SSLException: HelloRequest followed by an unexpected handshake message

Question

I'm trying to connect to a webservice over SSL using Apache Commons HttpClient 3.1, using this:

String url = "https://archprod.service.eogs.dk/cvronline/esb/LegalUnitGetSSLServicePort";
HttpClient client = new HttpClient();
PostMethod post = new PostMethod(url);
StringRequestEntity entity = new StringRequestEntity(requestXml, "application/soap+xml", "utf-8");
post.setRequestEntity(entity);
client.executeMethod(post);
String response = post.getResponseBodyAsString();

And I get this exception:

javax.net.ssl.SSLException: HelloRequest followed by an unexpected  handshake message
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:190)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1623)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:198)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:188)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverHelloRequest(ClientHandshaker.java:286)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:114)
at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:525)
at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:465)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:884)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readDataRecord(SSLSocketImpl.java:746)
at com.sun.net.ssl.internal.ssl.AppInputStream.read(AppInputStream.java:75)
at java.io.BufferedInputStream.fill(BufferedInputStream.java:218)
at java.io.BufferedInputStream.read(BufferedInputStream.java:237)
at org.apache.commons.httpclient.HttpParser.readRawLine(HttpParser.java:78)
at org.apache.commons.httpclient.HttpParser.readLine(HttpParser.java:106)
at org.apache.commons.httpclient.HttpConnection.readLine(HttpConnection.java:1116)
at org.apache.commons.httpclient.HttpMethodBase.readStatusLine(HttpMethodBase.java:1973)
at org.apache.commons.httpclient.HttpMethodBase.readResponse(HttpMethodBase.java:1735)
at org.apache.commons.httpclient.HttpMethodBase.execute(HttpMethodBase.java:1098)
at org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:398)
at org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:171)
at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:397)
at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:323)

A request to the same URL on the same machine, using curl, works fine - and if I change the URL to e.g. https://www.verisign.com, it works fine in Java, too. So it appears to be the specific combination of Java and that host, not a general problem.

Ubuntu 10.04 beta, Sun JDK 1.6.0_19 (same problem in Ubuntu's bundled OpenJDK 6b18~pre4).

Any ideas what's going wrong? Thanks!

Answer 1

Same issue as here, I think: http://forums.sun.com/thread.jspa?threadID=5435426

At least the solution works for this issue, too: add "-Dsun.security.ssl.allowUnsafeRenegotiation=true"

Answer 2

We have a webstart application which fails because of this issue. The command-line version is working again when adding :

java.lang.System.setProperty("sun.security.ssl.allowUnsafeRenegotiation", "true");

But the webstart version seems to ignore this, and until now we haven't foud a way to set this property in the webstart version.

Answer 3

At least the solution works for this issue, too: add "-Dsun.security.ssl.allowUnsafeRenegotiation=true"

Thank you very very very much for that! I was trying to use maven deploy through an SSL connection, using certificates and I had the same exception. Now it is solved. Thanks again!

Answer 4

My question is, does this mean that pre JDK 1.6.0.19, unsafe renegotiation was always allowed? Now with 1.6.0.19 we are forced to allow unsafe renegotiation manually? Thanks for the insight ...