Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

SSLException: Unrecognized SSL message, plaintext connection?

6,648 views
Skip to first unread message

sva...@gmail.com

unread,
Feb 14, 2007, 11:55:54 PM2/14/07
to
Hi All

I am getting the following message when run my application

Caused by: javax.net.ssl.SSLException: Unrecognized SSL message,
plaintext connection?
at com.sun.net.ssl.internal.ssl.InputRecord.b(Unknown Source)
at com.sun.net.ssl.internal.ssl.InputRecord.read(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.j(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(Unknown Source)
at com.sun.net.ssl.internal.ssl.AppInputStream.read(Unknown Source)
at sun.nio.cs.StreamDecoder$CharsetSD.readBytes(Unknown Source)
at sun.nio.cs.StreamDecoder$CharsetSD.implRead(Unknown Source)
at sun.nio.cs.StreamDecoder.read(Unknown Source)
at java.io.InputStreamReader.read(Unknown Source)
at java.io.BufferedReader.fill(Unknown Source)
at java.io.BufferedReader.readLine(Unknown Source)
at java.io.BufferedReader.readLine(Unknown Source)

Let me give a brief overview of my application.
This is a FTPS (NOT SFTP) client connecting to the FTP server on port
990. I am trying to connect to the server download the server
certificate and then load it dynamically in the trustmanager and then
do the normal FTP operations.
The application connects fine for downloading the ceritificate,
logging in and getting the initial working directory details. Thereon
any operation throws me this error.

Any ideas are welcome.

Thanks in advance
SV

sva...@gmail.com

unread,
Feb 15, 2007, 12:18:28 AM2/15/07
to
I have gone thru lot of forums and boards. Lot of guys seems to have
this issue, but I havent seen a single solution. I hope some of you
might point me in the right direction. I have gone thru the java
documentation as well to look for the cause of this exception. But
could not get the right pointer to the solution.

By the way I am using JDK1.4.2

With JDK1.4.0 I get the following error

Caused by: javax.net.ssl.SSLException: Unrecognized SSL handshake.
at com.sun.net.ssl.internal.ssl.InputRecord.read(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.AppInputStream.read(DashoA6275)


at sun.nio.cs.StreamDecoder$CharsetSD.readBytes(Unknown Source)
at sun.nio.cs.StreamDecoder$CharsetSD.implRead(Unknown Source)
at sun.nio.cs.StreamDecoder.read(Unknown Source)
at java.io.InputStreamReader.read(Unknown Source)
at java.io.BufferedReader.fill(Unknown Source)
at java.io.BufferedReader.readLine(Unknown Source)
at java.io.BufferedReader.readLine(Unknown Source)

With IBM JDK1.4 I get the following error

Caused by: javax.net.ssl.SSLHandshakeException: unexpected message
at com.ibm.jsse.bv.a(Unknown Source)
at com.ibm.jsse.a.a(Unknown Source)
at com.ibm.jsse.a.read(Unknown Source)
at sun.nio.cs.StreamDecoder$ConverterSD.implRead(StreamDecoder.java:
325)
at sun.nio.cs.StreamDecoder.read(StreamDecoder.java:223)
at java.io.InputStreamReader.read(InputStreamReader.java:208)
at java.io.BufferedReader.fill(BufferedReader.java:153)
at java.io.BufferedReader.readLine(BufferedReader.java(Compiled
Code))
at java.io.BufferedReader.readLine(BufferedReader.java:379)

Ralf Ullrich

unread,
Feb 15, 2007, 6:12:21 AM2/15/07
to
sva...@gmail.com wrote:

>This is a FTPS (NOT SFTP) client connecting to the FTP server on port
>990. I am trying to connect to the server download the server
>certificate and then load it dynamically in the trustmanager and then
>do the normal FTP operations.
>The application connects fine for downloading the ceritificate,
>logging in and getting the initial working directory details. Thereon
>any operation throws me this error.
>
>Any ideas are welcome.

