 ALERT:  warning, description = close_notify
New I/O worker #10, WRITE: TLSv1.2 Alert, length = 2
New I/O worker #10, called closeInbound()
New I/O worker #10, fatal: engine already closed.  Rethrowing javax.net.ssl.SSLException: Inbound closed before receiving peer's close_notify: possible truncation attack?

Pretty much nothing I do/try changes the result. I can connect fine to the server using a browser (after accepting the self-signed warning).  Any ideas? Thanks.


Exception in thread "main" java.util.concurrent.ExecutionException: java.net.ConnectException: Received fatal alert: unexpected_message
	at com.ning.http.client.providers.netty.future.NettyResponseFuture.abort(NettyResponseFuture.java:231)
	at com.ning.http.client.providers.netty.request.NettyConnectListener.onFutureFailure(NettyConnectListener.java:132)
	at com.ning.http.client.providers.netty.request.NettyConnectListener.access$200(NettyConnectListener.java:37)
	at com.ning.http.client.providers.netty.request.NettyConnectListener$1.operationComplete(NettyConnectListener.java:101)
	at org.jboss.netty.channel.DefaultChannelFuture.notifyListener(DefaultChannelFuture.java:409)
	at org.jboss.netty.channel.DefaultChannelFuture.notifyListeners(DefaultChannelFuture.java:395)
	at org.jboss.netty.channel.DefaultChannelFuture.setFailure(DefaultChannelFuture.java:362)
	at org.jboss.netty.handler.ssl.SslHandler.setHandshakeFailure(SslHandler.java:1452)
	at org.jboss.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1306)
	at org.jboss.netty.handler.ssl.SslHandler.decode(SslHandler.java:852)
	at org.jboss.netty.handler.codec.frame.FrameDecoder.callDecode(FrameDecoder.java:425)
	at org.jboss.netty.handler.codec.frame.FrameDecoder.messageReceived(FrameDecoder.java:303)
	at org.jboss.netty.channel.SimpleChannelUpstreamHandler.handleUpstream(SimpleChannelUpstreamHandler.java:70)
	at org.jboss.netty.channel.DefaultChannelPipeline.sendUpstream(DefaultChannelPipeline.java:564)
	at org.jboss.netty.channel.DefaultChannelPipeline.sendUpstream(DefaultChannelPipeline.java:559)
	at org.jboss.netty.channel.Channels.fireMessageReceived(Channels.java:268)
	at org.jboss.netty.channel.Channels.fireMessageReceived(Channels.java:255)
	at org.jboss.netty.channel.socket.nio.NioWorker.read(NioWorker.java:88)
	at org.jboss.netty.channel.socket.nio.AbstractNioWorker.process(AbstractNioWorker.java:108)
	at org.jboss.netty.channel.socket.nio.AbstractNioSelector.run(AbstractNioSelector.java:337)
	at org.jboss.netty.channel.socket.nio.AbstractNioWorker.run(AbstractNioWorker.java:89)
	at org.jboss.netty.channel.socket.nio.NioWorker.run(NioWorker.java:178)
	at org.jboss.netty.util.ThreadRenamingRunnable.run(ThreadRenamingRunnable.java:108)
	at org.jboss.netty.util.internal.DeadLockProofWorker$1.run(DeadLockProofWorker.java:42)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
	at java.lang.Thread.run(Thread.java:748)
Caused by: java.net.ConnectException: Received fatal alert: unexpected_message
	at com.ning.http.client.providers.netty.request.NettyConnectListener.onFutureFailure(NettyConnectListener.java:128)
	... 25 more
Caused by: javax.net.ssl.SSLException: Received fatal alert: unexpected_message
	at sun.security.ssl.Alerts.getSSLException(Alerts.java:208)
	at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1666)
	at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1634)
	at sun.security.ssl.SSLEngineImpl.recvAlert(SSLEngineImpl.java:1800)
	at sun.security.ssl.SSLEngineImpl.readRecord(SSLEngineImpl.java:1083)
	at sun.security.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:907)
	at sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:781)
	at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:624)
	at org.jboss.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1220)
	... 18 more

Stéphane LANDELLE

unread,
Nov 13, 2017, 8:01:25 PM11/13/17
to asyncht...@googlegroups.com
Hi,

You're using AHC 1 that has reached end of life one year ago.
Please upgrade to AHC 2.
If the issue still happens, please provide a minimal reproducer.

Regards,

Stéphane Landelle
GatlingCorp CEO


--
You received this message because you are subscribed to the Google Groups "asynchttpclient" group.
To unsubscribe from this group and stop receiving emails from it, send an email to asynchttpclient+unsubscribe@googlegroups.com.
To post to this group, send email to asynchttpclient@googlegroups.com.
Visit this group at https://groups.google.com/group/asynchttpclient.
For more options, visit https://groups.google.com/d/optout.

Sean Dawson

unread,
Nov 14, 2017, 8:30:09 AM11/14/17
to asyncht...@googlegroups.com

That was it! Thank you!!


--
You received this message because you are subscribed to a topic in the Google Groups "asynchttpclient" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/asynchttpclient/lItwvGnVMx4/unsubscribe.
To unsubscribe from this group and all its topics, send an email to asynchttpclient+unsubscribe@googlegroups.com.
Reply all
Reply to author
Forward
0 new messages