Getting Unsupported or unrecognized SSL message; nested exception is javax.net.ssl.SSLException while calling external API

Question

I am calling an external Rest endpoint in my application. But I am getting the following error:

 The response body does not contain an access token
 org.springframework.web.client.ResourceAccessException: I/O error on POST request for 
 "https://example.com/api/auth": Unsupported or unrecognized SSL message; nested exception is 
  javax.net.ssl.SSLException: Unsupported or unrecognized SSL message

In this context, I found an article as follows:

Unrecognized SSL message, plaintext connection? Exception

But, I did not find this useful, as I am talking to an HTTPS server with port number 443.

Can this happen because of the whitelisting, I mean the HTTPS server endpoint, that I am connecting to, is not whitelisted yet?

what if you `curl -v https://example.com/api/auth` ? – Alexey R. Feb 05 '21 at 17:04 — Alexey R., Feb 05 '21 at 17:04

HeatZync · Answer 1 · 2022-02-07T06:42:08.830

I've also experienced the exception as listed by you, although it was in a different scenario. I see there isn't an answer to the question yet, so I'm sharing my experience of how I fixed it, based on the answer to this question that helped me realise the issue was somehow related to https vs http. This answer might also be useful to someone who's trying to achieve what I tried below.

I experienced this with Apache HttpClient when trying to connect to a secure endpoint whilst routing via a proxy.

I had implemented a custom RoutePlanner by extending DefaultRoutePlanner and implemented the determineProxy method as follows:

@Override
protected HttpHost determineProxy(final HttpHost target, final HttpRequest request, final HttpContext context) {
    return new HttpHost(proxyHost, proxyPort, target.getScheme());
}

The problem was that the target's scheme was https. By dropping the scheme argument the HttpHost will automatically set it to just http.

Here is the working code:

@Override
protected HttpHost determineProxy(final HttpHost target, final HttpRequest request, final HttpContext context) {
    return new HttpHost(proxyHost, proxyPort);
}

In other words, in order to reach the https endpoint I needed to route via the proxy, whose host is just http.

This helped me solve a similar problem with RedHat's Resteasy client. I configured it to use a proxy for HTTPS, but I needed to configure it for HTTP too otherwise I got this same error. — DavidS, Feb 15 '22 at 17:38

Getting Unsupported or unrecognized SSL message; nested exception is javax.net.ssl.SSLException while calling external API

1 Answers1