I think the problem comes from using a SSLSocket directly. As far as I can
see in the FTPS RFCs (RFC 2228 and 4217) securing FTP through TLS works
different from how it works for HTTP (see RFC 2817).

With HTTP client and server exchange a few messages to agree, that they
will continue with TLS, and then the TLS handshake happens directly, i.e.
without any interference from the HTTP protocol.

That's different in FTPS, here all communication stays within in the FTPS
protocol and the TLS handshake is encapsulated within FTPS-ADAT messages
as Base64 encoded data. This is however not supported by the SSLSocket.
Instead, at least AFAIK, you have to provide your own FTPS-aware
implementation of SSLEngine, which in turn uses the wrap/unwrap methods to
exchange the FTPS-ADAT messages, and also implements all the other
abstract methods using the appropriate FTPS messages. I assume it's a lot
of work, so I recommend you try looking for ready-to-use implementation,
you might even consider to buy one, if you cannot find a free one.

HTH

cu

sva...@gmail.com

unread,
Feb 16, 2007, 2:04:48 AM2/16/07
to
Hi

I am successful in the following operations
- connecting to the server
- adding the server certificate to the client trustmanager dynamically
(without user intervention - that is the requirement here)
- logging into the server
- getting the details of the current working directory

But thereon... any other operation fails with the above exception. Is
it something to to do with the SSLSession. Do I have to do something
on the session?

Thanks again

SV

sva...@gmail.com

unread,
Feb 16, 2007, 4:02:40 AM2/16/07
to
To add to the previous post....

After login, I can change/delete/make directory.
But only the list command fails... reading the response from the
server

Thanks
SV


Dames

unread,
Feb 16, 2007, 9:36:32 AM2/16/07
to
It appears the SSL handshake is failing on the data connection but why
this should be I don't know. I assume you are using the old standard of
FTPS which uses implicit SSL on the control and data channels? If not
then maybe you need to set the protection level of the data channel
before performing a command which uses it (get/put/list etc).

You could also try turning on additional SSL tracing to stdout using:

System.setProperty( "javax.net.debug", "ssl");


Regards,

Damian.

sva...@gmail.com

unread,
Feb 18, 2007, 10:56:36 PM2/18/07
to
Absolutely Damien

Handshake is failing over Data Connection.
I am using implicit-SSL for connecting to the server.
I will post the debug details shortly

Thanks for the reply

SV

sva...@gmail.com

unread,
Feb 19, 2007, 1:23:53 AM2/19/07
to
Pl find the debug trace below
The control connection handshake is proper. But the data connection
handshake is messed up. Pl let me know if you see any pointers.

trigger seeding of SecureRandom
done seeding SecureRandom
%% No cached client session
*** ClientHello, TLSv1
RandomCookie: GMT: 1155086860 bytes = { 111, 136, 0, 235, 199, 143,
1, 247, 249, 156, 136, 61, 111, 168, 27, 182, 117, 13, 231, 43, 18,
117, 155, 194, 106, 42, 182, 114 }
Session ID: {}
Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA,
TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA,
SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA,
SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA,
SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5,
SSL_RSA_EXPORT_WITH_DES40_CBC_SHA,
SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA,
SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA]
Compression Methods: { 0 }
***
main, WRITE: TLSv1 Handshake, length = 73
main, WRITE: SSLv2 client hello message, length = 98
main, READ: TLSv1 Handshake, length = 679
*** ServerHello, TLSv1
RandomCookie: GMT: 1155086492 bytes = { 45, 247, 177, 187, 98, 111,
81, 10, 115, 20, 232, 54, 21, 116, 16, 209, 63, 230, 34, 24, 80, 180,
83, 21, 100, 102, 125, 93 }
Session ID: {69, 217, 57, 156, 51, 36, 133, 233, 75, 40, 3, 92, 174,
21, 202, 200, 220, 92, 39, 69, 85, 64, 233, 171, 12, 50, 70, 162, 26,
119, 159, 105}
Cipher Suite: SSL_RSA_WITH_RC4_128_MD5
Compression Method: 0
***
%% Created: [Session-1, SSL_RSA_WITH_RC4_128_MD5]
** SSL_RSA_WITH_RC4_128_MD5
*** Certificate chain
chain [0] = [
[
Version: V1
Subject: CN=XXXXXXXX, OU=XXXXXXXX, O=XXXXXXX, L=XXXXXXXXX, ST=XX,
C=XXXXXX
Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4

