f



SSLException: Unrecognized SSL message, plaintext connection?

Hi All

I am getting the following message when run my application

Caused by: javax.net.ssl.SSLException: Unrecognized SSL message,
plaintext connection?
	at com.sun.net.ssl.internal.ssl.InputRecord.b(Unknown Source)
	at com.sun.net.ssl.internal.ssl.InputRecord.read(Unknown Source)
	at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(Unknown Source)
	at com.sun.net.ssl.internal.ssl.SSLSocketImpl.j(Unknown Source)
	at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(Unknown Source)
	at com.sun.net.ssl.internal.ssl.AppInputStream.read(Unknown Source)
	at sun.nio.cs.StreamDecoder$CharsetSD.readBytes(Unknown Source)
	at sun.nio.cs.StreamDecoder$CharsetSD.implRead(Unknown Source)
	at sun.nio.cs.StreamDecoder.read(Unknown Source)
	at java.io.InputStreamReader.read(Unknown Source)
	at java.io.BufferedReader.fill(Unknown Source)
	at java.io.BufferedReader.readLine(Unknown Source)
	at java.io.BufferedReader.readLine(Unknown Source)

Let me give a brief overview of my application.
This is a FTPS (NOT SFTP) client connecting to the FTP server on port
990. I am trying to connect to the server download the server
certificate and then load it dynamically in the trustmanager and then
do the normal FTP operations.
The application connects fine for downloading the ceritificate,
logging in and getting the initial working directory details. Thereon
any operation throws me this error.

Any ideas are welcome.

Thanks in advance
SV

0
svatti (2)
2/15/2007 4:55:54 AM
comp.lang.java.security 1502 articles. 0 followers. Post Follow

9 Replies
16071 Views

Similar Articles

[PageSpeed] 59

I have gone thru lot of forums and boards. Lot of guys seems to have
this issue, but I havent seen a single solution. I hope some of you
might point me in the right direction. I have gone thru the java
documentation as well to look for the cause of this exception. But
could not get the right pointer to the solution.

By the way I am using JDK1.4.2

With JDK1.4.0 I get the following error

Caused by: javax.net.ssl.SSLException: Unrecognized SSL handshake.
	at com.sun.net.ssl.internal.ssl.InputRecord.read(DashoA6275)
	at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
	at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
	at com.sun.net.ssl.internal.ssl.AppInputStream.read(DashoA6275)
	at sun.nio.cs.StreamDecoder$CharsetSD.readBytes(Unknown Source)
	at sun.nio.cs.StreamDecoder$CharsetSD.implRead(Unknown Source)
	at sun.nio.cs.StreamDecoder.read(Unknown Source)
	at java.io.InputStreamReader.read(Unknown Source)
	at java.io.BufferedReader.fill(Unknown Source)
	at java.io.BufferedReader.readLine(Unknown Source)
	at java.io.BufferedReader.readLine(Unknown Source)

With IBM JDK1.4 I get the following error

Caused by: javax.net.ssl.SSLHandshakeException: unexpected message
	at com.ibm.jsse.bv.a(Unknown Source)
	at com.ibm.jsse.a.a(Unknown Source)
	at com.ibm.jsse.a.read(Unknown Source)
	at sun.nio.cs.StreamDecoder$ConverterSD.implRead(StreamDecoder.java:
325)
	at sun.nio.cs.StreamDecoder.read(StreamDecoder.java:223)
	at java.io.InputStreamReader.read(InputStreamReader.java:208)
	at java.io.BufferedReader.fill(BufferedReader.java:153)
	at java.io.BufferedReader.readLine(BufferedReader.java(Compiled
Code))
	at java.io.BufferedReader.readLine(BufferedReader.java:379)

0
svatti
2/15/2007 5:18:28 AM
svatti@gmail.com wrote:

>This is a FTPS (NOT SFTP) client connecting to the FTP server on port
>990. I am trying to connect to the server download the server
>certificate and then load it dynamically in the trustmanager and then
>do the normal FTP operations.
>The application connects fine for downloading the ceritificate,
>logging in and getting the initial working directory details. Thereon
>any operation throws me this error.
>
>Any ideas are welcome.

I think the problem comes from using a SSLSocket directly. As far as I can 
see in the FTPS RFCs (RFC 2228 and 4217) securing FTP through TLS works 
different from how it works for HTTP (see RFC 2817).

With HTTP client and server exchange a few messages to agree, that they 
will continue with TLS, and then the TLS handshake happens directly, i.e. 
without any interference from the HTTP protocol.

That's different in FTPS, here all communication stays within in the FTPS 
protocol and the TLS handshake is encapsulated within FTPS-ADAT messages 
as Base64 encoded data. This is however not supported by the SSLSocket. 
Instead, at least AFAIK, you have to provide your own FTPS-aware 
implementation of SSLEngine, which in turn uses the wrap/unwrap methods to 
exchange the FTPS-ADAT messages, and also implements all the other 
abstract methods using the appropriate FTPS messages. I assume it's a lot 
of work, so I recommend you try looking for ready-to-use implementation, 
you might even consider to buy one, if you cannot find a free one.

HTH

cu
0
Ralf
2/15/2007 11:12:21 AM
Hi

I am successful in the following operations
- connecting to the server
- adding the server certificate to the client trustmanager dynamically
(without user intervention - that is the requirement here)
- logging into the server
- getting the details of the current working directory

But thereon... any other operation fails with the above exception. Is
it something to to do with the SSLSession. Do I have to do something
on the session?

Thanks again

SV

0
svatti
2/16/2007 7:04:48 AM
To add to the previous post....

