You are viewing a plain text version of this content. The canonical link for it is here.
Posted to httpclient-users@hc.apache.org by jw...@urbancode.com on 2006/02/13 23:35:00 UTC
HttpClient & SSL/TLS bad_record_mac error
I am trying to use the HttpClient over ssl with our server and am having
troubles with "bad_record_mac" errors.
Using just sockets (not httpclient) I was able to get the connection to
work by
((SSLSocket)ssl).setEnabledProtocols(new String[] {"SSLv3"});
However, I need to get the HttpClient to work as well. When I attempt to
use HttpClient I get sill get the "bad_record_mac" error. How can make it
only use the SSLv3 connection and not TLS (which i believe is where the
error is coming from)? And this may seem silly, but this is actually a
part of another project that I am using, I would prefer it if this can be
accomplished through setting some system properties/environment variables
and minimizing the amount of custom code.
Exception in thread "main" javax.net.ssl.SSLException: Received fatal
alert: bad_record_mac
at com.sun.net.ssl.internal.ssl.BaseSSLSocketImpl.a(DashoA12275)
at com.sun.net.ssl.internal.ssl.BaseSSLSocketImpl.b(DashoA12275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.b(DashoA12275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA12275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.j(DashoA12275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA12275)
at com.sun.net.ssl.internal.ssl.AppOutputStream.write(DashoA12275)
at
org.apache.commons.httpclient.HttpConnection$WrappedOutputStream.write(HttpConnection.java:1368)
at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:66)
at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:124)
at
org.apache.commons.httpclient.HttpConnection.flushRequestOutputStream(HttpConnection.java:799)
at
org.apache.commons.httpclient.HttpMethodBase.writeRequest(HttpMethodBase.java:2277)
at
org.apache.commons.httpclient.HttpMethodBase.processRequest(HttpMethodBase.java:2657)
at
org.apache.commons.httpclient.HttpMethodBase.execute(HttpMethodBase.java:1093)
at
org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:675)
at
org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:529)
at SSLTestClient.testIntranetB(SSLTestClient.java:126)
at SSLTestClient.main(SSLTestClient.java:47)
Any insight that you can offer into this problem would be greatly
appreciated.
Thank you very much for your help,
Jeff
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: httpclient-user-help@jakarta.apache.org
Re: HttpClient & bad_record_mac error
Posted by Michael Mangino <mm...@hotmail.com>.
Jeff,
Is it possible that your version of Java is missing Java Secure Socket
Extension (JSSE)? It was integrated into Java as of verions 1.4, but it has
to be added separately for versions prior to 1.4. What version of Java are
you using? See the following page for complete info:
http://jakarta.apache.org/commons/httpclient/sslguide.html
--Mike
----- Original Message -----
From: <jw...@urbancode.com>
To: "HttpClient User Discussion" <ht...@jakarta.apache.org>
Sent: Wednesday, February 15, 2006 3:52 PM
Subject: HttpClient & bad_record_mac error
> Hello,
>
> I'm still trying to get httpClient to work with our intranet server over
> an https connection. I can connect and load pages via firefox, curl, and
> seemingly all other methods of retrieving a web page, but when i connect
> with httpClient, i get "javax.net.ssl.SSLException: Received fatal alert:
> bad_record_mac"...
>
> I'll be happy to provide any more info that may help. Any suggestions or
> tips on how to fix this or where the problem may lie would be appreciated.
> (and this does occure w/ httpClient 3.0)
>
> Server version: Apache/2.0.50
> OpenSSL 0.9.7d
>
> ------------------
> HttpClient httpclient = new HttpClient();
>
> String url = "https://" + ourintranetdomain + ":443");
>
> url += "/dir/";
>
> GetMethod httpget = new GetMethod(url);
> try {
> httpclient.executeMethod(httpget);
> System.out.println(httpget.getStatusLine());
> } catch (Exception e){
> e.printStackTrace();
> }finally {
> httpget.releaseConnection();
> }
> --------------------
>
> -Jeff
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: httpclient-user-help@jakarta.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: httpclient-user-help@jakarta.apache.org
Re: HttpClient & bad_record_mac error
Posted by Oleg Kalnichevski <ol...@apache.org>.
