Hi All

I am getting the following message when run my application

Caused by: javax.net.ssl.SSLException: Unrecognized SSL message,
plaintext connection?
	at com.sun.net.ssl.internal.ssl.InputRecord.b(Unknown Source)
	at com.sun.net.ssl.internal.ssl.InputRecord.read(Unknown Source)
	at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(Unknown Source)
	at com.sun.net.ssl.internal.ssl.SSLSocketImpl.j(Unknown Source)
	at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(Unknown Source)
	at com.sun.net.ssl.internal.ssl.AppInputStream.read(Unknown Source)
	at sun.nio.cs.StreamDecoder$CharsetSD.readBytes(Unknown Source)
	at sun.nio.cs.StreamDecoder$CharsetSD.implRead(Unknown Source)
	at sun.nio.cs.StreamDecoder.read(Unknown Source)
	at java.io.InputStreamReader.read(Unknown Source)
	at java.io.BufferedReader.fill(Unknown Source)
	at java.io.BufferedReader.readLine(Unknown Source)
	at java.io.BufferedReader.readLine(Unknown Source)

Let me give a brief overview of my application.
This is a FTPS (NOT SFTP) client connecting to the FTP server on port
990. I am trying to connect to the server download the server
certificate and then load it dynamically in the trustmanager and then
do the normal FTP operations.
The application connects fine for downloading the ceritificate,
logging in and getting the initial working directory details. Thereon
any operation throws me this error.

Any ideas are welcome.

Thanks in advance
SV

I have gone thru lot of forums and boards. Lot of guys seems to have
this issue, but I havent seen a single solution. I hope some of you
might point me in the right direction. I have gone thru the java
documentation as well to look for the cause of this exception. But
could not get the right pointer to the solution.

By the way I am using JDK1.4.2

With JDK1.4.0 I get the following error

Caused by: javax.net.ssl.SSLException: Unrecognized SSL handshake.
	at com.sun.net.ssl.internal.ssl.InputRecord.read(DashoA6275)
	at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
	at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
	at com.sun.net.ssl.internal.ssl.AppInputStream.read(DashoA6275)
	at sun.nio.cs.StreamDecoder$CharsetSD.readBytes(Unknown Source)
	at sun.nio.cs.StreamDecoder$CharsetSD.implRead(Unknown Source)
	at sun.nio.cs.StreamDecoder.read(Unknown Source)
	at java.io.InputStreamReader.read(Unknown Source)
	at java.io.BufferedReader.fill(Unknown Source)
	at java.io.BufferedReader.readLine(Unknown Source)
	at java.io.BufferedReader.readLine(Unknown Source)

With IBM JDK1.4 I get the following error

Caused by: javax.net.ssl.SSLHandshakeException: unexpected message
	at com.ibm.jsse.bv.a(Unknown Source)
	at com.ibm.jsse.a.a(Unknown Source)
	at com.ibm.jsse.a.read(Unknown Source)
	at sun.nio.cs.StreamDecoder$ConverterSD.implRead(StreamDecoder.java:
325)
	at sun.nio.cs.StreamDecoder.read(StreamDecoder.java:223)
	at java.io.InputStreamReader.read(InputStreamReader.java:208)
	at java.io.BufferedReader.fill(BufferedReader.java:153)
	at java.io.BufferedReader.readLine(BufferedReader.java(Compiled
Code))
	at java.io.BufferedReader.readLine(BufferedReader.java:379)

svatti@gmail.com wrote:

>This is a FTPS (NOT SFTP) client connecting to the FTP server on port
>990. I am trying to connect to the server download the server
>certificate and then load it dynamically in the trustmanager and then
>do the normal FTP operations.
>The application connects fine for downloading the ceritificate,
>logging in and getting the initial working directory details. Thereon
>any operation throws me this error.
>
>Any ideas are welcome.

I think the problem comes from using a SSLSocket directly. As far as I can 
see in the FTPS RFCs (RFC 2228 and 4217) securing FTP through TLS works 
different from how it works for HTTP (see RFC 2817).

With HTTP client and server exchange a few messages to agree, that they 
will continue with TLS, and then the TLS handshake happens directly, i.e. 
without any interference from the HTTP protocol.

