HttpsClient.java Failed with JDK 1.8

JDK Tutorials - Herong's Tutorial Examples

∟HTTPS (Hypertext Transfer Protocol Secure)

∟HttpsClient.java Failed with JDK 1.8

This section provides a tutorial example showing HttpsClient.java failed to complete the communication at the application level. But it works with SSL debug mode turned on.

As I mentioned earlier, HttpsClient.java is not working any more with JDK 1.8. Here is what I did on testing HttpsHello.java and HttpsClient.java:

Start HttpsHello.java with 1.8 in a command window:

herong> java HttpsHello

Server started:
Server socket class:
   class com.sun.net.ssl.internal.ssl.SSLServerSocketImpl
   Socket address = 0.0.0.0/0.0.0.0
   Socket port = 8888
   Need client authentication = false
   Want client authentication = false
   Use client mode = false

Then run HttpsClient.java with JDK 13 or higher in another command window:

herong> java -Djavax.net.ssl.trustStore=public.jks HttpsClient.java

The default SSL socket factory class: 
  class sun.security.ssl.SSLSocketFactoryImpl
Socket class: class sun.security.ssl.SSLSocketImpl
   Remote address = localhost/127.0.0.1
   Remote port = 8888
   Local socket address = /127.0.0.1:53682
   Local address = /127.0.0.1
   Local port = 53682
   Need client authentication = false
   Cipher suite = SSL_NULL_WITH_NULL_NULL
   Protocol = NONE
java.net.SocketException: Socket has been closed or broken
  at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(
    SSLSocketImpl.java:436)
  ...

The SSL Handshake process failed. There were no default cipher suite.

If you run HttpsClient.java with JDK 1.8, you will get a different exception.

herong> java -Djavax.net.ssl.trustStore=public.jks HttpsClient.java

The default SSL socket factory class:
   class sun.security.ssl.SSLSocketFactoryImpl
Socket class: class sun.security.ssl.SSLSocketImpl
   Remote address = localhost/127.0.0.1
   Remote port = 8888
   Local socket address = /127.0.0.1:61457
   Local address = /127.0.0.1
   Local port = 61457
   Need client authentication = false
   Cipher suite = TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
   Protocol = TLSv1.2
java.net.SocketException: Software caused connection abort: recv failed

The SSL Handshake process went ok. The communication failed at the application level.

However, if I turn on the SSL debug mode on the server side, HttpsHello.java, the communication will work.

Run HttpsHello.java again with SSL debug turned on in the first window:

herong> java -Djavax.net.debug=ssl:record HttpsHello.java

***
found key for : my_home
chain [0] = [
[
  Version: V3
  Subject: CN=Herong Yang, OU=My Unit, O=My Org, C=US
  Signature Algorithm: SHA1withDSA, OID = 1.2.840.10040.4.3
...

Server started:
Server socket class: class sun.security.ssl.SSLServerSocketImpl
   Socket address = 0.0.0.0/0.0.0.0
   Socket port = 8888
   Need client authentication = false
   Want client authentication = false
   Use client mode = false
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_GCM_SHA384
...
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

Now run HttpsClient.java again in the second window:

herong> java -Djavax.net.ssl.trustStore=public.jks HttpsClient.java

The default SSL socket factory class:
   class sun.security.ssl.SSLSocketFactoryImpl
Socket class: class sun.security.ssl.SSLSocketImpl
   Remote address = localhost/127.0.0.1
   Remote port = 8888
   Local socket address = /127.0.0.1:61688
   Local address = /127.0.0.1
   Local port = 61688
   Need client authentication = false
   Cipher suite = TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
   Protocol = TLSv1.2
HTTP/1.0 200 OK
Content-Type: text/html

<html><body>Hello world!</body></html>