JDK Tutorials - Herong's Tutorial Examples - v6.32, by Herong Yang
HttpsClient.java Failed with JDK 1.8
This section provides a tutorial example showing HttpsClient.java failed to complete the communication at the application level. But it works with SSL debug mode turned on.
As I mentioned earlier, HttpsClient.java is not working any more with JDK 1.8. Here is what I did on testing HttpsHello.java and HttpsClient.java:
Start HttpsHello.java with 1.8 in a command window:
herong> java HttpsHello Server started: Server socket class: class com.sun.net.ssl.internal.ssl.SSLServerSocketImpl Socket address = 0.0.0.0/0.0.0.0 Socket port = 8888 Need client authentication = false Want client authentication = false Use client mode = false
Then run HttpsClient.java with JDK 13 or higher in another command window:
herong> java -Djavax.net.ssl.trustStore=public.jks HttpsClient.java The default SSL socket factory class: class sun.security.ssl.SSLSocketFactoryImpl Socket class: class sun.security.ssl.SSLSocketImpl Remote address = localhost/127.0.0.1 Remote port = 8888 Local socket address = /127.0.0.1:53682 Local address = /127.0.0.1 Local port = 53682 Need client authentication = false Cipher suite = SSL_NULL_WITH_NULL_NULL Protocol = NONE java.net.SocketException: Socket has been closed or broken at java.base/sun.security.ssl.SSLSocketImpl.startHandshake( SSLSocketImpl.java:436) ...
The SSL Handshake process failed. There were no default cipher suite.
If you run HttpsClient.java with JDK 1.8, you will get a different exception.
herong> java -Djavax.net.ssl.trustStore=public.jks HttpsClient.java The default SSL socket factory class: class sun.security.ssl.SSLSocketFactoryImpl Socket class: class sun.security.ssl.SSLSocketImpl Remote address = localhost/127.0.0.1 Remote port = 8888 Local socket address = /127.0.0.1:61457 Local address = /127.0.0.1 Local port = 61457 Need client authentication = false Cipher suite = TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 Protocol = TLSv1.2 java.net.SocketException: Software caused connection abort: recv failed
The SSL Handshake process went ok. The communication failed at the application level.
However, if I turn on the SSL debug mode on the server side, HttpsHello.java, the communication will work.
Run HttpsHello.java again with SSL debug turned on in the first window:
herong> java -Djavax.net.debug=ssl:record HttpsHello.java *** found key for : my_home chain [0] = [ [ Version: V3 Subject: CN=Herong Yang, OU=My Unit, O=My Org, C=US Signature Algorithm: SHA1withDSA, OID = 1.2.840.10040.4.3 ... Server started: Server socket class: class sun.security.ssl.SSLServerSocketImpl Socket address = 0.0.0.0/0.0.0.0 Socket port = 8888 Need client authentication = false Want client authentication = false Use client mode = false Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 ... Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
Now run HttpsClient.java again in the second window:
herong> java -Djavax.net.ssl.trustStore=public.jks HttpsClient.java The default SSL socket factory class: class sun.security.ssl.SSLSocketFactoryImpl Socket class: class sun.security.ssl.SSLSocketImpl Remote address = localhost/127.0.0.1 Remote port = 8888 Local socket address = /127.0.0.1:61688 Local address = /127.0.0.1 Local port = 61688 Need client authentication = false Cipher suite = TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 Protocol = TLSv1.2 HTTP/1.0 200 OK Content-Type: text/html <html><body>Hello world!</body></html>
As you can see the communication went correctly! I don't know why JDK 1.8 behave differently with SSL debug turned on.
I actually found out the reason why my test programs are working with SSL debug turned on. See the next tutorial for details.
Table of Contents
Date, Time and Calendar Classes
Date and Time Object and String Conversion
Number Object and Numeric String Conversion
Locales, Localization Methods and Resource Bundles
Calling and Importing Classes Defined in Unnamed Packages
HashSet, Vector, HashMap and Collection Classes
Character Set Encoding Classes and Methods
Encoding Conversion Programs for Encoded Text Files
Datagram Network Communication
DOM (Document Object Model) - API for XML Files
DTD (Document Type Definition) - XML Validation
XSD (XML Schema Definition) - XML Validation
XSL (Extensible Stylesheet Language)
Message Digest Algorithm Implementations in JDK
Private key and Public Key Pair Generation
PKCS#8/X.509 Private/Public Encoding Standards
Digital Signature Algorithm and Sample Program
"keytool" Commands and "keystore" Files
KeyStore and Certificate Classes
Secret Key Generation and Management
Cipher - Encryption and Decryption
The SSL (Secure Socket Layer) Protocol
SSL Socket Communication Testing Programs
►HTTPS (Hypertext Transfer Protocol Secure)
HttpsHello.java - HTTPS Server Test Program
HttpsClient.java - HTTPS Client Test Program
►HttpsClient.java Failed with JDK 1.8
HTTPS Server with Expired Certificate
Connecting to HttpsHello.java with IE