Key: SunJSSE RSA public key:
public exponent:
010001
modulus:
6a5d4621 af4cff83 0c168348 b3e63334 20b2682c f8808497 dcce35b5
6dc381f4
43dac70c e114379a 282601f3 4375207b 28c10ef0 233383df 55580196
bea889d0
a2db02d3 66eae648 8c7b07e2 400833ea a114081e 23328a95 68688356
acf9d3eb
e2801cb5 09efa3a8 86c5dc95 baf14fc5 32786178 465ae53b b08c1660
84f587a5
Validity: [From: Fri Dec 15 00:19:33 GMT+05:30 2006,
To: Mon Dec 14 00:19:33 GMT+05:30 2009]
Issuer: CN=XXXXXXXX, OU=XXXXXXXX, O=XXXXXXX, L=XXXXXXXXX, ST=XX,
C=XXXXXX
SerialNumber: [ 45819cbd]

]
Algorithm: [MD5withRSA]
Signature:
0000: 67 2A 4B 6A C8 98 3D ED 94 C1 30 CE FE 84 38 17 g*Kj..=...
0...8.
0010: D1 30 20 E0 9E D9 D2 ED 8B E3 11 55 1B 6C A8 39 .
0 ........U.l.9
0020: F2 99 4A D6 57 5C 19 8D 9D A6 5E B0 EC 51 B5 32 ..J.W
\....^..Q.2
0030: AB C5 06 FE C8 7D 5E E6 A4 37 E2 0C 36 2D 7A 82 ......^..7..6-
z.
0040: B5 D5 0A 33 CC EC 53 26 56 74 88 A1 49 AF F1 9A ...
3..S&Vt..I...
0050: D3 C3 66 B5 F8 6C 71 88 27 82 35 71 DD EF F8 4C ..f..lq.'.
5q...L
0060: 85 A4 57 EF 2B 00 86 05 3E A2 43 B4 2E CC 85 A5 ..W.
+...>.C.....
0070: 9D 8A C8 9B B2 EA 3C 65 30 03 35 0B D2 41 F6
2A ......<e0.5..A.*