On Thu, 2006-02-16 at 10:29 -0500, jwa@urbancode.com wrote:
> > On Thu, 2006-02-16 at 09:05 -0500, jwa@urbancode.com wrote:
> > ...
> >> I had tried that before and the test-code for verisign works fine. I am
> >> using java 1.4.2-02, so most of the known issues don't apply for that
> >> reason, and the last known issue is not the error I am getting.
> >>
> >> The socket-based test code also works for the intranet server when I add
> >> the line:
> >> ((SSLSocket)ssl).setEnabledProtocols(new String[] {"SSLv3"});
> >
> > Implement a custom SSL socket factory that does that same.
> >
> > Oleg
> >
> >> excpet that it takes 10-15 secs to finally terminate unless I make the
> >> loop condition:
> >> while ((line = in.readLine()) != null && line.length()>0)
> >>
> >> Based upon the setEnabledProtocols line, I tried restricting the Cipher
> >> protocols that the apache server would use in it's conf file by:
> >> SSLProtocol -All +SSLv3
> >>
> >>
> >> ---------------------------------------------------------------------
> >> To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
> >> For additional commands, e-mail: httpclient-user-help@jakarta.apache.org
> >>
> >>
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
> > For additional commands, e-mail: httpclient-user-help@jakarta.apache.org
> >
> >
>
> Thank you very much.
>
> From an academic perspective and a practical one too, this really doesn't
> address what is causing the problem. Is it the fault of httpclient or
> some error in the server. Which is still of interest to me.
>
HttpClient does not implement its own SSL/TLS layer. It can simply use a
JSSE provider or any other Java 1.2 compatible SSL library to create
secure sockets. This problem has nothing to do with HttpClient. To find
out the cause of the problem active the SSL debugging and see at which
point the SSL session terminates abnormally. Refer to the documentation
of the SSL library for explanations.
Oleg
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: httpclient-user-help@jakarta.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: httpclient-user-help@jakarta.apache.org
Re: HttpClient & bad_record_mac error
Posted by jw...@urbancode.com.
> On Thu, 2006-02-16 at 09:05 -0500, jwa@urbancode.com wrote:
> ...
>> I had tried that before and the test-code for verisign works fine. I am
>> using java 1.4.2-02, so most of the known issues don't apply for that
>> reason, and the last known issue is not the error I am getting.
>>
>> The socket-based test code also works for the intranet server when I add
>> the line:
>> ((SSLSocket)ssl).setEnabledProtocols(new String[] {"SSLv3"});
>
> Implement a custom SSL socket factory that does that same.
>
> Oleg
>
>> excpet that it takes 10-15 secs to finally terminate unless I make the
>> loop condition:
>> while ((line = in.readLine()) != null && line.length()>0)
>>
>> Based upon the setEnabledProtocols line, I tried restricting the Cipher
>> protocols that the apache server would use in it's conf file by:
>> SSLProtocol -All +SSLv3
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
>> For additional commands, e-mail: httpclient-user-help@jakarta.apache.org
>>
>>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: httpclient-user-help@jakarta.apache.org
>
>
Thank you very much.
>From an academic perspective and a practical one too, this really doesn't
address what is causing the problem. Is it the fault of httpclient or
some error in the server. Which is still of interest to me.
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: httpclient-user-help@jakarta.apache.org
Re: HttpClient & bad_record_mac error
Posted by Oleg Kalnichevski <ol...@apache.org>.
On Thu, 2006-02-16 at 09:05 -0500, jwa@urbancode.com wrote:
...
> I had tried that before and the test-code for verisign works fine. I am
> using java 1.4.2-02, so most of the known issues don't apply for that
> reason, and the last known issue is not the error I am getting.
>
> The socket-based test code also works for the intranet server when I add
> the line:
> ((SSLSocket)ssl).setEnabledProtocols(new String[] {"SSLv3"});
Implement a custom SSL socket factory that does that same.