That's different in FTPS, here all communication stays within in the FTPS 
protocol and the TLS handshake is encapsulated within FTPS-ADAT messages 
as Base64 encoded data. This is however not supported by the SSLSocket. 
Instead, at least AFAIK, you have to provide your own FTPS-aware 
implementation of SSLEngine, which in turn uses the wrap/unwrap methods to 
exchange the FTPS-ADAT messages, and also implements all the other 
abstract methods using the appropriate FTPS messages. I assume it's a lot 
of work, so I recommend you try looking for ready-to-use implementation, 
you might even consider to buy one, if you cannot find a free one.

HTH

cu

Hi

I am successful in the following operations
- connecting to the server
- adding the server certificate to the client trustmanager dynamically
(without user intervention - that is the requirement here)
- logging into the server
- getting the details of the current working directory

But thereon... any other operation fails with the above exception. Is
it something to to do with the SSLSession. Do I have to do something
on the session?

Thanks again

SV

To add to the previous post....

After login, I can change/delete/make directory.
But only the list command fails... reading the response from the
server

Thanks
SV

svatti@gmail.com wrote:
> To add to the previous post....
> 
> After login, I can change/delete/make directory.
> But only the list command fails... reading the response from the
> server
> 
> Thanks
> SV
> 
> 
It appears the SSL handshake is failing on the data connection but why 
this should be I don't know. I assume you are using the old standard of 
FTPS which uses implicit SSL on the control and data channels? If not 
then maybe you need to set the protection level of the data channel 
before performing a command which uses it (get/put/list etc).

You could also try turning on additional SSL tracing to stdout using:

System.setProperty( "javax.net.debug", "ssl");


Regards,

Damian.

Absolutely Damien

Handshake is failing over Data Connection.
I am using implicit-SSL for connecting to the server.
I will post the debug details shortly

Thanks for the reply

SV

Pl find the debug trace below
The control connection handshake is proper. But the data connection
handshake is messed up. Pl let me know if you see any pointers.

trigger seeding of SecureRandom
done seeding SecureRandom
%% No cached client session
*** ClientHello, TLSv1
RandomCookie:  GMT: 1155086860 bytes = { 111, 136, 0, 235, 199, 143,
1, 247, 249, 156, 136, 61, 111, 168, 27, 182, 117, 13, 231, 43, 18,
117, 155, 194, 106, 42, 182, 114 }
Session ID:  {}
Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA,
TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA,
SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA,
SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA,
SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5,
SSL_RSA_EXPORT_WITH_DES40_CBC_SHA,
SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA,
SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA]
Compression Methods:  { 0 }
***
main, WRITE: TLSv1 Handshake, length = 73
main, WRITE: SSLv2 client hello message, length = 98
main, READ: TLSv1 Handshake, length = 679
*** ServerHello, TLSv1
RandomCookie:  GMT: 1155086492 bytes = { 45, 247, 177, 187, 98, 111,
81, 10, 115, 20, 232, 54, 21, 116, 16, 209, 63, 230, 34, 24, 80, 180,
83, 21, 100, 102, 125, 93 }
Session ID:  {69, 217, 57, 156, 51, 36, 133, 233, 75, 40, 3, 92, 174,
21, 202, 200, 220, 92, 39, 69, 85, 64, 233, 171, 12, 50, 70, 162, 26,
119, 159, 105}
Cipher Suite: SSL_RSA_WITH_RC4_128_MD5
Compression Method: 0
***
%% Created:  [Session-1, SSL_RSA_WITH_RC4_128_MD5]
** SSL_RSA_WITH_RC4_128_MD5
*** Certificate chain
chain [0] = [
[
  Version: V1
  Subject: CN=XXXXXXXX, OU=XXXXXXXX, O=XXXXXXX, L=XXXXXXXXX, ST=XX,
C=XXXXXX
  Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4

  Key:  SunJSSE RSA public key:
  public exponent:
    010001
  modulus:
    6a5d4621 af4cff83 0c168348 b3e63334 20b2682c f8808497 dcce35b5
6dc381f4
    43dac70c e114379a 282601f3 4375207b 28c10ef0 233383df 55580196
bea889d0
    a2db02d3 66eae648 8c7b07e2 400833ea a114081e 23328a95 68688356
acf9d3eb
    e2801cb5 09efa3a8 86c5dc95 baf14fc5 32786178 465ae53b b08c1660
84f587a5
  Validity: [From: Fri Dec 15 00:19:33 GMT+05:30 2006,
               To: Mon Dec 14 00:19:33 GMT+05:30 2009]
  Issuer: CN=XXXXXXXX, OU=XXXXXXXX, O=XXXXXXX, L=XXXXXXXXX, ST=XX,
C=XXXXXX
  SerialNumber: [    45819cbd]

