I'm trying for connecting for an HTTPS endpoint in Java. Every method I've attempted (more particulars below) eventually ends up producing this stack trace:

java.net.SocketException: Connection reset
at java.net.SocketInputStream.read(SocketInputStream.java:168)
at com.sun.net.ssl.internal.ssl.InputRecord.readFully(InputRecord.java:293)
at com.sun.net.ssl.internal.ssl.InputRecord.read(InputRecord.java:331)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:798)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1138)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readDataRecord(SSLSocketImpl.java:753)
at com.sun.net.ssl.internal.ssl.AppInputStream.read(AppInputStream.java:75)

I've attempted:

  • Hooking up using the javax Cleaning soap libs along with a new URL("https://...")
  • Hooking up with new URL("https://...").openConnection()
  • Creating an SSL connection manually:

            Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
        SSLSocketFactory factory = (SSLSocketFactory) SSLSocketFactory.getDefault();
        SSLSocket socket = (SSLSocket) factory.createSocket("...", 443);
        Writer out = new OutputStreamWriter(socket.getOutputStream());
        // https requires the full URL in the GET line
        out.write("GET / HTTP/1.0\\r\\n");
        // read response
        BufferedReader in = new BufferedReader(
                    new InputStreamReader(socket.getInputStream()));
        int c;
        while ((c = in.read()) != -1) {

A couple of more particulars:

  • Every method I've attempted has labored against other SSL servers, it's this specific server (I'm not at liberty to go over what server, it is a business partner)
  • I'm able to connect with this server both having a internet browser, with a photoshopped up Cleaning soap request with curl This really is something Java-specific.

So, it appears pretty obvious that there's some disagreement between Java and also the HTTPS server over the way the handshake is going lower, which most likely means the server has some strange SSL configuration. However, I do not have direct accessibility server, and those who do are midway all over the world, so communication is a touch strained because of completely different timezones.

If my presumptions you will find correct, what possible SSL problems could there be? What could potentially cause something similar to this? How can i request the folks in charge from the server to search for issues? After I perform the request with curl, I recieve back these server configuration headers:

Server: Apache/2.2.9 (Debian) mod_jk/1.2.26 PHP/5.2.6-1+lenny10 with Suhosin-Patch mod_ssl/2.2.9 OpenSSL/0.9.8g mod_perl/2.0.4 Perl/v5.10.0
X-Powered-By: PHP/5.2.6-1+lenny10
X-SOAP-Server: NuSOAP/0.7.3 (1.114)

It's an SSL version problem. The server only supports SSLv3, and Java will begin at v2, and try to negotiate upwards, although not all servers support that kind of settlement.

Forcing java to make use of SSLv3 only may be the only solution I am conscious of.

Edit, you will find two ways to get this done that I am conscious of:

  • If you're creating the socket manually, you are able to set the enabled methods

    socket.setEnabledProtocols(new String[] )

  • If you work with a greater level library, you most likely have to set all SSL demands to make use of v3 only, that is accomplished using the "https.methods" system property:

    java -Dhttps.methods=SSLv3