]
***
*** ServerHelloDone
JsseJCE: Using JSSE internal implementation for cipher RSA/ECB/
PKCS1Padding
*** ClientKeyExchange, RSA PreMasterSecret, TLSv1
Random Secret: { 3, 1, 110, 126, 187, 22, 78, 149, 225, 0, 137, 65,
172, 116, 122, 6, 57, 225, 70, 2, 26, 255, 170, 0, 207, 46, 198, 190,
76, 55, 64, 158, 127, 52, 227, 157, 115, 59, 161, 156, 221, 228, 123,
204, 174, 17, 200, 13 }
main, WRITE: TLSv1 Handshake, length = 134
SESSION KEYGEN:
PreMaster Secret:
0000: 03 01 6E 7E BB 16 4E 95 E1 00 89 41 AC 74 7A
06 ..n...N....A.tz.
0010: 39 E1 46 02 1A FF AA 00 CF 2E C6 BE 4C 37 40 9E
9.F.........L7@.
0020: 7F 34 E3 9D 73 3B A1 9C DD E4 7B CC AE 11 C8 0D .
4..s;..........
CONNECTION KEYGEN:
Client Nonce:
0000: 45 D9 3A 0C 6F 88 00 EB C7 8F 01 F7 F9 9C 88 3D
E.:.o..........=
0010: 6F A8 1B B6 75 0D E7 2B 12 75 9B C2 6A 2A B6 72 o...u..
+.u..j*.r
Server Nonce:
0000: 45 D9 39 9C 2D F7 B1 BB 62 6F 51 0A 73 14 E8 36 E.
9.-...boQ.s..6
0010: 15 74 10 D1 3F E6 22 18 50 B4 53 15 64 66 7D
5D .t..?.".P.S.df.]
Master Secret:
0000: BC 6E D8 B9 B4 48 FF 68 77 0C ED 31 01 29 96 BC .n...H.hw..
1.)..
0010: 1A DE C9 E6 09 D0 98 B3 1F AE AC 40 22 FB 32 AA ...........@".
2.
0020: 92 FA 69 5A 9F D6 62 0F 5F 8F 4D 85 FF 56 5F
F8 ..iZ..b._.M..V_.
Client MAC write Secret:
0000: AB D2 17 06 39 01 A8 CF 3A 85 13 11 B7 6F 84 27 ....
9...:....o.'
Server MAC write Secret:
0000: A5 FA 6D 0A DD 4D 7B AC 8A F4 C7 4C 75 38 DD
77 ..m..M.....Lu8.w
Client write key:
0000: 17 7D A4 B9 D6 0A B4 39 2A 54 0A E1 D1 9E 99 4C .......
9*T.....L
Server write key:
0000: 99 09 7A 1B D2 91 EA 5B A6 79 AD 25 E3 EF 50 3A ..z....[.y.
%..P:
... no IV for cipher
main, WRITE: TLSv1 Change Cipher Spec, length = 1
JsseJCE: Using JSSE internal implementation for cipher RC4
*** Finished
verify_data: { 191, 175, 96, 88, 3, 207, 223, 205, 8, 95, 26, 156 }
***
main, WRITE: TLSv1 Handshake, length = 32
main, READ: TLSv1 Change Cipher Spec, length = 1
JsseJCE: Using JSSE internal implementation for cipher RC4
main, READ: TLSv1 Handshake, length = 32
*** Finished
verify_data: { 25, 77, 240, 210, 123, 172, 186, 59, 206, 95, 247,
206 }
***
%% Cached client session: [Session-1, SSL_RSA_WITH_RC4_128_MD5]
%% Invalidated: [Session-1, SSL_RSA_WITH_RC4_128_MD5]
main, called close()
main, called closeInternal(true)
main, SEND TLSv1 ALERT: warning, description = close_notify
main, WRITE: TLSv1 Alert, length = 18
trigger seeding of SecureRandom
done seeding SecureRandom
setSoTimeout(2000) called
%% No cached client session
*** ClientHello, TLSv1
RandomCookie: GMT: 1155086862 bytes = { 183, 59, 145, 120, 72, 186,
6, 217, 240, 60, 97, 121, 168, 36, 35, 20, 16, 15, 130, 102, 69, 175,
98, 239, 51, 72, 232, 130 }
Session ID: {}
Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA,
TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA,
SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA,
SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA,
SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5,
SSL_RSA_EXPORT_WITH_DES40_CBC_SHA,
SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA,
SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA]
Compression Methods: { 0 }
***
main, WRITE: TLSv1 Handshake, length = 73
main, WRITE: SSLv2 client hello message, length = 98
main, READ: TLSv1 Handshake, length = 679
*** ServerHello, TLSv1
RandomCookie: GMT: 1155086494 bytes = { 108, 44, 160, 233, 211, 242,
86, 241, 156, 22, 118, 242, 46, 253, 63, 244, 148, 9, 75, 97, 73, 49,
41, 150, 27, 22, 34, 123 }
Session ID: {69, 217, 57, 158, 183, 94, 29, 30, 174, 215, 115, 194,
22, 28, 19, 15, 32, 20, 233, 100, 120, 63, 127, 167, 124, 153, 216,
181, 90, 150, 6, 61}
Cipher Suite: SSL_RSA_WITH_RC4_128_MD5
Compression Method: 0
***
%% Created: [Session-2, SSL_RSA_WITH_RC4_128_MD5]
** SSL_RSA_WITH_RC4_128_MD5
*** Certificate chain
chain [0] = [
[
Version: V1
Subject: CN=XXXXXXXX, OU=XXXXXXXX, O=XXXXXXX, L=XXXXXXXXX, ST=XX,
C=XXXXXX
Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4