]
  Algorithm: [MD5withRSA]
  Signature:
0000: 67 2A 4B 6A C8 98 3D ED   94 C1 30 CE FE 84 38 17  g*Kj..=...
0...8.
0010: D1 30 20 E0 9E D9 D2 ED   8B E3 11 55 1B 6C A8 39  .
0 ........U.l.9
0020: F2 99 4A D6 57 5C 19 8D   9D A6 5E B0 EC 51 B5 32  ..J.W
\....^..Q.2
0030: AB C5 06 FE C8 7D 5E E6   A4 37 E2 0C 36 2D 7A 82  ......^..7..6-
z.
0040: B5 D5 0A 33 CC EC 53 26   56 74 88 A1 49 AF F1 9A  ...
3..S&Vt..I...
0050: D3 C3 66 B5 F8 6C 71 88   27 82 35 71 DD EF F8 4C  ..f..lq.'.
5q...L
0060: 85 A4 57 EF 2B 00 86 05   3E A2 43 B4 2E CC 85 A5  ..W.
+...>.C.....
0070: 9D 8A C8 9B B2 EA 3C 65   30 03 35 0B D2 41 F6
2A  ......<e0.5..A.*

]
***
*** ServerHelloDone
JsseJCE: Using JSSE internal implementation for cipher RSA/ECB/
PKCS1Padding
*** ClientKeyExchange, RSA PreMasterSecret, TLSv1
Random Secret:  { 3, 1, 110, 126, 187, 22, 78, 149, 225, 0, 137, 65,
172, 116, 122, 6, 57, 225, 70, 2, 26, 255, 170, 0, 207, 46, 198, 190,
76, 55, 64, 158, 127, 52, 227, 157, 115, 59, 161, 156, 221, 228, 123,
204, 174, 17, 200, 13 }
main, WRITE: TLSv1 Handshake, length = 134
SESSION KEYGEN:
PreMaster Secret:
0000: 03 01 6E 7E BB 16 4E 95   E1 00 89 41 AC 74 7A
06  ..n...N....A.tz.
0010: 39 E1 46 02 1A FF AA 00   CF 2E C6 BE 4C 37 40 9E
9.F.........L7@.
0020: 7F 34 E3 9D 73 3B A1 9C   DD E4 7B CC AE 11 C8 0D  .
4..s;..........
CONNECTION KEYGEN:
Client Nonce:
0000: 45 D9 3A 0C 6F 88 00 EB   C7 8F 01 F7 F9 9C 88 3D
E.:.o..........=
0010: 6F A8 1B B6 75 0D E7 2B   12 75 9B C2 6A 2A B6 72  o...u..
+.u..j*.r
Server Nonce:
0000: 45 D9 39 9C 2D F7 B1 BB   62 6F 51 0A 73 14 E8 36  E.
9.-...boQ.s..6
0010: 15 74 10 D1 3F E6 22 18   50 B4 53 15 64 66 7D
5D  .t..?.".P.S.df.]
Master Secret:
0000: BC 6E D8 B9 B4 48 FF 68   77 0C ED 31 01 29 96 BC  .n...H.hw..
1.)..
0010: 1A DE C9 E6 09 D0 98 B3   1F AE AC 40 22 FB 32 AA  ...........@".
2.
0020: 92 FA 69 5A 9F D6 62 0F   5F 8F 4D 85 FF 56 5F
F8  ..iZ..b._.M..V_.
Client MAC write Secret:
0000: AB D2 17 06 39 01 A8 CF   3A 85 13 11 B7 6F 84 27  ....
9...:....o.'
Server MAC write Secret:
0000: A5 FA 6D 0A DD 4D 7B AC   8A F4 C7 4C 75 38 DD
77  ..m..M.....Lu8.w
Client write key:
0000: 17 7D A4 B9 D6 0A B4 39   2A 54 0A E1 D1 9E 99 4C  .......
9*T.....L
Server write key:
0000: 99 09 7A 1B D2 91 EA 5B   A6 79 AD 25 E3 EF 50 3A  ..z....[.y.
%..P:
.... no IV for cipher
main, WRITE: TLSv1 Change Cipher Spec, length = 1
JsseJCE: Using JSSE internal implementation for cipher RC4
*** Finished
verify_data:  { 191, 175, 96, 88, 3, 207, 223, 205, 8, 95, 26, 156 }
***
main, WRITE: TLSv1 Handshake, length = 32
main, READ: TLSv1 Change Cipher Spec, length = 1
JsseJCE: Using JSSE internal implementation for cipher RC4
main, READ: TLSv1 Handshake, length = 32
*** Finished
verify_data:  { 25, 77, 240, 210, 123, 172, 186, 59, 206, 95, 247,
206 }
***
%% Cached client session: [Session-1, SSL_RSA_WITH_RC4_128_MD5]
%% Invalidated:  [Session-1, SSL_RSA_WITH_RC4_128_MD5]
main, called close()
main, called closeInternal(true)
main, SEND TLSv1 ALERT:  warning, description = close_notify
main, WRITE: TLSv1 Alert, length = 18
trigger seeding of SecureRandom
done seeding SecureRandom
setSoTimeout(2000) called
%% No cached client session
*** ClientHello, TLSv1
RandomCookie:  GMT: 1155086862 bytes = { 183, 59, 145, 120, 72, 186,
6, 217, 240, 60, 97, 121, 168, 36, 35, 20, 16, 15, 130, 102, 69, 175,
98, 239, 51, 72, 232, 130 }
Session ID:  {}
Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA,
TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA,
SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA,
SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA,
SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5,
SSL_RSA_EXPORT_WITH_DES40_CBC_SHA,
SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA,
SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA]
Compression Methods:  { 0 }
***
main, WRITE: TLSv1 Handshake, length = 73
main, WRITE: SSLv2 client hello message, length = 98
main, READ: TLSv1 Handshake, length = 679
*** ServerHello, TLSv1
RandomCookie:  GMT: 1155086494 bytes = { 108, 44, 160, 233, 211, 242,
86, 241, 156, 22, 118, 242, 46, 253, 63, 244, 148, 9, 75, 97, 73, 49,
41, 150, 27, 22, 34, 123 }
Session ID:  {69, 217, 57, 158, 183, 94, 29, 30, 174, 215, 115, 194,
22, 28, 19, 15, 32, 20, 233, 100, 120, 63, 127, 167, 124, 153, 216,
181, 90, 150, 6, 61}
Cipher Suite: SSL_RSA_WITH_RC4_128_MD5
Compression Method: 0
***
%% Created:  [Session-2, SSL_RSA_WITH_RC4_128_MD5]
** SSL_RSA_WITH_RC4_128_MD5
*** Certificate chain
chain [0] = [
[
  Version: V1
  Subject: CN=XXXXXXXX, OU=XXXXXXXX, O=XXXXXXX, L=XXXXXXXXX, ST=XX,
C=XXXXXX
  Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4