After login, I can change/delete/make directory.
But only the list command fails... reading the response from the
server

Thanks
SV


0
svatti
2/16/2007 9:02:40 AM
svatti@gmail.com wrote:
> To add to the previous post....
> 
> After login, I can change/delete/make directory.
> But only the list command fails... reading the response from the
> server
> 
> Thanks
> SV
> 
> 
It appears the SSL handshake is failing on the data connection but why 
this should be I don't know. I assume you are using the old standard of 
FTPS which uses implicit SSL on the control and data channels? If not 
then maybe you need to set the protection level of the data channel 
before performing a command which uses it (get/put/list etc).

You could also try turning on additional SSL tracing to stdout using:

System.setProperty( "javax.net.debug", "ssl");


Regards,

Damian.
0
Dames
2/16/2007 2:36:32 PM
Absolutely Damien

Handshake is failing over Data Connection.
I am using implicit-SSL for connecting to the server.
I will post the debug details shortly

Thanks for the reply

SV

0
svatti
2/19/2007 3:56:36 AM
Pl find the debug trace below
The control connection handshake is proper. But the data connection
handshake is messed up. Pl let me know if you see any pointers.

trigger seeding of SecureRandom
done seeding SecureRandom
%% No cached client session
*** ClientHello, TLSv1
RandomCookie:  GMT: 1155086860 bytes = { 111, 136, 0, 235, 199, 143,
1, 247, 249, 156, 136, 61, 111, 168, 27, 182, 117, 13, 231, 43, 18,
117, 155, 194, 106, 42, 182, 114 }
Session ID:  {}
Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA,
TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA,
SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA,
SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA,
SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5,
SSL_RSA_EXPORT_WITH_DES40_CBC_SHA,
SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA,
SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA]
Compression Methods:  { 0 }
***
main, WRITE: TLSv1 Handshake, length = 73
main, WRITE: SSLv2 client hello message, length = 98
main, READ: TLSv1 Handshake, length = 679
*** ServerHello, TLSv1
RandomCookie:  GMT: 1155086492 bytes = { 45, 247, 177, 187, 98, 111,
81, 10, 115, 20, 232, 54, 21, 116, 16, 209, 63, 230, 34, 24, 80, 180,
83, 21, 100, 102, 125, 93 }
Session ID:  {69, 217, 57, 156, 51, 36, 133, 233, 75, 40, 3, 92, 174,
21, 202, 200, 220, 92, 39, 69, 85, 64, 233, 171, 12, 50, 70, 162, 26,
119, 159, 105}
Cipher Suite: SSL_RSA_WITH_RC4_128_MD5
Compression Method: 0
***
%% Created:  [Session-1, SSL_RSA_WITH_RC4_128_MD5]
** SSL_RSA_WITH_RC4_128_MD5
*** Certificate chain
chain [0] = [
[
  Version: V1
  Subject: CN=XXXXXXXX, OU=XXXXXXXX, O=XXXXXXX, L=XXXXXXXXX, ST=XX,
C=XXXXXX
  Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4

  Key:  SunJSSE RSA public key:
  public exponent:
    010001
  modulus:
    6a5d4621 af4cff83 0c168348 b3e63334 20b2682c f8808497 dcce35b5
6dc381f4
    43dac70c e114379a 282601f3 4375207b 28c10ef0 233383df 55580196
bea889d0
    a2db02d3 66eae648 8c7b07e2 400833ea a114081e 23328a95 68688356
acf9d3eb
    e2801cb5 09efa3a8 86c5dc95 baf14fc5 32786178 465ae53b b08c1660
84f587a5
  Validity: [From: Fri Dec 15 00:19:33 GMT+05:30 2006,
               To: Mon Dec 14 00:19:33 GMT+05:30 2009]
  Issuer: CN=XXXXXXXX, OU=XXXXXXXX, O=XXXXXXX, L=XXXXXXXXX, ST=XX,
C=XXXXXX
  SerialNumber: [    45819cbd]

]
  Algorithm: [MD5withRSA]
  Signature:
0000: 67 2A 4B 6A C8 98 3D ED   94 C1 30 CE FE 84 38 17  g*Kj..=...
0...8.
0010: D1 30 20 E0 9E D9 D2 ED   8B E3 11 55 1B 6C A8 39  .
0 ........U.l.9
0020: F2 99 4A D6 57 5C 19 8D   9D A6 5E B0 EC 51 B5 32  ..J.W
\....^..Q.2
0030: AB C5 06 FE C8 7D 5E E6   A4 37 E2 0C 36 2D 7A 82  ......^..7..6-
z.
0040: B5 D5 0A 33 CC EC 53 26   56 74 88 A1 49 AF F1 9A  ...
3..S&Vt..I...
0050: D3 C3 66 B5 F8 6C 71 88   27 82 35 71 DD EF F8 4C  ..f..lq.'.
5q...L
0060: 85 A4 57 EF 2B 00 86 05   3E A2 43 B4 2E CC 85 A5  ..W.
+...>.C.....
0070: 9D 8A C8 9B B2 EA 3C 65   30 03 35 0B D2 41 F6
2A  ......<e0.5..A.*

