Unrecognized SSL message, plaintext connection? Exception

Question

I have a java complied package to speak with the https server on net. Running the compilation gives the following exception:

javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection?
    at com.sun.net.ssl.internal.ssl.InputRecord.handleUnknownRecord(Unknown Source)
at com.sun.net.ssl.internal.ssl.InputRecord.read(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(Unknown Source)

I think this is due to the connection established with the client machine is not secure. Is there any way to configure the local machine or ports in order to connect to the remote https server?

For the sake of Google search this is recently being returned as "Unrecognized record version TLS-0.0 , plaintext connection?" — Jp_, Oct 06 '21 at 22:06

user207421 · Accepted Answer · 2016-02-23T03:22:01.627

281

I think this is due to the connection established with the client machine is not secure.

It is due to the fact that you are talking to an HTTP server, not an HTTPS server. Probably you didn't use the correct port number for HTTPS.

edited Feb 23 '16 at 03:22

answered Jun 30 '11 at 11:00

user207421

298,294
41
291
462

9

I have the same error, and I solved when I started using http instead of https. But when I place the link in browser with https it works! And I need to perform a safe query. Any idea on how can I solve the problem? – ccoutinho Mar 31 '14 at 14:06
10

@rsy When you 'placed the link ... with https' the browser would have changed to port 443 for you. You can do the same yourself. Indeed `HttpURLConnection` will automatically do it for you, if you don't specify a port at all. – user207421 Jun 09 '14 at 23:54
I assume that you can setup any port on your server to be HTTPS, it doesn't have to be a specific port? – Aug 25 '17 at 07:50
1

@KarlSherwin It can be any port you like, subject to reservations, but if it isn't 443 you will have to cart that around yourself in all your URLs. – user207421 Apr 04 '18 at 06:21
Thanks a lot. Actually, I was using port 80 for an HTTPS connection. When I changed it to 443 it worked as expected. – Vipul Verma Jun 11 '21 at 11:29

score 20 · Answer 2 · edited Aug 06 '16 at 01:05

20

javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection?

You should have a local SMTP domain name that will contact the mail server and establishes a new connection as well you should change the SSL property in your programming below

javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection

 props.put("mail.smtp.socketFactory.fallback", "true"); // Should be true

edited Aug 06 '16 at 01:05

user207421

298,294
41
291
462

answered Mar 19 '13 at 10:03

Thobith

227
2
2

14

He is speaking HTTPS, not SMTP. -1 – user207421 Feb 13 '14 at 02:02
2

In my case that worked, thanks! javax.mail.MessagingException: Could not connect to SMTP host: mail.livemusicgo.com, port: 25; nested exception is: javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection? – surfealokesea Apr 22 '14 at 05:49
1

@surfealokesea The question is about HTTP and HTTPS, and an answer or a personal experience about SMTP isn't relevant. – user207421 Jul 03 '18 at 10:03
1

Yes but this is not just for him it is for other users that are having this same 'unrecognized ssl message'. +1 to you, Thobith – sam1370 Aug 27 '18 at 00:36

score 9 · Answer 3 · answered Apr 09 '13 at 12:01

9

I got the same error message when I forgot to log in to the company firewall, before performing a POST request through a proxy.

answered Apr 09 '13 at 12:01

Jay

528
1
7
22

I had to do the same although I was inside the company ! – MonoThreaded May 04 '16 at 14:19
1

can you please explain in brief how to resolve, me too facing same issue in my company right ow – Nitesh Sep 06 '19 at 05:51

score 6 · Answer 4 · answered Feb 03 '14 at 06:34

6

I got the same error. it was because I was accessing the https port using http.. The issue solved when I changed http to https.

answered Feb 03 '14 at 06:34

Soumyajit Swain

1,270
20
33

11

No, you got the error when accessing the HTTP port via HTTPS. Read the error message. You connected to a plaintext target. The situation you described wouldn't have caused an SSLException, as you wouldn't have been using SSL. – user207421 Jul 02 '15 at 22:05

score 2 · Answer 5 · answered Feb 06 '17 at 20:47

Adding this as an answer as it might help someone later.