Oleg
> excpet that it takes 10-15 secs to finally terminate unless I make the
> loop condition:
> while ((line = in.readLine()) != null && line.length()>0)
>
> Based upon the setEnabledProtocols line, I tried restricting the Cipher
> protocols that the apache server would use in it's conf file by:
> SSLProtocol -All +SSLv3
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: httpclient-user-help@jakarta.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: httpclient-user-help@jakarta.apache.org
Re: HttpClient & bad_record_mac error
Posted by jw...@urbancode.com.
> On Wed, 2006-02-15 at 15:52 -0500, jwa@urbancode.com wrote:
>> Hello,
>>
>> I'm still trying to get httpClient to work with our intranet server over
>> an https connection. I can connect and load pages via firefox, curl,
>> and
>> seemingly all other methods of retrieving a web page, but when i connect
>> with httpClient, i get "javax.net.ssl.SSLException: Received fatal
>> alert:
>> bad_record_mac"...
>>
>> I'll be happy to provide any more info that may help. Any suggestions
>> or
>> tips on how to fix this or where the problem may lie would be
>> appreciated.
>> (and this does occure w/ httpClient 3.0)
>>
>> Server version: Apache/2.0.50
>> OpenSSL 0.9.7d
>>
>> ------------------
>> HttpClient httpclient = new HttpClient();
>>
>> String url = "https://" + ourintranetdomain + ":443");
>>
>> url += "/dir/";
>>
>> GetMethod httpget = new GetMethod(url);
>> try {
>> httpclient.executeMethod(httpget);
>> System.out.println(httpget.getStatusLine());
>> } catch (Exception e){
>> e.printStackTrace();
>> }finally {
>> httpget.releaseConnection();
>> }
>> --------------------
>>
>> -Jeff
>
> Jeff,
>
> Please follow the instructions given in the troubleshooting section of
> the SSL guide [1]. You may also want to take a look at the 'Known
> limitations and problems'
>
> [1] http://jakarta.apache.org/commons/httpclient/sslguide.html
>
> Oleg
>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
>> For additional commands, e-mail: httpclient-user-help@jakarta.apache.org
>>
>>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: httpclient-user-help@jakarta.apache.org
>
>
I had tried that before and the test-code for verisign works fine. I am
using java 1.4.2-02, so most of the known issues don't apply for that
reason, and the last known issue is not the error I am getting.
The socket-based test code also works for the intranet server when I add
the line:
((SSLSocket)ssl).setEnabledProtocols(new String[] {"SSLv3"});
excpet that it takes 10-15 secs to finally terminate unless I make the
loop condition:
while ((line = in.readLine()) != null && line.length()>0)
Based upon the setEnabledProtocols line, I tried restricting the Cipher
protocols that the apache server would use in it's conf file by:
SSLProtocol -All +SSLv3
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: httpclient-user-help@jakarta.apache.org
Re: HttpClient & bad_record_mac error
Posted by Oleg Kalnichevski <ol...@apache.org>.
On Wed, 2006-02-15 at 15:52 -0500, jwa@urbancode.com wrote:
> Hello,
>
> I'm still trying to get httpClient to work with our intranet server over
> an https connection. I can connect and load pages via firefox, curl, and
> seemingly all other methods of retrieving a web page, but when i connect
> with httpClient, i get "javax.net.ssl.SSLException: Received fatal alert:
> bad_record_mac"...
>
> I'll be happy to provide any more info that may help. Any suggestions or
> tips on how to fix this or where the problem may lie would be appreciated.
> (and this does occure w/ httpClient 3.0)
>
> Server version: Apache/2.0.50
> OpenSSL 0.9.7d
>
> ------------------
> HttpClient httpclient = new HttpClient();
>
> String url = "https://" + ourintranetdomain + ":443");
>
> url += "/dir/";
>
> GetMethod httpget = new GetMethod(url);
> try {
> httpclient.executeMethod(httpget);
> System.out.println(httpget.getStatusLine());
> } catch (Exception e){
> e.printStackTrace();
> }finally {
> httpget.releaseConnection();
> }
> --------------------
>
> -Jeff
Jeff,
Please follow the instructions given in the troubleshooting section of
the SSL guide [1]. You may also want to take a look at the 'Known
limitations and problems'
[1] http://jakarta.apache.org/commons/httpclient/sslguide.html
Oleg
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: httpclient-user-help@jakarta.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: httpclient-user-help@jakarta.apache.org
HttpClient & bad_record_mac error
Posted by jw...@urbancode.com.