]
***
*** ServerHelloDone
JsseJCE: Using JSSE internal implementation for cipher RSA/ECB/
PKCS1Padding
*** ClientKeyExchange, RSA PreMasterSecret, TLSv1
Random Secret:  { 3, 1, 110, 126, 187, 22, 78, 149, 225, 0, 137, 65,
172, 116, 122, 6, 57, 225, 70, 2, 26, 255, 170, 0, 207, 46, 198, 190,
76, 55, 64, 158, 127, 52, 227, 157, 115, 59, 161, 156, 221, 228, 123,
204, 174, 17, 200, 13 }
main, WRITE: TLSv1 Handshake, length = 134
SESSION KEYGEN:
PreMaster Secret:
0000: 03 01 6E 7E BB 16 4E 95   E1 00 89 41 AC 74 7A
06  ..n...N....A.tz.
0010: 39 E1 46 02 1A FF AA 00   CF 2E C6 BE 4C 37 40 9E
9.F.........L7@.
0020: 7F 34 E3 9D 73 3B A1 9C   DD E4 7B CC AE 11 C8 0D  .
4..s;..........
CONNECTION KEYGEN:
Client Nonce:
0000: 45 D9 3A 0C 6F 88 00 EB   C7 8F 01 F7 F9 9C 88 3D
E.:.o..........=
0010: 6F A8 1B B6 75 0D E7 2B   12 75 9B C2 6A 2A B6 72  o...u..
+.u..j*.r
Server Nonce:
0000: 45 D9 39 9C 2D F7 B1 BB   62 6F 51 0A 73 14 E8 36  E.
9.-...boQ.s..6
0010: 15 74 10 D1 3F E6 22 18   50 B4 53 15 64 66 7D
5D  .t..?.".P.S.df.]
Master Secret:
0000: BC 6E D8 B9 B4 48 FF 68   77 0C ED 31 01 29 96 BC  .n...H.hw..
1.)..
0010: 1A DE C9 E6 09 D0 98 B3   1F AE AC 40 22 FB 32 AA  ...........@".
2.
0020: 92 FA 69 5A 9F D6 62 0F   5F 8F 4D 85 FF 56 5F
F8  ..iZ..b._.M..V_.
Client MAC write Secret:
0000: AB D2 17 06 39 01 A8 CF   3A 85 13 11 B7 6F 84 27  ....
9...:....o.'
Server MAC write Secret:
0000: A5 FA 6D 0A DD 4D 7B AC   8A F4 C7 4C 75 38 DD
77  ..m..M.....Lu8.w
Client write key:
0000: 17 7D A4 B9 D6 0A B4 39   2A 54 0A E1 D1 9E 99 4C  .......
9*T.....L
Server write key:
0000: 99 09 7A 1B D2 91 EA 5B   A6 79 AD 25 E3 EF 50 3A  ..z....[.y.
%..P:
.... no IV for cipher
main, WRITE: TLSv1 Change Cipher Spec, length = 1
JsseJCE: Using JSSE internal implementation for cipher RC4
*** Finished
verify_data:  { 191, 175, 96, 88, 3, 207, 223, 205, 8, 95, 26, 156 }
***
main, WRITE: TLSv1 Handshake, length = 32
main, READ: TLSv1 Change Cipher Spec, length = 1
JsseJCE: Using JSSE internal implementation for cipher RC4
main, READ: TLSv1 Handshake, length = 32
*** Finished
verify_data:  { 25, 77, 240, 210, 123, 172, 186, 59, 206, 95, 247,
206 }
***
%% Cached client session: [Session-1, SSL_RSA_WITH_RC4_128_MD5]
%% Invalidated:  [Session-1, SSL_RSA_WITH_RC4_128_MD5]
main, called close()
main, called closeInternal(true)
main, SEND TLSv1 ALERT:  warning, description = close_notify
main, WRITE: TLSv1 Alert, length = 18
trigger seeding of SecureRandom
done seeding SecureRandom
setSoTimeout(2000) called
%% No cached client session
*** ClientHello, TLSv1
RandomCookie:  GMT: 1155086862 bytes = { 183, 59, 145, 120, 72, 186,
6, 217, 240, 60, 97, 121, 168, 36, 35, 20, 16, 15, 130, 102, 69, 175,
98, 239, 51, 72, 232, 130 }
Session ID:  {}
Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA,
TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA,
SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA,
SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA,
SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5,
SSL_RSA_EXPORT_WITH_DES40_CBC_SHA,
SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA,
SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA]
Compression Methods:  { 0 }
***
main, WRITE: TLSv1 Handshake, length = 73
main, WRITE: SSLv2 client hello message, length = 98
main, READ: TLSv1 Handshake, length = 679
*** ServerHello, TLSv1
RandomCookie:  GMT: 1155086494 bytes = { 108, 44, 160, 233, 211, 242,
86, 241, 156, 22, 118, 242, 46, 253, 63, 244, 148, 9, 75, 97, 73, 49,
41, 150, 27, 22, 34, 123 }
Session ID:  {69, 217, 57, 158, 183, 94, 29, 30, 174, 215, 115, 194,
22, 28, 19, 15, 32, 20, 233, 100, 120, 63, 127, 167, 124, 153, 216,
181, 90, 150, 6, 61}
Cipher Suite: SSL_RSA_WITH_RC4_128_MD5
Compression Method: 0
***
%% Created:  [Session-2, SSL_RSA_WITH_RC4_128_MD5]
** SSL_RSA_WITH_RC4_128_MD5
*** Certificate chain
chain [0] = [
[
  Version: V1
  Subject: CN=XXXXXXXX, OU=XXXXXXXX, O=XXXXXXX, L=XXXXXXXXX, ST=XX,
C=XXXXXX
  Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4

  Key:  SunJSSE RSA public key:
  public exponent:
    010001
  modulus:
    6a5d4621 af4cff83 0c168348 b3e63334 20b2682c f8808497 dcce35b5
6dc381f4
    43dac70c e114379a 282601f3 4375207b 28c10ef0 233383df 55580196
bea889d0
    a2db02d3 66eae648 8c7b07e2 400833ea a114081e 23328a95 68688356
acf9d3eb
    e2801cb5 09efa3a8 86c5dc95 baf14fc5 32786178 465ae53b b08c1660
84f587a5
  Validity: [From: Fri Dec 15 00:19:33 GMT+05:30 2006,
               To: Mon Dec 14 00:19:33 GMT+05:30 2009]
  Issuer: CN=XXXXXXXX, OU=XXXXXXXX, O=XXXXXXX, L=XXXXXXXXX, ST=XX,
C=XXXXXX
  SerialNumber: [    45819cbd]