  Key:  SunJSSE RSA public key:
  public exponent:
    010001
  modulus:
    6a5d4621 af4cff83 0c168348 b3e63334 20b2682c f8808497 dcce35b5
6dc381f4
    43dac70c e114379a 282601f3 4375207b 28c10ef0 233383df 55580196
bea889d0
    a2db02d3 66eae648 8c7b07e2 400833ea a114081e 23328a95 68688356
acf9d3eb
    e2801cb5 09efa3a8 86c5dc95 baf14fc5 32786178 465ae53b b08c1660
84f587a5
  Validity: [From: Fri Dec 15 00:19:33 GMT+05:30 2006,
               To: Mon Dec 14 00:19:33 GMT+05:30 2009]
  Issuer: CN=XXXXXXXX, OU=XXXXXXXX, O=XXXXXXX, L=XXXXXXXXX, ST=XX,
C=XXXXXX
  SerialNumber: [    45819cbd]

]
  Algorithm: [MD5withRSA]
  Signature:
0000: 67 2A 4B 6A C8 98 3D ED   94 C1 30 CE FE 84 38 17  g*Kj..=...
0...8.
0010: D1 30 20 E0 9E D9 D2 ED   8B E3 11 55 1B 6C A8 39  .
0 ........U.l.9
0020: F2 99 4A D6 57 5C 19 8D   9D A6 5E B0 EC 51 B5 32  ..J.W
\....^..Q.2
0030: AB C5 06 FE C8 7D 5E E6   A4 37 E2 0C 36 2D 7A 82  ......^..7..6-
z.
0040: B5 D5 0A 33 CC EC 53 26   56 74 88 A1 49 AF F1 9A  ...
3..S&Vt..I...
0050: D3 C3 66 B5 F8 6C 71 88   27 82 35 71 DD EF F8 4C  ..f..lq.'.
5q...L
0060: 85 A4 57 EF 2B 00 86 05   3E A2 43 B4 2E CC 85 A5  ..W.
+...>.C.....
0070: 9D 8A C8 9B B2 EA 3C 65   30 03 35 0B D2 41 F6
2A  ......<e0.5..A.*

