Java Solaris Communities Sun Store Join SDN My Profile Why Join?
» search tips 
Sun Developer Network
Developers Home > Products & Technologies > Java Technology > Community > Bug Database >
Join SDNWhy Join
 
Bug Database
Bug Detail
Quick Lists
Top 25 Bugs
Top 25 RFE's
Recently Closed Bugs
Printable Page Printable Page


Bug Database
Welcome
 
»  Login
»  Report a Bug
»  FAQs
  Bug Watch List:
» Watch this Bug
 Bug Votes:
 This bug is Closed.You cannot Vote for it.
Bug ID: 4470673
Votes 0
Synopsis JDK 1.4 Https cannot connect to Lotus Notes web server
Category jsse:runtime
Reported Against merlin-beta
Release Fixed
State 11-Closed, duplicate of 4273544, bug
Priority: 3-Medium
Related Bugs 4273544
Submit Date 15-JUN-2001
Description 




java version "1.4.0-beta"
Java(TM) 2 Runtime Environment, Standard Edition (build 1.4.0-beta-b65)
Java HotSpot(TM) Client VM (build 1.4.0-beta-b65, mixed mode)


1. Steps:
a. Connect to https://<some-lotus-server>. It fails with a "java.net.SocketException: Socket
closed" exception.
b. Connect to https://<some-other-server> . It succeeds
c. Using a browser (such as konqueror, or  customer ) to connect https://<some-lotus-server>
succeeds.

d. Set up a server using the openssl, and the following command line:
     openssl s_server -cert server.crt -key ../ssl.key/server.key
   ===> java Https https://localhost:4433/ succeeds

e. openssl s_server -cert server.crt -key ../ssl.key/server.key -ssl2
   ===> It fails with "javax.net.ssl.SSLException: SSL V2.0 servers are not supported"

f. openssl s_server -cert server.crt -key ../ssl.key/server.key -ssl3
   ===> It fails with "java.net.SocketException: Socket closed" (i.e. same exception as with
  Lotus Notes). Openssl itself logs the following message:
8965:error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number:s3_pkt.c:290:
shutting down SSL

g. openssl s_server -cert server.crt -key ../ssl.key/server.key -tls1
  ===> Same as f

h. openssl s_server -cert server.crt -key ../ssl.key/server.key -no_tls1
  ===> java Https fails with "java.io.IOException: Broken pipe", and openssl itself fails with
  9137:error:1408B074:SSL routines:SSL3_GET_CLIENT_KEY_EXCHANGE:bad protocol
version number:s3_srvr.c:1345:

N.B. connecting to servers d - h using a Web browser (such as konqueror) works all right.

====================================================================
2. Source code:

import java.net.URL;
import java.io.InputStream;
import java.io.FileInputStream;
import java.io.IOException;


public class Https {
  public static void main(String args[]) throws Exception {

    try {
      URL url;
      InputStream in;
      int c;
      for(int i=0; i<args.length; i++) {
    	url = new URL(args[i]);
    	in = url.openStream();
	System.out.println("begin");
    	while ( (c = in.read() ) != -1) {
	  System.out.write(c);
    	}
	System.out.println("end");
      }
    } catch(Exception e) {
      e.printStackTrace();
    }
  }
}

====================================================================
3/4: Exact text/trace of message:

java.net.SocketException: Socket closed
        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a([DashoPro-V1.2-120198])         at
com.sun.net.ssl.internal.ssl.AppOutputStream.write([DashoPro-V1.2-120198])
        at java.io.OutputStream.write(OutputStream.java:61)
        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake([DashoPro-V1.2-120198])
        at
com.sun.net.ssl.internal.www.protocol.https.HttpsClient.doConnect([DashoPro-V1.2-120198])
        at
com.sun.net.ssl.internal.www.protocol.https.NetworkClient.openServer([DashoPro-V1.2-120198])
        at com.sun.net.ssl.internal.www.protocol.https.HttpClient.d([DashoPro-V1.2-120198])
        at
com.sun.net.ssl.internal.www.protocol.https.HttpClient.<init>([DashoPro-V1.2-120198])
        at
com.sun.net.ssl.internal.www.protocol.https.HttpsClient.<init>([DashoPro-V1.2-120198])
        at com.sun.net.ssl.internal.www.protocol.https.HttpsClient.a([DashoPro-V1.2-120198])
        at com.sun.net.ssl.internal.www.protocol.https.HttpsClient.a([DashoPro-V1.2-120198])
        at
com.sun.net.ssl.internal.www.protocol.https.HttpsURLConnection.connect([DashoPro-V1.2-120198])
        at
com.sun.net.ssl.internal.www.protocol.https.HttpsURLConnection.getInputStream([DashoPro-V1.2-120198])
        at java.net.URL.openStream(URL.java:851)
        at Https.main(Https.java:20)
====================================================================
(Review ID: 126696) 
======================================================================
Work Around 




It is possible to set up an openssl gateway which receives the SSL connection and forwards it
to the Lotus Notes server.
======================================================================
Evaluation 
Probably related to the hello client problem we're addressing
for merlin-beta2.

  xxxxx@xxxxx   2001-06-15

From the description and the error message at the server, it looks like the Lotus server does not support TLS v1 (3.1). Currently we always send TLSv1 as the version numbers in  our client hello. In merlin we can use setEnabledProtocols(String[] protocols) to send either TLSv1 or SSLv3. I think that will solve the problem.

Please see RFE 4416068.



  xxxxx@xxxxx   2001-06-28
Comments
  
  Include a link with my name & email   


PLEASE NOTE: JDK6 is formerly known as Project Mustang





About Sun  |  About This Site  |  Newsletters  |  Contact Us  |  Employment
How to Buy  |  Licensing  |  Terms of Use  |  Privacy  |  Trademarks
 

 
Copyright 1994-2008 Sun Microsystems, Inc.
A Sun Developer Network Site

Unless otherwise licensed, code in all technical manuals herein (including articles, FAQs, samples) is provided under this License.
 
XML Content Feeds