Can't make more than one request on java.net.http.HttpClient or will receive: javax.net.ssl.SSLHandshakeException

» java » Can't make more than one request on java.net.http.HttpClient or will receive: javax.net.ssl.SSLHandshakeException

By : PaowZ

Date : November 25 2020, 04:01 AM

it helps some times Apparently, SSLContext objects are not thread-safe. (It’s usually correct to assume that any mutable object whose contract doesn’t explicitly guarantee thread safety is not thread-safe.)
HttpClients use the default SSLContext if not given a context explicitly. So it appears your two requests are trying to simultaneously share that default context.

code :

private void sendRequest(Consumer<String> onSucces, String url) {
    SSLContext context;
    try {
        context = SSLContext.getInstance("TLSv1.3");
        context.init(null, null, null);
    } catch (GeneralSecurityException e) {
        throw new RuntimeException(e);
    }

    HttpClient client = HttpClient.newBuilder().sslContext(context).build();
    HttpRequest request = HttpRequest.newBuilder(URI.create(url)).build();

    client.sendAsync(request, HttpResponse.BodyHandlers.ofString())
            .thenApply(HttpResponse::body)
            .thenAccept(onSucces)
            .join();
}

Share :

Apache httpclient javax.net.ssl.SSLHandshakeException:

By : Hussein Jarrar

Date : March 29 2020, 07:55 AM

I wish did fix the issue. The apache example only sets up a trust store. That will only use the CA cert. You need to also set up an "identity" for handling the client certificate. I realize you put them all in the same java keystore, and that is probably still okay (but normally they are in separate files).
The example calls loadTrustMaterial(). You also need to call loadKeyMaterial().

HTTP transport error: javax.net.ssl.SSLHandshakeException

By : user3626200

Date : March 29 2020, 07:55 AM

this will help Finally got it working. I had to explicitly tell Glassfish about the cacerts to be used even with those certificates being available in the /jdk/jr, /jre and the glassfish domain config cacerts...

code :

asadmin> create-jvm-options -Djavax.net.ssl.trustStore="/Program Files/Java/jre7/lib/security/cacerts"

Get request handshake_faliure:javax.net.ssl.SSLHandshakeException

By : Bobby

Date : March 29 2020, 07:55 AM

hop of those help? According to https://www.ssllabs.com/ssltest/analyze.html?d=sunnyportal.com that server negotiates only one ciphersuite, TLS_RSA_WITH_AES_256_CBC_SHA, which uses AES with 256-bit key.
If you are using Oracle Java to use any symmetric cipher above 128 bits, which includes AES 256, you must download and install the JCE Unlimited Strength Jurisdiction Policy Files for your version. For the currently supported version, 8, near the bottom of the general download page http://www.oracle.com/technetwork/java/javase/downloads/index.html it links to http://www.oracle.com/technetwork/java/javase/downloads/jce8-download-2133166.html . For older versions search finds http://www.oracle.com/technetwork/java/javase/downloads/jce-7-download-432124.html and http://www.oracle.com/technetwork/java/javase/downloads/jce-6-download-429243.html .

Windows.Web.Http.HttpClient and System.Net.Http.HttpClient receive different responses

By : Lucas Almeida

Date : March 29 2020, 07:55 AM

fixed the issue. Will look into that further The problem was HttpClient didn't decompress gzip data as Nuf said in the comments.
so I just wrote tiny code for gzip decompression.

code :

public async Task<string> Request(Method method, string url, string postData)
{
    var handler = new System.Net.Http.HttpClientHandler()
    {
        AutomaticDecompression = DecompressionMethods.GZip | DecompressionMethods.Deflate
    };
    var http = new System.Net.Http.HttpClient(handler);
    System.Net.Http.HttpResponseMessage response;
    if (method == Method.POST)
    {

        var httpContent = new System.Net.Http.StringContent(postData, Encoding.UTF8, "application/x-www-form-urlencoded");
        response = await http.PostAsync(new Uri(url), httpContent);
    }
    else
    {
        response = await http.GetAsync(new Uri(url));
    }


    return await response.Content.ReadAsStringAsync();
}

How to make a HTTP GET with custom certificate with Spring Boot / javax.net.ssl.SSLHandshakeException: Received fatal al

By : mit.es

Date : March 29 2020, 07:55 AM

this one helps. This is just an example, cobbled together from some old code from way back. I no longer have access to a SOAP service that requires mutual TLS and it is not tested in it's current form.
That being said you should be able to use it as a starting point - depending on which libraries you're using. The important thing is to have your SOAP client provide the client certificate your provider gave you while making requests.

code :

import org.apache.cxf.configuration.jsse.TLSClientParameters;
import org.apache.cxf.frontend.ClientProxy;
import org.apache.cxf.transport.http.HTTPConduit;

import javax.net.ssl.KeyManagerFactory;
import java.io.IOException;
import java.io.InputStream;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.util.Optional;

public class CrudeSoapClient {

    private static void initKeyManager(YourSoapServicePort yourSoapServicePort) {
        HTTPConduit httpConduit = (HTTPConduit) ClientProxy.getClient(yourSoapServicePort).getConduit();
        TLSClientParameters tlsClientParameters = Optional.ofNullable(httpConduit.getTlsClientParameters()).orElseGet(TLSClientParameters::new);
        tlsClientParameters.setKeyManagers(getKeyManagerFactory().getKeyManagers());
        httpConduit.setTlsClientParameters(tlsClientParameters);
    }

    public static KeyManagerFactory getKeyManagerFactory() {
        KeyManagerFactory keyManagerFactory = null;
        try (InputStream inputStream = CrudeSoapClient.class.getClassLoader().getResourceAsStream("yourkeystore.pkcs12")) {
            KeyStore ts = KeyStore.getInstance("PKCS12");
            ts.load(inputStream, "yourpassword".toCharArray());
            keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
            keyManagerFactory.init(ts, "yourpassword".toCharArray());
        } catch (Exception e) {
            e.printStackTrace();
        }
        return keyManagerFactory;
    }
}

        YourSoapService yourSoapService = new YourSoapServicePort();
        YourSoapServicePort yourSoapServicePort = yourSoapService.getYourSoapServicePort();
        CrudeSoapClient.initKeyManager(yourSoapServicePort);
        YourSoapServiceResponse response = yourSoapServicePort.getOperation(yourRequest);
        //do whatever you need to do with the response