You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@commons.apache.org by br...@insightbb.com on 2004/11/18 20:13:13 UTC
[HttpClient] SSL problems with Java 1.5
Hi,
Before I get quized on how HttpClient 2.0.2 isn't fully supported by verson 1.5
of Java, I'll let it out that I realize this, but wondered if I could get
around my problem without having to downgrade my JVM. I just noticed today
that one of HttpClient applications is getting an SSL error:
javax.net.ssl.SSLKeyException: RSA premaster secret error
at com.sun.net.ssl.internal.ssl.PreMasterSecret.<init>(Unknown Source)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverHelloDone
(Unknown Source)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(Unknown
Source)
Caused by: java.security.NoSuchAlgorithmException: Cannot find any provider
supporting RSA/ECB/PKCS1Padding
at javax.crypto.Cipher.getInstance(DashoA12275)
at com.sun.net.ssl.internal.ssl.JsseJce.getCipher(Unknown Source)
at com.sun.net.ssl.internal.ssl.RSACipher.<init>(Unknown Source)
at com.sun.net.ssl.internal.ssl.RSACipher.getInstance(Unknown Source)
When registering the StrictSSLProtocolSocketFactory class as a part of the
https Protocol, I get the following:
javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
at com.sun.net.ssl.internal.ssl.SSLSessionImpl.getPeerCertificateChain
(Unknown Source)
at
org.apache.commons.httpclient.contrib.ssl.StrictSSLProtocolSocketFactory.verifyH
ostname(StrictSSLProtocolSocketFactory.java:216)
at
org.apache.commons.httpclient.contrib.ssl.StrictSSLProtocolSocketFactory.createS
ocket(StrictSSLProtocolSocketFactory.java:185)
at org.apache.commons.httpclient.HttpConnection.tunnelCreated
(HttpConnection.java:746)
at org.apache.commons.httpclient.ConnectMethod.execute
(ConnectMethod.java:172)
at org.apache.commons.httpclient.HttpClient.executeMethod
(HttpClient.java:643)
at org.apache.commons.httpclient.HttpClient.executeMethod
(HttpClient.java:497)
I was hoping that would fix the problem, but obviously didn't. Of course,
running under Java v1.4_6, this works fine. I can easily switch to it, but I
was wondering if I could get an idea on how to fix this before I go about doing
so. I'm a novice when it comes to SSL, hence me looking for help through you
guys. Thanks!
-Brant
---------------------------------------------------------------------
To unsubscribe, e-mail: commons-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: commons-user-help@jakarta.apache.org
Re: [HttpClient] SSL problems with Java 1.5
Posted by Oleg Kalnichevski <ol...@apache.org>.
Brant,
We have never tested HttpClient against Sun JRE 1.5. As far as I
understand Sun's implementation of Java 1.5 comes with a completely
revamped SSL support. SSL is a tricky business. No wonder there are
compatibility issues.
