javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection?

Question

How to resolve the above exception while invoking a .net web service (asmx) hosted on SSL ("https:") protocol from java using axis jars.

Receving the following error message while executing the code:

faultDetail: 
 {http://xml.apache.org/axis/}stackTrace:javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection?
 at com.ibm.jsse2.a.c(a.java:228)
 at com.ibm.jsse2.a.a(a.java:63)
 at com.ibm.jsse2.jc.a(jc.java:465)
 at com.ibm.jsse2.jc.g(jc.java:458)
 at com.ibm.jsse2.jc.a(jc.java:67)
 at com.ibm.jsse2.jc.startHandshake(jc.java:342)
 at org.apache.axis.components.net.JSSESocketFactory.create(JSSESocketFactory.java:186)
 at org.apache.axis.transport.http.HTTPSender.getSocket(HTTPSender.java:191)
 at org.apache.axis.transport.http.HTTPSender.writeToSocket(HTTPSender.java:404)
 at org.apache.axis.transport.http.HTTPSender.invoke(HTTPSender.java:138)
 at org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:32)
 at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118)
 at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83)
 at org.apache.axis.client.AxisClient.invoke(AxisClient.java:165)
 at org.apache.axis.client.Call.invokeEngine(Call.java:2784)
 at org.apache.axis.client.Call.invoke(Call.java:2767)
 at org.apache.axis.client.Call.invoke(Call.java:2443)
 at org.apache.axis.client.Call.invoke(Call.java:2366)
 at org.apache.axis.client.Call.invoke(Call.java:1812)
 at examples.Example_client.main(Example_client.java:79)

 {http://xml.apache.org/axis/}hostname:D-113020008

Please use the "Edit" link and add 4 leading spaces in front of each line you want to show as code. (there is a button that will do it for you if you select the text first) — 700 Software, Jan 10 '11 at 16:17

score 7 · Answer 1 · answered May 12 '14 at 12:01

7

It is possible that you are using a proxy to get the ssl content, but your proxy setup is wrong. You should consider using http as proxy scheme, and then https as your scheme for the actual content. This solved my problem.

answered May 12 '14 at 12:01

user3628359

71
1
1

score 5 · Answer 2 · answered Jan 10 '11 at 23:41

5

As the error message says, the probability is that the peer is talking plaintext, not SSL.

answered Jan 10 '11 at 23:41

user207421

305,947
44
307
483

we are invoking the webservice via proxy server and we don't have control over proxy to bypass this webservice url – lakshmi K Jan 11 '11 at 06:01
Also we have set the System properties for https.proxyhost, https.proxyPort, https.proxyUser and https.proxyPassword. – lakshmi K Jan 11 '11 at 06:06
@lakshmi: I don't se what difference that makes. You are still using SSL to connect to what is evidently a plaintext service. – user207421 Jan 11 '11 at 09:02
4

Actually I ran into this problem and it _was_ associated with proxy settings. In my case I needed to bypass the proxy settings and just use a direct connection to the service. I was able to do this by setting the hostname of the target system in the `http.nonProxyHosts` HTTP setting, which is the same property to set for non-HTTPS hosts. In Axis it can be done like so: `AxisProperties.setProperty("http.nonProxyHosts", "example.com");` (This is a useful article on [Java networking and proxies](http://docs.oracle.com/javase/6/docs/technotes/guides/net/proxies.html)). – chrisjleu Oct 11 '12 at 14:04
@chrisjleu: Same here, turned out that our test server wasn't whitelisted to be allowed through the proxy without authentication. EJP, since you "don't see what difference proxy settings make", the proxy returns HTML that says you're not allowed through... in plaintext, which leads to the error the OP had. – Amos M. Carpenter Oct 01 '14 at 07:01
My point was that a proxy issue caused this exact same scenario for me, because the service never got through to the secure peer and instead got a plaintext response from the proxy. – Amos M. Carpenter Oct 02 '14 at 00:05
@AmosM.Carpenter There is *always* a plaintext response from the proxy. It is a success or failure response to the plaintext HTTP CONNECT command. The proxy client reads it and then decides what to do next. SSL hasn't been invoked at this point so it wouldn't print this message. I suggest you have a misconfigured or misbehaving system. – user207421 Sep 11 '15 at 12:45
Uhm, that is a) not quite true (transparent proxies) and b) not quite relevant. Again, EJP, my point, and @chrisjleu's, was that it was an issue with the proxy, not with the peer at all. Not going to be drawn into further discussion when facing such a condescending tone ("don't se[sic] what difference that makes", "don't know why you're telling me things I already know", "exactly zero evidence"), sorry. – Amos M. Carpenter Sep 12 '15 at 01:35
I had the same issue. Switching from https to http solved it. The exception message was clear, I don't understand why I wasted so much time trying to find other possible solutions :( – Enrico Giurin Oct 09 '15 at 15:35
@AmosM.Carpenter I said it was an issue with the peer, and if the proxy is the peer, that implies that it is an issue with the proxy. – user207421 Mar 20 '17 at 09:08

score 2 · Answer 3 · answered Feb 08 '12 at 15:09

2

I have gotten this error before when my connection was being blocked by complex firewall rules. If you have in place it might be worth looking at the configuration.

answered Feb 08 '12 at 15:09

Jon

230
2
4

2

Impossible. If your connection was being blocked you wouldn't get any messages at all, let alone an unrecognized message. – user207421 Mar 19 '14 at 03:00

javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection?

3 Answers3

Linked

Related