]
  Algorithm: [MD5withRSA]
  Signature:
0000: 67 2A 4B 6A C8 98 3D ED   94 C1 30 CE FE 84 38 17  g*Kj..=...
0...8.
0010: D1 30 20 E0 9E D9 D2 ED   8B E3 11 55 1B 6C A8 39  .
0 ........U.l.9
0020: F2 99 4A D6 57 5C 19 8D   9D A6 5E B0 EC 51 B5 32  ..J.W
\....^..Q.2
0030: AB C5 06 FE C8 7D 5E E6   A4 37 E2 0C 36 2D 7A 82  ......^..7..6-
z.
0040: B5 D5 0A 33 CC EC 53 26   56 74 88 A1 49 AF F1 9A  ...
3..S&Vt..I...
0050: D3 C3 66 B5 F8 6C 71 88   27 82 35 71 DD EF F8 4C  ..f..lq.'.
5q...L
0060: 85 A4 57 EF 2B 00 86 05   3E A2 43 B4 2E CC 85 A5  ..W.
+...>.C.....
0070: 9D 8A C8 9B B2 EA 3C 65   30 03 35 0B D2 41 F6
2A  ......<e0.5..A.*

]
***
*** ServerHelloDone
JsseJCE: Using JSSE internal implementation for cipher RSA/ECB/
PKCS1Padding
*** ClientKeyExchange, RSA PreMasterSecret, TLSv1
Random Secret:  { 3, 1, 186, 219, 7, 135, 115, 151, 104, 176, 84, 47,
243, 241, 171, 40, 206, 199, 16, 248, 153, 62, 193, 45, 146, 46, 102,
56, 62, 231, 31, 223, 100, 101, 153, 113, 158, 91, 34, 252, 160, 157,
158, 6, 212, 222, 105, 191 }
main, WRITE: TLSv1 Handshake, length = 134
SESSION KEYGEN:
PreMaster Secret:
0000: 03 01 BA DB 07 87 73 97   68 B0 54 2F F3 F1 AB
28  ......s.h.T/...(
0010: CE C7 10 F8 99 3E C1 2D   92 2E 66 38 3E E7 1F
DF  .....>.-..f8>...
0020: 64 65 99 71 9E 5B 22 FC   A0 9D 9E 06 D4 DE 69 BF  de.q.
[".......i.
CONNECTION KEYGEN:
Client Nonce:
0000: 45 D9 3A 0E B7 3B 91 78   48 BA 06 D9 F0 3C 61 79
E.:..;.xH....<ay
0010: A8 24 23 14 10 0F 82 66   45 AF 62 EF 33 48 E8 82  .$#....fE.b.
3H..
Server Nonce:
0000: 45 D9 39 9E 6C 2C A0 E9   D3 F2 56 F1 9C 16 76 F2  E.
9.l,....V...v.
0010: 2E FD 3F F4 94 09 4B 61   49 31 29 96 1B 16 22
7B  ..?...KaI1)...".
Master Secret:
0000: D2 A3 90 F7 EF 57 21 EA   36 8C 87 87 60 45 2F C3  .....W!.
6...`E/.
0010: 2E F9 9D 70 13 D5 46 EB   DC C6 73 70 EF 94 EB
59  ...p..F...sp...Y
0020: 8B D1 1E 34 CF E8 CF 48   96 7C 48 39 7F 2A 70 51  ...
4...H..H9.*pQ
Client MAC write Secret:
0000: 87 68 CD F7 CB 37 08 1F   19 B2 82 2C 07 4A 8A 64  .h...
7.....,.J.d
Server MAC write Secret:
0000: 5E 09 3F 78 91 B4 48 C3   69 94 20 24 B8 B6 8D F4  ^.?x..H.i.
$....
Client write key:
0000: 1E 5E 67 09 2C CD ED A9   CD 7E CA F7 95 AC 32 DA  .^g.,.........
2.
Server write key:
0000: 21 5B 8B 68 B4 CB EC FC   8B BF BB 3C 69 08 77 75  !
[.h.......<i.wu
.... no IV for cipher
main, WRITE: TLSv1 Change Cipher Spec, length = 1
JsseJCE: Using JSSE internal implementation for cipher RC4
*** Finished
verify_data:  { 229, 206, 100, 121, 133, 21, 49, 18, 81, 144, 164,
28 }
***
main, WRITE: TLSv1 Handshake, length = 32
main, READ: TLSv1 Change Cipher Spec, length = 1
JsseJCE: Using JSSE internal implementation for cipher RC4
main, READ: TLSv1 Handshake, length = 32
*** Finished
verify_data:  { 214, 92, 134, 169, 255, 74, 248, 219, 138, 172, 158,
198 }
***
%% Cached client session: [Session-2, SSL_RSA_WITH_RC4_128_MD5]
setSoTimeout(2000) called
setSoTimeout(0) called
main, READ: TLSv1 Application Data, length = 61
main, READ: TLSv1 Application Data, length = 71
main, WRITE: TLSv1 Application Data, length = 36
main, READ: TLSv1 Application Data, length = 61
main, WRITE: TLSv1 Application Data, length = 37
main, READ: TLSv1 Application Data, length = 71
main, READ: TLSv1 Application Data, length = 22
main, READ: TLSv1 Application Data, length = 22
main, READ: TLSv1 Application Data, length = 87
main, READ: TLSv1 Application Data, length = 87
main, READ: TLSv1 Application Data, length = 22
main, READ: TLSv1 Application Data, length = 77
main, READ: TLSv1 Application Data, length = 76
main, READ: TLSv1 Application Data, length = 79
main, READ: TLSv1 Application Data, length = 78
main, READ: TLSv1 Application Data, length = 22
main, READ: TLSv1 Application Data, length = 87
main, READ: TLSv1 Application Data, length = 87
main, READ: TLSv1 Application Data, length = 22
main, READ: TLSv1 Application Data, length = 44
main, READ: TLSv1 Application Data, length = 89
main, READ: TLSv1 Application Data, length = 63
main, READ: TLSv1 Application Data, length = 22
main, READ: TLSv1 Application Data, length = 48
main, WRITE: TLSv1 Application Data, length = 29
main, READ: TLSv1 Application Data, length = 44
main, WRITE: TLSv1 Application Data, length = 22
main, READ: TLSv1 Application Data, length = 37
main, WRITE: TLSv1 Application Data, length = 29
main, READ: TLSv1 Application Data, length = 44
main, WRITE: TLSv1 Application Data, length = 22
main, READ: TLSv1 Application Data, length = 35
main, WRITE: TLSv1 Application Data, length = 40
main, READ: TLSv1 Application Data, length = 46
main, WRITE: TLSv1 Application Data, length = 22
main, READ: TLSv1 Application Data, length = 69
%% No cached client session
*** ClientHello, TLSv1
RandomCookie:  GMT: 1155086872 bytes = { 130, 77, 150, 77, 223, 150,
17, 36, 24, 182, 175, 240, 92, 236, 242, 59, 29, 18, 241, 222, 154,
52, 49, 253, 147, 246, 13, 150 }
Session ID:  {}
Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA,
TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA,
SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA,
SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA,
SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5,
SSL_RSA_EXPORT_WITH_DES40_CBC_SHA,
SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA,
SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA]
Compression Methods:  { 0 }
***
main, WRITE: TLSv1 Handshake, length = 73
main, WRITE: SSLv2 client hello message, length = 98
main, handling exception: javax.net.ssl.SSLException: Unrecognized SSL
message, plaintext connection?
main, SEND TLSv1 ALERT:  fatal, description = unexpected_message
main, WRITE: TLSv1 Alert, length = 2
main, called closeSocket()
main, called close()
main, called closeInternal(true)
main, SEND TLSv1 ALERT:  warning, description = close_notify
main, WRITE: TLSv1 Alert, length = 18
main, called close()
main, called closeInternal(true)
main, called close()
main, called closeInternal(true)
main, called close()
main, called closeInternal(true)
main, called close()
main, called closeInternal(true)
javax.net.ssl.SSLException: Unrecognized SSL message, plaintext
connection?
	at com.sun.net.ssl.internal.ssl.InputRecord.b(Unknown Source)
	at com.sun.net.ssl.internal.ssl.InputRecord.read(Unknown Source)
	at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(Unknown Source)
	at com.sun.net.ssl.internal.ssl.SSLSocketImpl.j(Unknown Source)
	at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(Unknown Source)
	at com.sun.net.ssl.internal.ssl.AppInputStream.read(Unknown Source)
	at sun.nio.cs.StreamDecoder$CharsetSD.readBytes(Unknown Source)
	at sun.nio.cs.StreamDecoder$CharsetSD.implRead(Unknown Source)
	at sun.nio.cs.StreamDecoder.read(Unknown Source)
	at java.io.InputStreamReader.read(Unknown Source)
	at java.io.BufferedReader.fill(Unknown Source)
	at java.io.BufferedReader.readLine(Unknown Source)
	at java.io.BufferedReader.readLine(Unknown Source)
	at xxx.xxx.xxx.ftps.FTPSClientExample.main(FTPSClientExample.java:20)