I had to force jvm to use the IPv4 stack to resolve the error. My application used to work within company network, but while connecting from home it gave the same exception. No proxy involved. Added the jvm argument -Djava.net.preferIPv4Stack=true and all the https requests were behaving normally.

score 1 · Answer 6 · answered Aug 10 '14 at 14:23

I face the same issue from Java application built in Jdevelopr 11.1.1.7 IDE. I solved the issue by unchecking the use of proxy form Project properties.

You can find it in the following: Project Properties -> (from left panle )Run/Debug/Profile ->Click (edit) form the right panel -> Tool Setting from the left panel -> uncheck (Use Proxy) option.

score 1 · Answer 7 · answered Mar 27 '18 at 10:52

i solved my problem using port 25 and Following prop

mailSender.javaMailProperties.putAll([
                "mail.smtp.auth": "true",
                "mail.smtp.starttls.enable": "false",
                "mail.smtp.ssl.enable": "false",
                "mail.smtp.socketFactory.fallback": "true",
        ]);

score 1 · Answer 8 · answered Jun 05 '19 at 10:08

If you are running local using spring i'd suggest use:

@Bean
public AmazonDynamoDB amazonDynamoDB() throws IOException {
    return AmazonDynamoDBClientBuilder.standard()
            .withCredentials(
                    new AWSStaticCredentialsProvider(
                            new BasicAWSCredentials("fake", "credencial")
                    )
            )
            .withClientConfiguration(new ClientConfigurationFactory().getConfig().withProtocol(Protocol.HTTP))
            .withEndpointConfiguration(new AwsClientBuilder.EndpointConfiguration("localhost:8443", "central"))
            .build();
}

It works for me using unit test.

Hope it's help!

score 0 · Answer 9 · edited Aug 06 '16 at 01:04

0

As EJP said, it's a message shown because of a call to a non-https protocol. If you are sure it is HTTPS, check your bypass proxy settings, and in case add your webservice host url to the bypass proxy list

edited Aug 06 '16 at 01:04

user207421

298,294
41
291
462

answered Sep 07 '15 at 17:02

Fabrizio Stellato

1,601
18
40

score 0 · Answer 10 · edited May 23 '17 at 12:02

It worked for me now, I have change the setting of my google account as below:

        System.out.println("Start");
        final String username = "myemail@gmail.com";
        final String password = "************";

        Properties props = new Properties();
        props.put("mail.smtp.auth", "true");
        props.put("mail.smtp.host", "smtp.gmail.com");
        props.put("mail.smtp.port", "465");
        props.put("mail.transport.protocol", "smtp");
        props.put("mail.smtp.starttls.enable", "true");
        props.put("mail.smtp.starttls.enable", "true");
        props.put("mail.smtp.socketFactory.class", "javax.net.ssl.SSLSocketFactory");

         Session session = Session.getInstance(props,
                  new javax.mail.Authenticator() {
                    protected PasswordAuthentication getPasswordAuthentication() {
                        return new PasswordAuthentication(username, password);
                    }
                  });


        try {
            Transport transport=session.getTransport();
            Message message = new MimeMessage(session);
            message.setFrom(new InternetAddress("myemail@gmail.com"));//formBean.getString("fromEmail")
            message.setRecipients(Message.RecipientType.TO,InternetAddress.parse("myemail@gmail.com"));
            message.setSubject("subject");//formBean.getString(
            message.setText("mailBody");
            transport.connect();
            transport.send(message, InternetAddress.parse("myemail@gmail.com"));//(message);

            System.out.println("Done");

        } catch (MessagingException e) {
            System.out.println("e="+e);
            e.printStackTrace();
            throw new RuntimeException(e);

        }

Though I have enabled SSL and TSL while running program in this link of same post. I spend a lot of time but than I realized and found this link. And done 2 following steps and setting control in google. :

Disable the 2-step verification (password and OTP)
Enabling to allow to access less secure app(Allow less secure apps: ON.)

Now I am able to send mail using above program.

The question is about HTTPS. – user207421 Jul 22 '16 at 07:07 — user207421, Jul 22 '16 at 07:07

score 0 · Answer 11 · answered Mar 22 '17 at 17:57

0

if connection is FTPS test:

FTPSClient ftpClient = new FTPSClient(protocol, false);

protocol = TLS,SSL and false = isImplicit.

answered Mar 22 '17 at 17:57

Faxon Lander Montenegro

389
4
5

rob2universe · Answer 12 · 2018-07-08T03:00:01.020

0

In case you are running

Cisco AnyConnect Secure Mobility Agent
Cisco AnyConnect Web Security Agent

try stopping the service(s).