Hello,
I'm still trying to get httpClient to work with our intranet server over
an https connection. I can connect and load pages via firefox, curl, and
seemingly all other methods of retrieving a web page, but when i connect
with httpClient, i get "javax.net.ssl.SSLException: Received fatal alert:
bad_record_mac"...
I'll be happy to provide any more info that may help. Any suggestions or
tips on how to fix this or where the problem may lie would be appreciated.
(and this does occure w/ httpClient 3.0)
Server version: Apache/2.0.50
OpenSSL 0.9.7d
------------------
HttpClient httpclient = new HttpClient();
String url = "https://" + ourintranetdomain + ":443");
url += "/dir/";
GetMethod httpget = new GetMethod(url);
try {
httpclient.executeMethod(httpget);
System.out.println(httpget.getStatusLine());
} catch (Exception e){
e.printStackTrace();
}finally {
httpget.releaseConnection();
}
--------------------
-Jeff
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: httpclient-user-help@jakarta.apache.org
Re: HttpClient & SSL/TLS bad_record_mac error
Posted by Oleg Kalnichevski <ol...@apache.org>.
jwa@urbancode.com wrote:
> Sorry, for not mentioning it, and perhaps it doesn't make a difference,
> but I am using HttpClient 2.0 series. If this is the wrong mailing list,
> i appologize, the link on
> http://jakarta.apache.org/commons/httpclient/2.0/mail-lists.html do not
> work.
>
> Doing coding is fine. System properties would have just been simpler.
> Thank you, any more details on how I may fix it (w/ code or otherwise).
>
> -Jeff
>
>
Jeff,
This is the right mailing list. This said, we no longer support
HttpClient 2.0 beyond critical security fixes. The good news is that the
SSL customization works the same way in HttpClient 2.0 and HttpClient
3.0. Follow the instructions of the SSL guide and implement a custom SSL
socket factory with the desired SSL context settings.
Hope this helps,
Oleg
>
>> On Mon, 2006-02-13 at 17:35 -0500, jwa@urbancode.com wrote:
>>
>>> I am trying to use the HttpClient over ssl with our server and am having
>>> troubles with "bad_record_mac" errors.
>>>
>>> Using just sockets (not httpclient) I was able to get the connection to
>>> work by
>>> ((SSLSocket)ssl).setEnabledProtocols(new String[] {"SSLv3"});
>>>
>>> However, I need to get the HttpClient to work as well. When I attempt
>>> to
>>> use HttpClient I get sill get the "bad_record_mac" error. How can make
>>> it
>>> only use the SSLv3 connection and not TLS (which i believe is where the
>>> error is coming from)? And this may seem silly, but this is actually a
>>> part of another project that I am using, I would prefer it if this can
>>> be
>>> accomplished through setting some system properties/environment
>>> variables
>>> and minimizing the amount of custom code.
>>>
>>>
>> Jeff,
>>
>> HttpClient 3.0 does not make use of any system properties. There is no
>> way around writing _some_ code. For details see the HttpClient SSL guide
>>
>> http://jakarta.apache.org/commons/httpclient/sslguide.html
>>
>> Oleg
>>
>>
>>
>>
>>> Exception in thread "main" javax.net.ssl.SSLException: Received fatal
>>> alert: bad_record_mac
>>> at com.sun.net.ssl.internal.ssl.BaseSSLSocketImpl.a(DashoA12275)
>>> at com.sun.net.ssl.internal.ssl.BaseSSLSocketImpl.b(DashoA12275)
>>> at com.sun.net.ssl.internal.ssl.SSLSocketImpl.b(DashoA12275)
>>> at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA12275)
>>> at com.sun.net.ssl.internal.ssl.SSLSocketImpl.j(DashoA12275)
>>> at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA12275)
>>> at com.sun.net.ssl.internal.ssl.AppOutputStream.write(DashoA12275)
>>> at
>>> org.apache.commons.httpclient.HttpConnection$WrappedOutputStream.write(HttpConnection.java:1368)
>>> at
>>> java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:66)
>>> at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:124)
>>> at
>>> org.apache.commons.httpclient.HttpConnection.flushRequestOutputStream(HttpConnection.java:799)
>>> at
>>> org.apache.commons.httpclient.HttpMethodBase.writeRequest(HttpMethodBase.java:2277)
>>> at
>>> org.apache.commons.httpclient.HttpMethodBase.processRequest(HttpMethodBase.java:2657)
>>> at
>>> org.apache.commons.httpclient.HttpMethodBase.execute(HttpMethodBase.java:1093)
>>> at
>>> org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:675)
>>> at
>>> org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:529)
>>> at SSLTestClient.testIntranetB(SSLTestClient.java:126)
>>> at SSLTestClient.main(SSLTestClient.java:47)
>>>
>>>
>>> Any insight that you can offer into this problem would be greatly
>>> appreciated.