0
svatti
2/19/2007 6:23:53 AM
svatti@gmail.com wrote:
> Pl find the debug trace below
> The control connection handshake is proper. But the data connection
> handshake is messed up. Pl let me know if you see any pointers.
> 
SNIP
> 

The connection is failing very early on. The Client send its ClientHello 
and expects to get a ServerHello back. This is not happening which 
suggests that the server is using a plain text socket. You could confirm 
this by setting up a trace on the connection using something like 
Ethereal to view the packets exchanged (the connection will not be 
secured at this point so this will not be a problem).

What SFTP server are you using? Is there any way to configure the server 
to use secure/non-secure data channels? Have you tried forcing the 
securing of the data channel using the FTP commands:

PBSZ 0
PROT P

Regards,

Damian.
0
Dames
2/19/2007 1:30:21 PM
HI Damien

Thanks very much for the pointer.
I was sending the command much later. I moved it after suucessful
connection and it works fine now.
Thanks a lot again

SV

0
svatti
2/20/2007 3:29:07 AM
Reply:

Similar Artilces:

javax.net.ssl.SSLException: Unrecognized SSL message
I am trying to instantiate a simple SSL client socket(connection to an SSH port on a linux host (port 22) but get the below exception : "javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection?". I am using the default factory (javax.net.ssl.SSLSocketFactory) to create the SSLSocket (javax.net.ssl.SSLSocket). I am not enabling any specific cipher suite. I tried enabling each of the protocols (SSLv2Hello, SSLv3, TLSv1) separately - but still the same problem. I put some debug print statements to print the enabled cipher suites and I notice the most common cipher s...

java.lang.NullPointerException
>>>>>Hi! >>>>> >>>>>We are experiencing problems on a live application and are getting intermittent errors. The stack trace is as follows. As the system is live, this is urgent. >>>>> >>>>>java.lang.NullPointerException >>>>> at org.postgresql.Connection.ExecSQL(Connection.java:312) >>>>> at org.postgresql.jdbc2.Connection.setAutoCommit(Connection.java:141) >>>>> at org.enhydra.jdbc.standard.StandardXADataSource.getFreeConnection(StandardXADataSource.jav...

