AW: java.net.ConnectException: Received fatal alert:unexpected_message
Bernd Eckenfels
ecki at zusammenkunft.net
Sun Nov 12 21:05:56 UTC 2017
The newer the Jetty Server is the more unlikely it Supports the old and unsafe SSL2 handshake. You should not enable the SSL2Hello pseudo protocol on Client side. JDK certainly does not by Default.
Gruss
Bernd
--
http://bernd.eckenfels.net
Von: Sean Dawson
Gesendet: Sonntag, 12. November 2017 20:24
An: security-dev at openjdk.java.net
Betreff: Re: java.net.ConnectException: Received fatal alert:unexpected_message
Thanks for the reply. This is one of the latest versions of Jetty so I would hope that it would support that. But I've also tried specifying various other http.protocols on both sides but it hasn't seemed to change the result. Any other flags or things I should try?
On Fri, Nov 10, 2017 at 11:48 PM, Jaikiran Pai <jai.forums2013 at gmail.com> wrote:
> Java 1.8.0_131
> Both servers on same machine, using same Java
> Source server is using async-http-client 1.9.18
> Destination server is using Jetty 9.4.7.v20170914
....
> New I/O worker #10, WRITE: TLSv1.2 Handshake, length = 161
> [write] MD5 and SHA1 hashes: len = 140
> 0000: 01 03 03 00 63 00 00 00 20 00 C0 23 00 C0 27 00 ....c... ..#..'.
> ...
> 0080: 07 06 BB A0 AB 39 66 80 95 55 14 65 .....9f..U.e
> New I/O worker #10, WRITE: SSLv2 client hello message, length = 140
It looks like the async-http-client is sending a SSLv2 client hello message during the handshake and I'm guessing Jetty doesn't support (or maybe has disabled) SSLv2Hello handshake messages. What SSL protocols have you enabled on both these sides? If you haven't explicitly enabled any, then what do they default to in these libraries/servers?
-Jaikiran
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.openjdk.org/pipermail/security-dev/attachments/20171112/08d008e2/attachment.htm>
More information about the security-dev
mailing list