Feel free to file a bug report for this problem and I'll look into it as
soon as we are done releasing HttpClient 3.0-beta1
Oleg
On Thu, 2004-11-18 at 19:13 +0000, brant.hahn@insightbb.com wrote:
> Hi,
>
> Before I get quized on how HttpClient 2.0.2 isn't fully supported by verson 1.5
> of Java, I'll let it out that I realize this, but wondered if I could get
> around my problem without having to downgrade my JVM. I just noticed today
> that one of HttpClient applications is getting an SSL error:
>
> javax.net.ssl.SSLKeyException: RSA premaster secret error
> at com.sun.net.ssl.internal.ssl.PreMasterSecret.<init>(Unknown Source)
> at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverHelloDone
> (Unknown Source)
> at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(Unknown
> Source)
> Caused by: java.security.NoSuchAlgorithmException: Cannot find any provider
> supporting RSA/ECB/PKCS1Padding
> at javax.crypto.Cipher.getInstance(DashoA12275)
> at com.sun.net.ssl.internal.ssl.JsseJce.getCipher(Unknown Source)
> at com.sun.net.ssl.internal.ssl.RSACipher.<init>(Unknown Source)
> at com.sun.net.ssl.internal.ssl.RSACipher.getInstance(Unknown Source)
>
> When registering the StrictSSLProtocolSocketFactory class as a part of the
> https Protocol, I get the following:
>
> javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
> at com.sun.net.ssl.internal.ssl.SSLSessionImpl.getPeerCertificateChain
> (Unknown Source)
> at
> org.apache.commons.httpclient.contrib.ssl.StrictSSLProtocolSocketFactory.verifyH
> ostname(StrictSSLProtocolSocketFactory.java:216)
> at
> org.apache.commons.httpclient.contrib.ssl.StrictSSLProtocolSocketFactory.createS
> ocket(StrictSSLProtocolSocketFactory.java:185)
> at org.apache.commons.httpclient.HttpConnection.tunnelCreated
> (HttpConnection.java:746)
> at org.apache.commons.httpclient.ConnectMethod.execute
> (ConnectMethod.java:172)
> at org.apache.commons.httpclient.HttpClient.executeMethod
> (HttpClient.java:643)
> at org.apache.commons.httpclient.HttpClient.executeMethod
> (HttpClient.java:497)
>
> I was hoping that would fix the problem, but obviously didn't. Of course,
> running under Java v1.4_6, this works fine. I can easily switch to it, but I
> was wondering if I could get an idea on how to fix this before I go about doing
> so. I'm a novice when it comes to SSL, hence me looking for help through you
> guys. Thanks!
>
> -Brant
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: commons-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: commons-user-help@jakarta.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: commons-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: commons-user-help@jakarta.apache.org
Re: [HttpClient] SSL problems with Java 1.5
Posted by Oleg Kalnichevski <ol...@apache.org>.
Christoph,
I ran a few rudimentary tests and found no compatibility problems with
JRE 1.5. HttpClient appears to be fully compatible with JRE 1.5
For details see this bug report
http://issues.apache.org/bugzilla/show_bug.cgi?id=32301
Oleg
On Fri, 2004-11-19 at 09:32 +0100, Christoph Kutzinski wrote:
> Hi,
>
> I didn't realise that there are problems with JDK 1.5 and HttpClient.
> In fact, I'm using HttpClient 2.0 and JDK 1.5 together quite successfully.
> Do you know some place where I can find more information about these
> possible incompatibilities between the two?
>
>
> Thanks
> Christoph
>
> brant.hahn@insightbb.com wrote:
> > Hi,
> >
> > Before I get quized on how HttpClient 2.0.2 isn't fully supported by verson 1.5
> > of Java, I'll let it out that I realize this, but wondered if I could get
> > around my problem without having to downgrade my JVM. I just noticed today
> > that one of HttpClient applications is getting an SSL error:
> >
> > javax.net.ssl.SSLKeyException: RSA premaster secret error
> > at com.sun.net.ssl.internal.ssl.PreMasterSecret.<init>(Unknown Source)
> > at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverHelloDone
> > (Unknown Source)
> > at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(Unknown
> > Source)
> > Caused by: java.security.NoSuchAlgorithmException: Cannot find any provider
> > supporting RSA/ECB/PKCS1Padding
> > at javax.crypto.Cipher.getInstance(DashoA12275)
> > at com.sun.net.ssl.internal.ssl.JsseJce.getCipher(Unknown Source)
> > at com.sun.net.ssl.internal.ssl.RSACipher.<init>(Unknown Source)
> > at com.sun.net.ssl.internal.ssl.RSACipher.getInstance(Unknown Source)
> >
> > When registering the StrictSSLProtocolSocketFactory class as a part of the
> > https Protocol, I get the following:
> >
> > javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
> > at com.sun.net.ssl.internal.ssl.SSLSessionImpl.getPeerCertificateChain
> > (Unknown Source)
> > at
> > org.apache.commons.httpclient.contrib.ssl.StrictSSLProtocolSocketFactory.verifyH
> > ostname(StrictSSLProtocolSocketFactory.java:216)
> > at
> > org.apache.commons.httpclient.contrib.ssl.StrictSSLProtocolSocketFactory.createS
> > ocket(StrictSSLProtocolSocketFactory.java:185)
> > at org.apache.commons.httpclient.HttpConnection.tunnelCreated
> > (HttpConnection.java:746)
> > at org.apache.commons.httpclient.ConnectMethod.execute
> > (ConnectMethod.java:172)
> > at org.apache.commons.httpclient.HttpClient.executeMethod
> > (HttpClient.java:643)
> > at org.apache.commons.httpclient.HttpClient.executeMethod
> > (HttpClient.java:497)
> >
> > I was hoping that would fix the problem, but obviously didn't. Of course,
> > running under Java v1.4_6, this works fine. I can easily switch to it, but I
> > was wondering if I could get an idea on how to fix this before I go about doing
> > so. I'm a novice when it comes to SSL, hence me looking for help through you
> > guys. Thanks!