>>>
>>> Thank you very much for your help,
>>> Jeff
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
>>> For additional commands, e-mail: httpclient-user-help@jakarta.apache.org
>>>
>>>
>>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
>> For additional commands, e-mail: httpclient-user-help@jakarta.apache.org
>>
>>
>>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: httpclient-user-help@jakarta.apache.org
>
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: httpclient-user-help@jakarta.apache.org
Re: HttpClient & SSL/TLS bad_record_mac error
Posted by sebb <se...@gmail.com>.
On 13/02/06, jwa@urbancode.com <jw...@urbancode.com> wrote:
> Sorry, for not mentioning it, and perhaps it doesn't make a difference,
> but I am using HttpClient 2.0 series. If this is the wrong mailing list,
> i appologize, the link on
> http://jakarta.apache.org/commons/httpclient/2.0/mail-lists.html do not
> work.
Fixed - hopefully. The updated page will take a few hours to appear.
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: httpclient-user-help@jakarta.apache.org
Re: HttpClient & SSL/TLS bad_record_mac error
Posted by jw...@urbancode.com.
Sorry, for not mentioning it, and perhaps it doesn't make a difference,
but I am using HttpClient 2.0 series. If this is the wrong mailing list,
i appologize, the link on
http://jakarta.apache.org/commons/httpclient/2.0/mail-lists.html do not
work.
Doing coding is fine. System properties would have just been simpler.
Thank you, any more details on how I may fix it (w/ code or otherwise).
-Jeff
> On Mon, 2006-02-13 at 17:35 -0500, jwa@urbancode.com wrote:
>> I am trying to use the HttpClient over ssl with our server and am having
>> troubles with "bad_record_mac" errors.
>>
>> Using just sockets (not httpclient) I was able to get the connection to
>> work by
>> ((SSLSocket)ssl).setEnabledProtocols(new String[] {"SSLv3"});
>>
>> However, I need to get the HttpClient to work as well. When I attempt
>> to
>> use HttpClient I get sill get the "bad_record_mac" error. How can make
>> it
>> only use the SSLv3 connection and not TLS (which i believe is where the
>> error is coming from)? And this may seem silly, but this is actually a
>> part of another project that I am using, I would prefer it if this can
>> be
>> accomplished through setting some system properties/environment
>> variables
>> and minimizing the amount of custom code.