Key: SunJSSE RSA public key:
public exponent:
010001
modulus:
6a5d4621 af4cff83 0c168348 b3e63334 20b2682c f8808497 dcce35b5
6dc381f4
43dac70c e114379a 282601f3 4375207b 28c10ef0 233383df 55580196
bea889d0
a2db02d3 66eae648 8c7b07e2 400833ea a114081e 23328a95 68688356
acf9d3eb
e2801cb5 09efa3a8 86c5dc95 baf14fc5 32786178 465ae53b b08c1660
84f587a5
Validity: [From: Fri Dec 15 00:19:33 GMT+05:30 2006,
To: Mon Dec 14 00:19:33 GMT+05:30 2009]
Issuer: CN=XXXXXXXX, OU=XXXXXXXX, O=XXXXXXX, L=XXXXXXXXX, ST=XX,
C=XXXXXX
SerialNumber: [ 45819cbd]

]
Algorithm: [MD5withRSA]
Signature:
0000: 67 2A 4B 6A C8 98 3D ED 94 C1 30 CE FE 84 38 17 g*Kj..=...
0...8.
0010: D1 30 20 E0 9E D9 D2 ED 8B E3 11 55 1B 6C A8 39 .
0 ........U.l.9
0020: F2 99 4A D6 57 5C 19 8D 9D A6 5E B0 EC 51 B5 32 ..J.W
\....^..Q.2
0030: AB C5 06 FE C8 7D 5E E6 A4 37 E2 0C 36 2D 7A 82 ......^..7..6-
z.
0040: B5 D5 0A 33 CC EC 53 26 56 74 88 A1 49 AF F1 9A ...
3..S&Vt..I...
0050: D3 C3 66 B5 F8 6C 71 88 27 82 35 71 DD EF F8 4C ..f..lq.'.
5q...L
0060: 85 A4 57 EF 2B 00 86 05 3E A2 43 B4 2E CC 85 A5 ..W.
+...>.C.....
0070: 9D 8A C8 9B B2 EA 3C 65 30 03 35 0B D2 41 F6
2A ......<e0.5..A.*

