Failed to create SSL connection with Vertx HTTP client

[gideon caller]

Hi everyone,

I've got a component that runs on an Amazon machine.

This component receives events that include full URLs (with HTTP:// or HTTPS:// before the URL and also URL params etc)

I'm using Vertx HTTP client inside this component to send the actual requests to these URLs.

Since these are full URLs I'm using the client getAbs method

Now, the problem here is that the HTTP client fails when sending requests to HTTPS URLs with the msg: "Failed to create SSL connection"

I looked at these: https://groups.google.com/forum/#!topic/vertx/jbN62yS5dPo and https://groups.google.com/forum/#!topic/vertx/4aSCwnYftvI 

And so I changed my HTTP Client creation to the following code:

HttpClientOptions options = new HttpClientOptions().setSsl(true).setTrustAll(true);
HttpClient client = vertx.createHttpClient(options);
// read all the URLs and send requests with getAbs

However I still receive the same failure when querying HTTPS websites

Another weird thing is that when I ran it locally on my PC with setSsl(true) it worked for HTTPS but on the Amazon machine it does not

I don't think its something with the machine lacking permissions because if I run wget from the machine it works just fine

I read in one of the above links about manually adding 443 port when sending the request but since I'm using getAbs I don't think thats possible (correct me if I'm wrong)

Does someone has any ideas on how to solve this issue?

Thanks in advance

[Alexander Lehmann]

The stack trace in the client may contain some info why the connection failed (e.g. incompatible cipherlist)

[gideon caller]

Hi Alexander, I actually didn't add the full stacktrace

Here it is:

io.vertx.core.http.impl.HttpClientImpl.lambda$null$72(HttpClientImpl.java:763)
io.netty.util.concurrent.DefaultPromise.notifyListener0(DefaultPromise.java:680)
io.netty.util.concurrent.DefaultPromise.notifyListeners0(DefaultPromise.java:603)
io.netty.util.concurrent.DefaultPromise.notifyListeners(DefaultPromise.java:563)
io.netty.util.concurrent.DefaultPromise.tryFailure(DefaultPromise.java:424)
io.netty.handler.ssl.SslHandler.notifyHandshakeFailure(SslHandler.java:1122)
io.netty.handler.ssl.SslHandler.setHandshakeFailure(SslHandler.java:1117)
io.netty.handler.ssl.SslHandler.decode(SslHandler.java:864)
io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:249)
io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:149)
io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:318)
io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:304)
io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:846)
io.netty.channel.nio.AbstractNioByteChannel$NioByteUnsafe.read(AbstractNioByteChannel.java:131)
io.netty.channel.nio.NioEventLoop.processSelectedKey(NioEventLoop.java:511)
io.netty.channel.nio.NioEventLoop.processSelectedKeysOptimized(NioEventLoop.java:468)
io.netty.channel.nio.NioEventLoop.processSelectedKeys(NioEventLoop.java:382)
io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:354)
io.netty.util.concurrent.SingleThreadEventExecutor$2.run(SingleThreadEventExecutor.java:112)
java.lang.Thread.run(Thread.java:745)

Any ideas on whats the problem?

[Alexander Lehmann]

Ah, there should be cause line in the stacktrace as well (or before the stacktrace), something like this:

exception: Failed to create SSL connection
stacktrace
..
..
..

caused by exception: Handshare error ..
stacktrace
..
..
..

caused by exception: ..
..

usually one of the cause lines should contain a more detailed error than ssl connection failed

then the stacktrace I would guess its a handshake error like incompatible cipher list

[gideon caller]

This is the complete stacktrace I encountered:

javax.net.ssl.SSLHandshakeException: Failed to create SSL connection
 at com.visualdna.nqs.scraping.verticles.CrawlerVerticle.handleHttpException(CrawlerVerticle.java:84)
 at io.vertx.core.http.impl.HttpClientRequestImpl.lambda$exceptionHandler$80(HttpClientRequestImpl.java:262)
 at io.vertx.core.http.impl.HttpClientImpl.lambda$connectionFailed$76(HttpClientImpl.java:840)
 at io.vertx.core.impl.ContextImpl.lambda$wrapTask$18(ContextImpl.java:333)
 at io.vertx.core.impl.ContextImpl.executeFromIO(ContextImpl.java:225)
 at io.vertx.core.http.impl.HttpClientImpl.connectionFailed(HttpClientImpl.java:833)
 at io.vertx.core.http.impl.HttpClientImpl.lambda$null$72(HttpClientImpl.java:765)
 at io.netty.util.concurrent.DefaultPromise.notifyListener0(DefaultPromise.java:680)
 at io.netty.util.concurrent.DefaultPromise.notifyListeners0(DefaultPromise.java:603)
 at io.netty.util.concurrent.DefaultPromise.notifyListeners(DefaultPromise.java:563)
 at io.netty.util.concurrent.DefaultPromise.tryFailure(DefaultPromise.java:424)
 at io.netty.handler.ssl.SslHandler.notifyHandshakeFailure(SslHandler.java:1122)
 at io.netty.handler.ssl.SslHandler.setHandshakeFailure(SslHandler.java:1117)
 at io.netty.handler.ssl.SslHandler.decode(SslHandler.java:864)
 at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:249)
 at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:149)
 at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:318)
 at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:304)
 at io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:846)
 at io.netty.channel.nio.AbstractNioByteChannel$NioByteUnsafe.read(AbstractNioByteChannel.java:131)
 at io.netty.channel.nio.NioEventLoop.processSelectedKey(NioEventLoop.java:511)
 at io.netty.channel.nio.NioEventLoop.processSelectedKeysOptimized(NioEventLoop.java:468)
 at io.netty.channel.nio.NioEventLoop.processSelectedKeys(NioEventLoop.java:382)
 at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:354)
 at io.netty.util.concurrent.SingleThreadEventExecutor$2.run(SingleThreadEventExecutor.java:112)
 at java.lang.Thread.run(Thread.java:745)
Caused by: io.netty.handler.ssl.NotSslRecordException: not an SSL/TLS record: numbers

at io.netty.handler.ssl.SslHandler.decode(SslHandler.java:860)

... 12 more

after the record: where there's numbers theres just a long list of numbers

I'm using Vertx 3.2.1 and from the only solutions I could find it has something to do with setport on the Httpclient which is not something that is available in my current Vertx version

What can I do about incompatible cipher list? (assuming thats the issue i'm facing)

[Tim Fox]

You are getting:

Caused by: io.netty.handler.ssl.NotSslRecordException: not an SSL/TLS record:

Most probably because the server you are talking to is not talking SSL. If you haven't specified 443 as the port then your client will be using port 80, so this would make sense.

--
You received this message because you are subscribed to the Google Groups "vert.x" group.
To unsubscribe from this group and stop receiving emails from it, send an email to vertx+un...@googlegroups.com.
Visit this group at https://groups.google.com/group/vertx.
To view this discussion on the web, visit https://groups.google.com/d/msgid/vertx/5da93f95-bcb2-4ba0-86ba-b228967a9871%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[gideon caller]

Tim, thanks for your reply

I've got 2 questions regarding your suggested solution:

1. I know you can set the port when using the regular get/post methods, but since I need to use the getAbs method, is it also possible to set the port for it (getAbs) as well? If so, how?

2. Is it ok if I'll be using the same HttpClient for both the HTTP and HTTPS requests or should I separate them and use 1 HttpClient for each?

...

[Tim Fox]

On 17/04/16 14:28, gideon caller wrote:

Tim, thanks for your reply

I've got 2 questions regarding your suggested solution:

1. I know you can set the port when using the regular get/post methods, but since I need to use the getAbs method, is it also possible to set the port for it (getAbs) as well? If so, how?

Just specify the port in the URI as you would with any other port number, e.g.:

https://example.com:443/somepath

2. Is it ok if I'll be using the same HttpClient for both the HTTP and HTTPS requests or should I separate them and use 1 HttpClient for each?

HTTPS is configured on the client level (you call setSsl(true) on the client options) so a client cannot be ssl and non ssl at the same time.

--

You received this message because you are subscribed to the Google Groups "vert.x" group.
To unsubscribe from this group and stop receiving emails from it, send an email to vertx+un...@googlegroups.com.
Visit this group at https://groups.google.com/group/vertx.

To view this discussion on the web, visit https://groups.google.com/d/msgid/vertx/48d5cf12-e4f2-40f4-b656-419a74215825%40googlegroups.com.

[gideon caller]

Ok, the solution was to create 2 HTTP clients 1 for HTTP and 1 for HTTPS and pass each 1 the relevant URLs

Adding the port on the host was not good for me because I didn't want to start parsing the URLs

However if I setSsl(true) for the HTTPS client it already knows that it should go to 443 on that URL so thats good

Thanks a lot for the help, I appreciate it