java.lang.NoSuchMethodException when trying to connect to DB2 with a connection pool
Hi, I've set up a DB2 8 database and I'm trying to connect to it with Sun ONE webserver 6.1 on AIX 5.2. When I test the webapp I get "auth failed server does not support this method/mechanism". After looking into it I found out the server only allows "Username only authentication" After adding "SecurityMechanism" to the Connection Pool parameters I get java.lang.NoSuchMethodException: com.ibm.db2.jcc.DB2SimpleDataSource.setSecurityMechanism(boolean). I'm not sure why it's sending the 4 as a boolean rather than as an int or short. ...

SSL Connection java
Hi, I need access As400 data with jdbc connection by Internet. I would like to use SSL connection. Presently, I have a connection to my as400 with the toolbox java. My code for this connection is: Class.forName("com.ibm.as400.access.AS400JDBCDriver").newInstance(); url = "jdbc:as400://999.999.9.999"; DriverManager.registerDriver(new com.ibm.as400.access.AS400JDBCDriver()); Connection conAs400 = null; conAs400 = DriverManager.getConnection(url, username, password); java.sql.Statement st400 = conAs400.createStatement(); My question: How can I integred security SS...

java.lang.ExceptionInInitializerError: java.lang.ArrayIndexOutOfBoundsException
Hi, I am new to DB2. I am getting this error while loading the DB2Driver. I don't have any idea about where i might have gone wrong. please help me. Below is the stack trace. Stack Trace: java.lang.ExceptionInInitializerError: java.lang.ArrayIndexOutOfBoundsException at COM.ibm.db2.jdbc.app.DB2Driver.SQLAllocEnv(Native Method) at COM.ibm.db2.jdbc.app.DB2Driver.<init>(DB2Driver.java:245) at COM.ibm.db2.jdbc.app.DB2Driver.<clinit>(DB2Driver.java:130) at java.lang.Class.forName0(Native Method) at java.lang.Class.forName(Class.java:120) Thanks in advance, Ganesh Majji ganesh.m@gmail.com wrote: > I am new to DB2. I am getting this error while loading the DB2Driver. I > don't have any idea about where i might have gone wrong. please help > me. Unfortunately my crystal bowl stays dark because you didn't mentioned your operating system and which DB2 version you're using. For Windows, *nix and OS/2 please ensure that your application is using the db2java.zip from SQLLIB\java. Check if there are multiple db2jdbc.dll on your system, remove any extra db2jdbc.dll files on the system. Ensure that you can connect to DB2 with the DB2 workstation tools from your machine. sorry for not mentioning the system details. Operation System is SunOS (Solaris) and DB2 SDK 8.2.2 Thank you very much for the kind response, Ganesh Bernd Hohmann wrote: > ganesh.m@gmail...

java.lang.StringIndexOutOfBoundsException: String index out of range: 23 at java.lang.String.charAt(String.java:460)
Hi All I am having the torque3.1.jar and postgresql-7.4. I have compiled the new jdbc driver called as postgresql.jar and have placed it in the lib directory from where the ant scripts catch the jars. Whenever i try to access through torque gestList = BaseGestlistPeer.doSelect(new Criteria()); this error arises java.lang.StringIndexOutOfBoundsException: String index out of range: 23 at java.lang.String.charAt(String.java:460) at org.postgresql.jdbc2.ResultSet.toTimestamp(ResultSet.java:1653) at org.postgresql.jdbc2.ResultSet.getTimestamp(ResultSet.java...

java.lang.Set with elements of type java.lang.Set
Roughly I do something along the lines of: Set set = new HashSet(); Set elem = new HashSet(); set.add(elem); // now we change the elem and add it again to the set elem.add(some object here); set.add(elem); I found out the hard way that 'set' may now contain 'elem' either once or twice, the reason being that 'elem.add()' changes the hashCode of elem such that it is not noticed that it is in 'set' already on the 2nd 'set.add()'. Question: What I would actually want is an IdentityHashSet() set = new IdentityHashSet() but this does not...

Secure ssl connection with wrap_socket
Hi, I'm a new python user and I'm writing a small web service with ssl. I want use a self-signed certificate like in wiki: http://docs.python.org/dev/library/ssl.html#certificates I've used wrap_socket, but if i try to use cert_reqs=ssl.CERT_REQUIRED, it doesn't work with error: urllib2.URLError: <urlopen error _ssl.c:326: No root certificates specified for verification of other-side certificates.> It works only with CERT_NONE (the default) but with this option i could access to the service in insicure mode. Have you some suggestions for my service? Thanks. Regards. ...

java.security.acl.Permission vs java.security.Permission
Hi Interfaces in java.security.acl package accept java.security.acl.Permission interface as their parameters, not java.security.Permission. Why is it so? Why there are two different Permissions which are seem to be related, and can be one. Amir Pashazadeh ...