]
***
*** ServerHelloDone
JsseJCE: Using JSSE internal implementation for cipher RSA/ECB/
PKCS1Padding
*** ClientKeyExchange, RSA PreMasterSecret, TLSv1
Random Secret: { 3, 1, 186, 219, 7, 135, 115, 151, 104, 176, 84, 47,
243, 241, 171, 40, 206, 199, 16, 248, 153, 62, 193, 45, 146, 46, 102,
56, 62, 231, 31, 223, 100, 101, 153, 113, 158, 91, 34, 252, 160, 157,
158, 6, 212, 222, 105, 191 }
main, WRITE: TLSv1 Handshake, length = 134
SESSION KEYGEN:
PreMaster Secret:
0000: 03 01 BA DB 07 87 73 97 68 B0 54 2F F3 F1 AB
28 ......s.h.T/...(
0010: CE C7 10 F8 99 3E C1 2D 92 2E 66 38 3E E7 1F
DF .....>.-..f8>...
0020: 64 65 99 71 9E 5B 22 FC A0 9D 9E 06 D4 DE 69 BF de.q.
[".......i.
CONNECTION KEYGEN:
Client Nonce:
0000: 45 D9 3A 0E B7 3B 91 78 48 BA 06 D9 F0 3C 61 79
E.:..;.xH....<ay
0010: A8 24 23 14 10 0F 82 66 45 AF 62 EF 33 48 E8 82 .$#....fE.b.
3H..
Server Nonce:
0000: 45 D9 39 9E 6C 2C A0 E9 D3 F2 56 F1 9C 16 76 F2 E.
9.l,....V...v.
0010: 2E FD 3F F4 94 09 4B 61 49 31 29 96 1B 16 22
7B ..?...KaI1)...".
Master Secret:
0000: D2 A3 90 F7 EF 57 21 EA 36 8C 87 87 60 45 2F C3 .....W!.
6...`E/.
0010: 2E F9 9D 70 13 D5 46 EB DC C6 73 70 EF 94 EB
59 ...p..F...sp...Y
0020: 8B D1 1E 34 CF E8 CF 48 96 7C 48 39 7F 2A 70 51 ...
4...H..H9.*pQ
Client MAC write Secret:
0000: 87 68 CD F7 CB 37 08 1F 19 B2 82 2C 07 4A 8A 64 .h...
7.....,.J.d
Server MAC write Secret:
0000: 5E 09 3F 78 91 B4 48 C3 69 94 20 24 B8 B6 8D F4 ^.?x..H.i.
$....
Client write key:
0000: 1E 5E 67 09 2C CD ED A9 CD 7E CA F7 95 AC 32 DA .^g.,.........
2.
Server write key:
0000: 21 5B 8B 68 B4 CB EC FC 8B BF BB 3C 69 08 77 75 !
[.h.......<i.wu
... no IV for cipher
main, WRITE: TLSv1 Change Cipher Spec, length = 1
JsseJCE: Using JSSE internal implementation for cipher RC4
*** Finished
verify_data: { 229, 206, 100, 121, 133, 21, 49, 18, 81, 144, 164,
28 }
***
main, WRITE: TLSv1 Handshake, length = 32
main, READ: TLSv1 Change Cipher Spec, length = 1
JsseJCE: Using JSSE internal implementation for cipher RC4
main, READ: TLSv1 Handshake, length = 32
*** Finished
verify_data: { 214, 92, 134, 169, 255, 74, 248, 219, 138, 172, 158,
198 }
***
%% Cached client session: [Session-2, SSL_RSA_WITH_RC4_128_MD5]
setSoTimeout(2000) called
setSoTimeout(0) called
main, READ: TLSv1 Application Data, length = 61
main, READ: TLSv1 Application Data, length = 71
main, WRITE: TLSv1 Application Data, length = 36
main, READ: TLSv1 Application Data, length = 61
main, WRITE: TLSv1 Application Data, length = 37
main, READ: TLSv1 Application Data, length = 71
main, READ: TLSv1 Application Data, length = 22
main, READ: TLSv1 Application Data, length = 22
main, READ: TLSv1 Application Data, length = 87
main, READ: TLSv1 Application Data, length = 87
main, READ: TLSv1 Application Data, length = 22
main, READ: TLSv1 Application Data, length = 77
main, READ: TLSv1 Application Data, length = 76
main, READ: TLSv1 Application Data, length = 79
main, READ: TLSv1 Application Data, length = 78
main, READ: TLSv1 Application Data, length = 22
main, READ: TLSv1 Application Data, length = 87
main, READ: TLSv1 Application Data, length = 87
main, READ: TLSv1 Application Data, length = 22
main, READ: TLSv1 Application Data, length = 44
main, READ: TLSv1 Application Data, length = 89
main, READ: TLSv1 Application Data, length = 63
main, READ: TLSv1 Application Data, length = 22
main, READ: TLSv1 Application Data, length = 48
main, WRITE: TLSv1 Application Data, length = 29
main, READ: TLSv1 Application Data, length = 44
main, WRITE: TLSv1 Application Data, length = 22
main, READ: TLSv1 Application Data, length = 37
main, WRITE: TLSv1 Application Data, length = 29
main, READ: TLSv1 Application Data, length = 44
main, WRITE: TLSv1 Application Data, length = 22
main, READ: TLSv1 Application Data, length = 35
main, WRITE: TLSv1 Application Data, length = 40
main, READ: TLSv1 Application Data, length = 46
main, WRITE: TLSv1 Application Data, length = 22
main, READ: TLSv1 Application Data, length = 69
%% No cached client session
*** ClientHello, TLSv1
RandomCookie: GMT: 1155086872 bytes = { 130, 77, 150, 77, 223, 150,
17, 36, 24, 182, 175, 240, 92, 236, 242, 59, 29, 18, 241, 222, 154,
52, 49, 253, 147, 246, 13, 150 }
Session ID: {}
Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA,
TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA,
SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA,
SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA,
SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5,
SSL_RSA_EXPORT_WITH_DES40_CBC_SHA,
SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA,
SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA]
Compression Methods: { 0 }
***
main, WRITE: TLSv1 Handshake, length = 73
main, WRITE: SSLv2 client hello message, length = 98
main, handling exception: javax.net.ssl.SSLException: Unrecognized SSL
message, plaintext connection?
main, SEND TLSv1 ALERT: fatal, description = unexpected_message
main, WRITE: TLSv1 Alert, length = 2
main, called closeSocket()
main, called close()
main, called closeInternal(true)
main, SEND TLSv1 ALERT: warning, description = close_notify
main, WRITE: TLSv1 Alert, length = 18
main, called close()
main, called closeInternal(true)
main, called close()
main, called closeInternal(true)
main, called close()
main, called closeInternal(true)
main, called close()
main, called closeInternal(true)


