0

when I request something using the http protocol, my code works and I get the expected response. But when I create a version to work with https, I get an SSL error. I already followed the steps in this question, and I don't think I need the key/trustmanagers as described in this question. See the code below. I set the key and trustmanager to null so java will take the default ones. I don't seem to get an error on that step, the error occurs on the line inputStream = connection.getInputStream();. I don't know what else I need to add/set to set up the scure connection?

private String runSecureService(URL url)
{
    HttpsURLConnection connection = null;
    InputStream inputStream = null;
    SSLContext sslContext = null;

    try
    {
        sslContext = SSLContext.getInstance("SSL");
    }
    catch (NoSuchAlgorithmException e)
    {
        //this exception doesn't occur
    }

    try
    {
        sslContext.init(null, null, null);
    }
    catch (KeyManagementException e)
    {
        //this exception doesn't occur
    }

    HttpsURLConnection.setDefaultSSLSocketFactory(sslContext.getSocketFactory());

    try
    {
        connection = (HttpsURLConnection) url.openConnection();
        connection.setRequestProperty("Authorization", clientCredentials.getBase64Authentication());

    !-----> inputStream = connection.getInputStream(); <------!
        InputStreamReader responseReader = new InputStreamReader(inputStream);

        //Read, print and return the response.
        ...

        return response;
    }
    catch (IOException e)
    {
        //do stuff...
    }
    finally
    {
        //close connection and inputstream...
    }
}

here's the error:

javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection?
    at sun.security.ssl.InputRecord.handleUnknownRecord(Unknown Source)
    at sun.security.ssl.InputRecord.read(Unknown Source)
    at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
    at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
    at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
    at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
    at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source)
    at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source)
    at sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown Source)
    at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(Unknown Source)
Community
  • 1
  • 1
user1884155
  • 3,616
  • 4
  • 55
  • 108
  • 1
    What port are you trying to communicate on? Are you sure you are using a SSL port? – DanielBarbarian Feb 13 '14 at 14:13
  • Just to point out that what you're doing with `sslContext.init(null, null, null)` is basically creating an `SSLContext` initialised with the default values, then getting an `SSLSocketSocketFactory` from it and then setting it as the default `SSLSocketFactory` on your `HttpsURLConnection`. It's all a bit pointless to change the default value with default values (unless you'd changed them somewhere else before). – Bruno Feb 13 '14 at 18:54
  • I did not know that, I thought that you always had a specify a sslContext, even if it was a default one. If I'm correctly interpreting what you're saying, I can just drop those lines of code an the result wil be the same? – user1884155 Feb 14 '14 at 08:05

1 Answers1

1

You can get this message if you attempt to make an HTTPS request, but connect to the HTTP port on the remote server.

The chances are that you are either using the wrong port number for HTTPS in your request ... or the server is misconfigured and has an HTTP connection listener on what should be the HTTPS port.

Stephen C
  • 698,415
  • 94
  • 811
  • 1,216
  • This is indeed the case. I was malinformed regarding the server port configurations. Thank you for your insight. To clarify for future readers: most servers use :80 for default HTTP request, and :443 for HTTPS request (although both can be configured as desired). Any one port cannot be used for BOTH, it's either secure or not. – user1884155 Feb 13 '14 at 14:48