]
***
*** ServerHelloDone
JsseJCE: Using JSSE internal implementation for cipher RSA/ECB/
PKCS1Padding
*** ClientKeyExchange, RSA PreMasterSecret, TLSv1
Random Secret:  { 3, 1, 186, 219, 7, 135, 115, 151, 104, 176, 84, 47,
243, 241, 171, 40, 206, 199, 16, 248, 153, 62, 193, 45, 146, 46, 102,
56, 62, 231, 31, 223, 100, 101, 153, 113, 158, 91, 34, 252, 160, 157,
158, 6, 212, 222, 105, 191 }
main, WRITE: TLSv1 Handshake, length = 134
SESSION KEYGEN:
PreMaster Secret:
0000: 03 01 BA DB 07 87 73 97   68 B0 54 2F F3 F1 AB
28  ......s.h.T/...(
0010: CE C7 10 F8 99 3E C1 2D   92 2E 66 38 3E E7 1F
DF  .....>.-..f8>...
0020: 64 65 99 71 9E 5B 22 FC   A0 9D 9E 06 D4 DE 69 BF  de.q.
[".......i.
CONNECTION KEYGEN:
Client Nonce:
0000: 45 D9 3A 0E B7 3B 91 78   48 BA 06 D9 F0 3C 61 79
E.:..;.xH....<ay
0010: A8 24 23 14 10 0F 82 66   45 AF 62 EF 33 48 E8 82  .$#....fE.b.
3H..
Server Nonce:
0000: 45 D9 39 9E 6C 2C A0 E9   D3 F2 56 F1 9C 16 76 F2  E.
9.l,....V...v.
0010: 2E FD 3F F4 94 09 4B 61   49 31 29 96 1B 16 22
7B  ..?...KaI1)...".
Master Secret:
0000: D2 A3 90 F7 EF 57 21 EA   36 8C 87 87 60 45 2F C3  .....W!.
6...`E/.
0010: 2E F9 9D 70 13 D5 46 EB   DC C6 73 70 EF 94 EB
59  ...p..F...sp...Y
0020: 8B D1 1E 34 CF E8 CF 48   96 7C 48 39 7F 2A 70 51  ...
4...H..H9.*pQ
Client MAC write Secret:
0000: 87 68 CD F7 CB 37 08 1F   19 B2 82 2C 07 4A 8A 64  .h...
7.....,.J.d
Server MAC write Secret:
0000: 5E 09 3F 78 91 B4 48 C3   69 94 20 24 B8 B6 8D F4  ^.?x..H.i.
$....
Client write key:
0000: 1E 5E 67 09 2C CD ED A9   CD 7E CA F7 95 AC 32 DA  .^g.,.........
2.
Server write key:
0000: 21 5B 8B 68 B4 CB EC FC   8B BF BB 3C 69 08 77 75  !
[.h.......<i.wu
.... no IV for cipher
main, WRITE: TLSv1 Change Cipher Spec, length = 1
JsseJCE: Using JSSE internal implementation for cipher RC4
*** Finished
verify_data:  { 229, 206, 100, 121, 133, 21, 49, 18, 81, 144, 164,
28 }
***
main, WRITE: TLSv1 Handshake, length = 32
main, READ: TLSv1 Change Cipher Spec, length = 1
JsseJCE: Using JSSE internal implementation for cipher RC4
main, READ: TLSv1 Handshake, length = 32
*** Finished
verify_data:  { 214, 92, 134, 169, 255, 74, 248, 219, 138, 172, 158,
198 }
***
%% Cached client session: [Session-2, SSL_RSA_WITH_RC4_128_MD5]
setSoTimeout(2000) called
setSoTimeout(0) called
main, READ: TLSv1 Application Data, length = 61
main, READ: TLSv1 Application Data, length = 71
main, WRITE: TLSv1 Application Data, length = 36
main, READ: TLSv1 Application Data, length = 61
main, WRITE: TLSv1 Application Data, length = 37
main, READ: TLSv1 Application Data, length = 71
main, READ: TLSv1 Application Data, length = 22
main, READ: TLSv1 Application Data, length = 22
main, READ: TLSv1 Application Data, length = 87
main, READ: TLSv1 Application Data, length = 87
main, READ: TLSv1 Application Data, length = 22
main, READ: TLSv1 Application Data, length = 77
main, READ: TLSv1 Application Data, length = 76
main, READ: TLSv1 Application Data, length = 79
main, READ: TLSv1 Application Data, length = 78
main, READ: TLSv1 Application Data, length = 22
main, READ: TLSv1 Application Data, length = 87
main, READ: TLSv1 Application Data, length = 87
main, READ: TLSv1 Application Data, length = 22
main, READ: TLSv1 Application Data, length = 44
main, READ: TLSv1 Application Data, length = 89
main, READ: TLSv1 Application Data, length = 63
main, READ: TLSv1 Application Data, length = 22
main, READ: TLSv1 Application Data, length = 48
main, WRITE: TLSv1 Application Data, length = 29
main, READ: TLSv1 Application Data, length = 44
main, WRITE: TLSv1 Application Data, length = 22
main, READ: TLSv1 Application Data, length = 37
main, WRITE: TLSv1 Application Data, length = 29