javax.net.ssl.SSLException: Unrecognized SSL message, plaintext
connection?
at com.sun.net.ssl.internal.ssl.InputRecord.b(Unknown Source)
at com.sun.net.ssl.internal.ssl.InputRecord.read(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.j(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(Unknown Source)
at com.sun.net.ssl.internal.ssl.AppInputStream.read(Unknown Source)
at sun.nio.cs.StreamDecoder$CharsetSD.readBytes(Unknown Source)
at sun.nio.cs.StreamDecoder$CharsetSD.implRead(Unknown Source)
at sun.nio.cs.StreamDecoder.read(Unknown Source)
at java.io.InputStreamReader.read(Unknown Source)
at java.io.BufferedReader.fill(Unknown Source)
at java.io.BufferedReader.readLine(Unknown Source)
at java.io.BufferedReader.readLine(Unknown Source)

at xxx.xxx.xxx.ftps.FTPSClientExample.main(FTPSClientExample.java:20)

Dames

unread,
Feb 19, 2007, 8:30:21 AM2/19/07
to
sva...@gmail.com wrote:
> Pl find the debug trace below
> The control connection handshake is proper. But the data connection
> handshake is messed up. Pl let me know if you see any pointers.
>
SNIP
>

The connection is failing very early on. The Client send its ClientHello
and expects to get a ServerHello back. This is not happening which
suggests that the server is using a plain text socket. You could confirm
this by setting up a trace on the connection using something like
Ethereal to view the packets exchanged (the connection will not be
secured at this point so this will not be a problem).

What SFTP server are you using? Is there any way to configure the server
to use secure/non-secure data channels? Have you tried forcing the
securing of the data channel using the FTP commands:

PBSZ 0
PROT P

Regards,

Damian.

sva...@gmail.com

unread,
Feb 19, 2007, 10:29:07 PM2/19/07
to
HI Damien

Thanks very much for the pointer.
I was sending the command much later. I moved it after suucessful
connection and it works fine now.
Thanks a lot again

SV

oswal...@gmail.com

unread,
Jun 19, 2018, 9:06:50 AM6/19/18
to
Hi Could you please share details regarding how did the connection with Server worked as I am facing similar issue . Please see error stack trace