>>
>
> Jeff,
>
> HttpClient 3.0 does not make use of any system properties. There is no
> way around writing _some_ code. For details see the HttpClient SSL guide
>
> http://jakarta.apache.org/commons/httpclient/sslguide.html
>
> Oleg
>
>
>
>> Exception in thread "main" javax.net.ssl.SSLException: Received fatal
>> alert: bad_record_mac
>> at com.sun.net.ssl.internal.ssl.BaseSSLSocketImpl.a(DashoA12275)
>> at com.sun.net.ssl.internal.ssl.BaseSSLSocketImpl.b(DashoA12275)
>> at com.sun.net.ssl.internal.ssl.SSLSocketImpl.b(DashoA12275)
>> at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA12275)
>> at com.sun.net.ssl.internal.ssl.SSLSocketImpl.j(DashoA12275)
>> at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA12275)
>> at com.sun.net.ssl.internal.ssl.AppOutputStream.write(DashoA12275)
>> at
>> org.apache.commons.httpclient.HttpConnection$WrappedOutputStream.write(HttpConnection.java:1368)
>> at
>> java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:66)
>> at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:124)
>> at
>> org.apache.commons.httpclient.HttpConnection.flushRequestOutputStream(HttpConnection.java:799)
>> at
>> org.apache.commons.httpclient.HttpMethodBase.writeRequest(HttpMethodBase.java:2277)
>> at
>> org.apache.commons.httpclient.HttpMethodBase.processRequest(HttpMethodBase.java:2657)
>> at
>> org.apache.commons.httpclient.HttpMethodBase.execute(HttpMethodBase.java:1093)
>> at
>> org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:675)
>> at
>> org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:529)
>> at SSLTestClient.testIntranetB(SSLTestClient.java:126)
>> at SSLTestClient.main(SSLTestClient.java:47)
>>
>>
>> Any insight that you can offer into this problem would be greatly
>> appreciated.
>>
>> Thank you very much for your help,
>> Jeff
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
>> For additional commands, e-mail: httpclient-user-help@jakarta.apache.org
>>
>>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: httpclient-user-help@jakarta.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: httpclient-user-help@jakarta.apache.org
Re: HttpClient & SSL/TLS bad_record_mac error
Posted by Oleg Kalnichevski <ol...@apache.org>.
On Mon, 2006-02-13 at 17:35 -0500, jwa@urbancode.com wrote:
> I am trying to use the HttpClient over ssl with our server and am having
> troubles with "bad_record_mac" errors.
>
> Using just sockets (not httpclient) I was able to get the connection to
> work by
> ((SSLSocket)ssl).setEnabledProtocols(new String[] {"SSLv3"});
>
> However, I need to get the HttpClient to work as well. When I attempt to
> use HttpClient I get sill get the "bad_record_mac" error. How can make it
> only use the SSLv3 connection and not TLS (which i believe is where the
> error is coming from)? And this may seem silly, but this is actually a
> part of another project that I am using, I would prefer it if this can be
> accomplished through setting some system properties/environment variables
> and minimizing the amount of custom code.
>
Jeff,
HttpClient 3.0 does not make use of any system properties. There is no
way around writing _some_ code. For details see the HttpClient SSL guide
http://jakarta.apache.org/commons/httpclient/sslguide.html
Oleg
> Exception in thread "main" javax.net.ssl.SSLException: Received fatal
> alert: bad_record_mac
> at com.sun.net.ssl.internal.ssl.BaseSSLSocketImpl.a(DashoA12275)
> at com.sun.net.ssl.internal.ssl.BaseSSLSocketImpl.b(DashoA12275)
> at com.sun.net.ssl.internal.ssl.SSLSocketImpl.b(DashoA12275)
> at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA12275)
> at com.sun.net.ssl.internal.ssl.SSLSocketImpl.j(DashoA12275)
> at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA12275)
> at com.sun.net.ssl.internal.ssl.AppOutputStream.write(DashoA12275)
> at
> org.apache.commons.httpclient.HttpConnection$WrappedOutputStream.write(HttpConnection.java:1368)
> at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:66)
> at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:124)
> at
> org.apache.commons.httpclient.HttpConnection.flushRequestOutputStream(HttpConnection.java:799)
> at
> org.apache.commons.httpclient.HttpMethodBase.writeRequest(HttpMethodBase.java:2277)
> at
> org.apache.commons.httpclient.HttpMethodBase.processRequest(HttpMethodBase.java:2657)
> at
> org.apache.commons.httpclient.HttpMethodBase.execute(HttpMethodBase.java:1093)
> at
> org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:675)
> at
> org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:529)
> at SSLTestClient.testIntranetB(SSLTestClient.java:126)
> at SSLTestClient.main(SSLTestClient.java:47)
>
>
> Any insight that you can offer into this problem would be greatly
> appreciated.
>
> Thank you very much for your help,
> Jeff
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: httpclient-user-help@jakarta.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: httpclient-user-help@jakarta.apache.org