main, READ: TLSv1 Application Data, length = 44
main, WRITE: TLSv1 Application Data, length = 22
main, READ: TLSv1 Application Data, length = 35
main, WRITE: TLSv1 Application Data, length = 40
main, READ: TLSv1 Application Data, length = 46
main, WRITE: TLSv1 Application Data, length = 22
main, READ: TLSv1 Application Data, length = 69
%% No cached client session
*** ClientHello, TLSv1
RandomCookie:  GMT: 1155086872 bytes = { 130, 77, 150, 77, 223, 150,
17, 36, 24, 182, 175, 240, 92, 236, 242, 59, 29, 18, 241, 222, 154,
52, 49, 253, 147, 246, 13, 150 }
Session ID:  {}
Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA,
TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA,
SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA,
SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA,
SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5,
SSL_RSA_EXPORT_WITH_DES40_CBC_SHA,
SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA,
SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA]
Compression Methods:  { 0 }
***
main, WRITE: TLSv1 Handshake, length = 73
main, WRITE: SSLv2 client hello message, length = 98
main, handling exception: javax.net.ssl.SSLException: Unrecognized SSL
message, plaintext connection?
main, SEND TLSv1 ALERT:  fatal, description = unexpected_message
main, WRITE: TLSv1 Alert, length = 2
main, called closeSocket()
main, called close()
main, called closeInternal(true)
main, SEND TLSv1 ALERT:  warning, description = close_notify
main, WRITE: TLSv1 Alert, length = 18
main, called close()
main, called closeInternal(true)
main, called close()
main, called closeInternal(true)
main, called close()
main, called closeInternal(true)
main, called close()
main, called closeInternal(true)
javax.net.ssl.SSLException: Unrecognized SSL message, plaintext
connection?
	at com.sun.net.ssl.internal.ssl.InputRecord.b(Unknown Source)
	at com.sun.net.ssl.internal.ssl.InputRecord.read(Unknown Source)
	at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(Unknown Source)
	at com.sun.net.ssl.internal.ssl.SSLSocketImpl.j(Unknown Source)
	at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(Unknown Source)
	at com.sun.net.ssl.internal.ssl.AppInputStream.read(Unknown Source)
	at sun.nio.cs.StreamDecoder$CharsetSD.readBytes(Unknown Source)
	at sun.nio.cs.StreamDecoder$CharsetSD.implRead(Unknown Source)
	at sun.nio.cs.StreamDecoder.read(Unknown Source)
	at java.io.InputStreamReader.read(Unknown Source)
	at java.io.BufferedReader.fill(Unknown Source)
	at java.io.BufferedReader.readLine(Unknown Source)
	at java.io.BufferedReader.readLine(Unknown Source)
	at xxx.xxx.xxx.ftps.FTPSClientExample.main(FTPSClientExample.java:20)

svatti@gmail.com wrote:
> Pl find the debug trace below
> The control connection handshake is proper. But the data connection
> handshake is messed up. Pl let me know if you see any pointers.
> 
SNIP
> 

The connection is failing very early on. The Client send its ClientHello 
and expects to get a ServerHello back. This is not happening which 
suggests that the server is using a plain text socket. You could confirm 
this by setting up a trace on the connection using something like 
Ethereal to view the packets exchanged (the connection will not be 
secured at this point so this will not be a problem).

What SFTP server are you using? Is there any way to configure the server 
to use secure/non-secure data channels? Have you tried forcing the 
securing of the data channel using the FTP commands:

PBSZ 0
PROT P

Regards,

Damian.

HI Damien

Thanks very much for the pointer.
I was sending the command much later. I moved it after suucessful
connection and it works fine now.
Thanks a lot again

SV