> >
> > -Brant
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: commons-user-unsubscribe@jakarta.apache.org
> > For additional commands, e-mail: commons-user-help@jakarta.apache.org
> >
> >
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: commons-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: commons-user-help@jakarta.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: commons-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: commons-user-help@jakarta.apache.org
Re: [HttpClient] SSL problems with Java 1.5
Posted by Christoph Kutzinski <ku...@gmx.de>.
Hi,
I didn't realise that there are problems with JDK 1.5 and HttpClient.
In fact, I'm using HttpClient 2.0 and JDK 1.5 together quite successfully.
Do you know some place where I can find more information about these
possible incompatibilities between the two?
Thanks
Christoph
brant.hahn@insightbb.com wrote:
> Hi,
>
> Before I get quized on how HttpClient 2.0.2 isn't fully supported by verson 1.5
> of Java, I'll let it out that I realize this, but wondered if I could get
> around my problem without having to downgrade my JVM. I just noticed today
> that one of HttpClient applications is getting an SSL error:
>
> javax.net.ssl.SSLKeyException: RSA premaster secret error
> at com.sun.net.ssl.internal.ssl.PreMasterSecret.<init>(Unknown Source)
> at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverHelloDone
> (Unknown Source)
> at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(Unknown
> Source)
> Caused by: java.security.NoSuchAlgorithmException: Cannot find any provider
> supporting RSA/ECB/PKCS1Padding
> at javax.crypto.Cipher.getInstance(DashoA12275)
> at com.sun.net.ssl.internal.ssl.JsseJce.getCipher(Unknown Source)
> at com.sun.net.ssl.internal.ssl.RSACipher.<init>(Unknown Source)
> at com.sun.net.ssl.internal.ssl.RSACipher.getInstance(Unknown Source)
>
> When registering the StrictSSLProtocolSocketFactory class as a part of the
> https Protocol, I get the following:
>
> javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
> at com.sun.net.ssl.internal.ssl.SSLSessionImpl.getPeerCertificateChain
> (Unknown Source)
> at
> org.apache.commons.httpclient.contrib.ssl.StrictSSLProtocolSocketFactory.verifyH
> ostname(StrictSSLProtocolSocketFactory.java:216)
> at
> org.apache.commons.httpclient.contrib.ssl.StrictSSLProtocolSocketFactory.createS
> ocket(StrictSSLProtocolSocketFactory.java:185)
> at org.apache.commons.httpclient.HttpConnection.tunnelCreated
> (HttpConnection.java:746)
> at org.apache.commons.httpclient.ConnectMethod.execute
> (ConnectMethod.java:172)
> at org.apache.commons.httpclient.HttpClient.executeMethod
> (HttpClient.java:643)
> at org.apache.commons.httpclient.HttpClient.executeMethod
> (HttpClient.java:497)
>
> I was hoping that would fix the problem, but obviously didn't. Of course,
> running under Java v1.4_6, this works fine. I can easily switch to it, but I
> was wondering if I could get an idea on how to fix this before I go about doing
> so. I'm a novice when it comes to SSL, hence me looking for help through you
> guys. Thanks!
>
> -Brant
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: commons-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: commons-user-help@jakarta.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: commons-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: commons-user-help@jakarta.apache.org