[Raw write]: length = 7
0000: 15 03 03 00 02 02 0A .......
main, called closeSocket()
javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection?
main, called close()
main, called closeInternal(true)
main, called close()
main, called closeInternal(true)
main, called close()
main, called closeInternal(true)
at sun.security.ssl.InputRecord.handleUnknownRecord(InputRecord.java:710)
at sun.security.ssl.InputRecord.read(InputRecord.java:527)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:973)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375)
at sun.security.ssl.SSLSocketImpl.readDataRecord(SSLSocketImpl.java:928)
at sun.security.ssl.AppInputStream.read(AppInputStream.java:105)
at sun.nio.cs.StreamDecoder.readBytes(StreamDecoder.java:284)
at sun.nio.cs.StreamDecoder.implRead(StreamDecoder.java:326)
at sun.nio.cs.StreamDecoder.read(StreamDecoder.java:178)
at java.io.InputStreamReader.read(InputStreamReader.java:184)
at java.io.BufferedReader.fill(BufferedReader.java:161)
at java.io.BufferedReader.readLine(BufferedReader.java:324)
at java.io.BufferedReader.readLine(BufferedReader.java:389)
at org.apache.commons.net.ftp.FTP.__getReply(FTP.java:294)
at org.apache.commons.net.ftp.FTP._connectAction_(FTP.java:364)
at org.apache.commons.net.ftp.FTPClient._connectAction_(FTPClient.java:540)
at org.apache.commons.net.ftp.FTPSClient._connectAction_(FTPSClient.java:167)
at org.apache.commons.net.SocketClient.connect(SocketClient.java:178)
at com.test.pmp.SftpClient.processDataToFTPSServer(SftpClient.java:102)
at com.test.pmp.SftpClient.main(SftpClient.java:77)
javax.net.ssl.SSLException: Connection has been shutdown: javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection?
at sun.security.ssl.SSLSocketImpl.checkEOF(SSLSocketImpl.java:1541)
at sun.security.ssl.SSLSocketImpl.checkWrite(SSLSocketImpl.java:1553)
at sun.security.ssl.AppOutputStream.write(AppOutputStream.java:71)
at sun.nio.cs.StreamEncoder.writeBytes(StreamEncoder.java:221)
at sun.nio.cs.StreamEncoder.implFlushBuffer(StreamEncoder.java:291)
at sun.nio.cs.StreamEncoder.implFlush(StreamEncoder.java:295)
at sun.nio.cs.StreamEncoder.flush(StreamEncoder.java:141)
at java.io.OutputStreamWriter.flush(OutputStreamWriter.java:229)
at java.io.BufferedWriter.flush(BufferedWriter.java:254)
at org.apache.commons.net.ftp.FTP.sendCommand(FTP.java:472)
at org.apache.commons.net.ftp.FTPSClient.sendCommand(FTPSClient.java:465)
at org.apache.commons.net.ftp.FTP.sendCommand(FTP.java:534)
at org.apache.commons.net.ftp.FTP.user(FTP.java:683)
at org.apache.commons.net.ftp.FTPClient.login(FTPClient.java:628)
at com.test.pmp.SftpClient.processDataToFTPSServer(SftpClient.java:136)
at com.test.pmp.SftpClient.main(SftpClient.java:77)
Caused by: javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection?
at sun.security.ssl.InputRecord.handleUnknownRecord(InputRecord.java:710)
at sun.security.ssl.InputRecord.read(InputRecord.java:527)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:973)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375)
at sun.security.ssl.SSLSocketImpl.readDataRecord(SSLSocketImpl.java:928)
at sun.security.ssl.AppInputStream.read(AppInputStream.java:105)
at sun.nio.cs.StreamDecoder.readBytes(StreamDecoder.java:284)
at sun.nio.cs.StreamDecoder.implRead(StreamDecoder.java:326)
at sun.nio.cs.StreamDecoder.read(StreamDecoder.java:178)
at java.io.InputStreamReader.read(InputStreamReader.java:184)
at java.io.BufferedReader.fill(BufferedReader.java:161)
at java.io.BufferedReader.readLine(BufferedReader.java:324)
at java.io.BufferedReader.readLine(BufferedReader.java:389)
at org.apache.commons.net.ftp.FTP.__getReply(FTP.java:294)
at org.apache.commons.net.ftp.FTP._connectAction_(FTP.java:364)
at org.apache.commons.net.ftp.FTPClient._connectAction_(FTPClient.java:540)
at org.apache.commons.net.ftp.FTPSClient._connectAction_(FTPSClient.java:167)
at org.apache.commons.net.SocketClient.connect(SocketClient.java:178)
at com.test.pmp.SftpClient.processDataToFTPSServer(SftpClient.java:102)
... 1 more
0 new messages