SSL Server authentication, SSL client authentication, SSL connection and SSL session
Can someone please define these terms as I am struggling to find anything on the internet about them? SSL Server authentication SSL client authentication SSL connection SSL session. Thank you, Johnny. "Johnny" <John@adventnoSpam.com> wrote > Can someone please define these terms as I am struggling to find anything > on the internet about them? > > SSL Server authentication > SSL client authentication and how the above two are performed. Thanks, Johnny. "Johnny" <John@adventnoSpam.com> writes: >Can someone please define these te...

to use import java.lang.* or import java.lang.Math or none at all?
Hi guys, i knew that by default all java.lang classes will be imported by the compiler during compilation. but, to make it easier for the computer, should i specify which class i really will be using? does this action will boost the performance during compilation and runtime or not a matter at all? the answer to this post will definitely affect my programming style in the future when i'm considering "to import or not to import"... hmm,,, thanks in advance. JPractitioner wrote: > i knew that by default all java.lang classes will be imported by the > compiler during compilation. but, to make it easier for the computer, > should i specify which class i really will be using? does this action > will boost the performance during compilation and runtime or not a > matter at all? Whether and how you import classes has exactly zero effect at runtime. Imports (with or without wildcards) are only a kind of abbreviation provided by the compiler to save us the effort of typing in fully-qualified type names every time. In theory explicit importing should make compilation faster -- by a very tiny amount. I've never heard anyone claim that they've even managed to measure a difference let alone found a case where it made a practical difference. So the question comes down to how to write your code for maximum clarity. One school of thought asserts that you should always import each class explicitly (rather than by a wildcard). There's a fai...

Error occurred during intialization of VM java/lang/NoClassDefFoundError: java/lang/Object
Good day to all, I have installed the j2se/netbeans binary bundle on red hat 9. I can run everything perfectly as root but when I try to compile with any other user I get: Error occurred during intialization of VM java/lang/NoClassDefFoundError: java/lang/Object When I saw this it seemed like a permissions problem but I checked the permissions and everything seemed fine. All users have execute permissions of javac and java. I have read other threads dealing with the same or similar problem but have not reached any solution yet. I would appreciate if anyone that has run into this type o...

Error occurred during initialization of VM java/lang/NoClassDefFoundError: java/lang/Object
I downloaded jdk-6u7-solaris-sparcv9.tar.Z and installed it by these commands: # zcat jdk-6u7-solaris-sparc.tar.Z | tar -xf - # pkgadd -d . SUNWj6rtx SUNWj6dvx SUNWj6dmx # /usr/jdk/instances/jdk1.6.0/bin/sparcv9/java -version Error occurred during initialization of VM java/lang/NoClassDefFoundError: java/lang/Object # ls /usr/jdk/instances/ jdk1.5.0 jdk1.6.0 # uname -a SunOS sun1 5.10 Generic sun4u sparc SUNW,Sun-Blade-2500 Please help to fix the error. Thanks. TsanChung wrote: > I downloaded jdk-6u7-solaris-sparcv9.tar.Z and installed it by these > commands: > # zcat jdk-6u7-solaris-sparc.tar.Z | tar -xf - > # pkgadd -d . SUNWj6rtx SUNWj6dvx SUNWj6dmx > > # /usr/jdk/instances/jdk1.6.0/bin/sparcv9/java -version > Error occurred during initialization of VM > java/lang/NoClassDefFoundError: java/lang/Object It's missing or can't find rt.jar, right? How does the Solaris version find it's runtime files? Can you show us where rt.jar is? On Aug 20, 6:24=A0pm, Mark Space <marksp...@sbc.global.net> wrote: > TsanChung wrote: > > I downloaded jdk-6u7-solaris-sparcv9.tar.Z and installed it by these > > commands: > > # zcat jdk-6u7-solaris-sparc.tar.Z | tar -xf - > > # pkgadd -d . SUNWj6rtx SUNWj6dvx SUNWj6dmx > > > # /usr/jdk/instances/jdk1.6.0/bin/sparcv9/java -version > > Error occurred during initialization of VM > > java/lang/NoClassDefFoundError: java/lang/Object > > It'...

Using GNUS with SSL secure connection
I'm new to this gnus stuff, and I want to know how to read newsgroups off of a server that requires a secure connection and login. Suppose there is a server news.blah.blah that requires SSL to connect as well as a username and password. How do I set up GNUS to read groups from this server? I'm using emacs in MS Windows XP. ...

Problem to Connect to SSL address with Java
Hi together! I have a problem to create a SSL connection to a webaddress. The program worked until three days ago. Since then I get the following error when I try to connect: javax.net.ssl.SSLHandshakeException: Certificate is not signed by a trusted certificate authority. at java.lang.Throwable.<init>(Throwable.java:195) at java.io.IOException.<init>(IOException.java:40) at javax.net.ssl.SSLHandshakeException.<init>(Unknown Source) at com.ibm.as400.ibmonly.net.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1736) at com.ibm.as400.ibmonly.net.ssl.SSLSocketImpl.writ...

secure soap connection where server is in java ?
I have been trying to figure out apache/rampart soap security. We have a soap server in java and the client is PHP. I just read this article which concerns me because it seems to imply rampart/java won't work with PHP. Are there any other good solutions, particularly simple ones ? I have been trying to get rampart/java working for the past 3 days and haven't even gotten to the PHP client part as of yet, then it occured to me to do a google search to see if the client being in PHP might be an issue: in interview from this past february: http://wso2.org/library/805 OT: There is al...

CheckBox in Column of JTable: Exception: java.lang.String cannot be cast to java.lang.Boolean
Hello, I have discovered a hidden error. My project was working for awhile, but then I started to get the below error. My error comes from the fact that I'm using a checkbox in a jtable, and I'm using the below "getColumnClass". Thank you, compile: run: Exception in thread "AWT-EventQueue-0" java.lang.ClassCastException: java.lang.String cannot be cast to java.lang.Boolean at javax.swing.JTable$BooleanRenderer.getTableCellRendererComponent(JTable.java:5412) at javax.swing.JTable.prepareRenderer(JTable.java:5735) at javax.swing.plaf.basic.BasicTableU...

java.lang.NoClassDefFoundError: java.lang.NoClassDefFoundError: org/apache/commons/logging/LogFactory
Hi, I'm trying to use the httpclient within Jython (see http://jakarta.apache.org/commons/httpclient/ for more information on the httpclient). My Jython version is: Jython 2.1 on java1.4.2_04 (JIT: null) My Java version is: java version "1.4.2_04" Java(TM) 2 Runtime Environment, Standard Edition (build 1.4.2_04-b05) Java HotSpot(TM) Client VM (build 1.4.2_04-b05, mixed mode) My CLASSPATH includes: jdom.jar xerces.jar jython.jar jt400.jar log4j-1.2.8.jar commons-httpclient-2.0.jar When I just try to perform the import statements from example code I get the error pasted below....

java.security.NoSuchAlgorithmException: using SSL with Webtest
what usually causes a java.security.NoSuchAlgorithmException? i am getting this while trying to run WebTest with SSL. so, if there is anyone out there using SSL and webtest i would appreciate the help on the problem listed below. Thanks. --- I read the introduction on maven-plugins page (<http://maven-plugins.sourceforge.net/webtest/ssl.html>). I've saved the certificate from server and create the "trust.keystore". I changed the config file and start to invoke a SSL page, but it didn't run. I think I have problems with the two properties which I should create <pro...

Exception message from java: MathLink connection was lost.
Hello, I wrote a java program (which runs some calculation on math kernel) with JLink interface but it crashes regularly and randomly with the exception: "Exception message: MathLink connection was lost. Exception class: com.wolfram.jlink.MathLinkException Exception cause: null". My system: winXP(prof), Mathematica 7.0.1. I decided that the problem is with JLinkNativeLibrary.dll (which loads during JLink load) and I recompile it for my machine (the only warnings were the followings: "JLinkNativeLibrary.c: In function `Java_com_wolfram_jlink_NativeLink_getNative...

Securing a multiprocessing.BaseManager connection via SSL
Hi, how can I secure the communication between two BaseManager objects? Regarding the socket/SSL documentation I just need to secure the socket by SSL. How can i get the socket object within the multiprocessing module? Best regards, Jonas In article <f788be3b-62cd-4545-9ba8-50b7eaea0556@p8g2000yqb.googlegroups.com>, Jonas <jonas.weismueller@gmail.com> wrote: > >how can I secure the communication between two BaseManager objects? >Regarding the socket/SSL documentation I just need to secure the socket >by SSL. How can i get the socket object within the multiprocessing...

Secure connection to a SQL database from a Java client
Hi, I am currently undertaking a software project that will require secure connection from a Java UI client to an SQL database located on a different machine. I have been researching possible solutions to this and would like your opinion on the following: 1. Client software on a remote computer opens a secure connection to the server machine running at a prespecified IP. 2. A further Java program acts as a server on the machine holding the database, this program decrypts commands sent from the client software, communicates with the SQL database and sends back encrypted data. Would there be easier ways of doing this and will it be simple to implement user name/password verification in the server software? Thanks in advance for your help! Joe It seems as a natural way to solving that problem, but you need SSL so you must use J2EE as I know. I'm currently trying to use J2EE for some JSP/servlet and it seems very complicated to me. "Jo3" <scfcnospam@yahoo.com> wrote: > I am currently undertaking a software project that will require secure > connection from a Java UI client to an SQL database located on a different > machine. I have been researching possible solutions to this and would like > your opinion on the following: > > 1. Client software on a remote computer opens a secure connection to the > server machine running at a prespecified IP. > 2. A further Java program acts as a server on ...

[ace-users] ACE SSL connect: Socket handle leak when connecting to an unreachable SSL endpoint
This is a multi-part message in MIME format. ------=_NextPart_000_0044_01CF317F.636F4D40 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable ACE VERSION: 6.1.4 HOST MACHINE and OPERATING SYSTEM: If on Windows based OS's, which version of WINSOCK do you use?: Windows 7, Winsock2 TARGET MACHINE and OPERATING SYSTEM, if different from HOST: COMPILER NAME AND VERSION (AND PATCHLEVEL): THE $ACE_ROOT/ace/config.h FILE : config-win32.h THE $ACE_ROOT/include/makeinclude/platform_macros.GNU FILE ]: not = used CONTENTS OF $ACE_ROOT/bin/MakeProjectCreator/config/default.features (used by MPC when you generate your own makefiles): AREA/CLASS/EXAMPLE AFFECTED: Open SSL connection on an unreachable endpoint DOES THE PROBLEM AFFECT: EXECUTION : socket handle leak SYNOPSIS: Opening an SSL connection to an unreachable endpoint leads to a timeout. But the used TCP socket remains unclosed and its handle leaks. Within programs running for a long time periodical connection retries=20 make socket resources to run out. DESCRIPTION: The following test code shows the problem: #include <ace/SSL/SSL_SOCK_Stream.h> #include <ace/Connector.h> #include <ace/SSL/SSL_SOCK_Connector.h> #include <sstream> class ConnHandler : public ACE_Svc_Handler <ACE_SSL_SOCK_Stream, ACE_MT_SYNCH> { public: ...

IE PDF SSL Security popup message
Hello All, I have a site written in ASP/VB COM and setup completly over https. Browser is IE 6. I am doing a post from one page to another using document.formname.submit. This works fine throughout the system. In one of the ASP pages a pdf is displayed with content(inline). So when the post is done to this page, the "The page contains secure and insecure items. Do you want to display the non-secure items." message gets displayed. Irrespective of selection of "Yes" or "No" the pdf is displayed correctly. Any ideas how i can fix this problem. Thanks in advance....

Web resources about - SSLException: Unrecognized SSL message, plaintext connection? - comp.lang.java.security

Resources last updated: 3/7/2016 7:08:43 PM