Not sure why I got a down vote for this answer. In our corporate network this IS the solution to the issue.

edited Jul 08 '18 at 03:00

answered Feb 20 '18 at 07:52

rob2universe

5,674
33
47

score 0 · Answer 13 · answered Mar 06 '18 at 07:38

0

I got the same issue and it got resolved by setting "proxyUser" and "proxyPassword" in system properties.

System.setProperty("http.proxyUser", PROXY_USER);
System.setProperty("http.proxyPassword", PROXY_PASSWORD);

along with "proxyHost" and "proxyPort"

System.setProperty("http.proxyHost", PROXY_ADDRESS);
System.setProperty("http.proxyPort", PROXY_PORT);

Hope it will work.

answered Mar 06 '18 at 07:38

Anil kumar

418
1
5
18

It will work if you are using the Apache HTTP client and you got an authorization exception. It will *not* work to solve the problem stated by the OP. – user207421 Jul 03 '18 at 10:04

score 0 · Answer 14 · answered Mar 23 '18 at 21:29

0

I was facing this exception when using Gmail.

In order to use Gmail I had to turn ON "Allow less secure apps".

This Gmail setting can be found at https://www.google.com/settings/security/lesssecureapps after login the gmail account.

answered Mar 23 '18 at 21:29

Jose1755

290
2
8

score 0 · Answer 15 · answered Jan 15 '19 at 01:09

I've got similar error using camel-mail component to send e-mails by gmail smtp.

The solution was changing from TLS port (587) to SSL port (465) as below:

<route id="sendMail">
  <from uri="jason:toEmail"/>
  <convertBodyTo type="java.lang.String"/>
  <setHeader headerName="Subject"><constant>Something</constant></setHeader>
  <to uri="smtps://smtp.gmail.com:465?username=myemail@gmail.com&amp;password=mypw&amp;to=someemail@gmail.com&amp;debugMode=true&amp;mail.smtp.starttls.enable=true"/>
</route>

No, the solution was changing to a *plaintext* port. – user207421 Mar 21 '19 at 05:08 — user207421, Mar 21 '19 at 05:08

score -1 · Answer 16 · answered Aug 18 '15 at 15:05

-1

If you're running the Java process from the command line on Java 6 or earlier, adding this switch solved the issue above for me:

-Dhttps.protocols="TLSv1"

answered Aug 18 '15 at 15:05

MarkL

105
1

score -1 · Answer 17 · answered Jan 31 '20 at 13:50

HERE A VERY IMPORTANT ANSWER:

You just change your API URL String (in your method) from https to http.. This could also be the cause:

client.resource("http://192.168.0.100:8023/jaxrs/tester/tester");

instead of

client.resource("https://192.168.0.100:8023/jaxrs/tester/tester");

score -2 · Answer 18 · answered Jul 10 '14 at 08:44

-2

Maybe your default cerficate has expired. to renew it through admin console go "Security >SSL certificate and key management > Key stores and certificates > NodeDefaultKeyStore > Personal certificates" select the "default" alias and click on "renew" after then restart WAS.

answered Jul 10 '14 at 08:44

Mithat Bozkurt

547
5
15

1

An expired certificate rdies not cause this exception. – user207421 Jul 02 '15 at 22:06

oguzhankinik · Answer 19 · 2017-05-09T19:24:59.503

-2

Another reason is maybe "access denided", maybe you can't access to the URI and received blocking response page for internal network access. If you are not sure your application zone need firewall rule, you try to connect from terminal,command line. For GNU/Linux or Unix, you can try run like this command and see result is coming from blocking rule or really remote address: echo | nc -v yazilimcity.net 443

edited May 09 '17 at 19:24

answered May 09 '17 at 12:20

oguzhankinik

85
4

If you received any kind of a page the SSL part was working perfectly and you would not have got the exception cited by the OP. – user207421 Jul 03 '18 at 10:05
I'm not receiving any kind of a page the SSL part, I received internal network HTTP response that special prepared page. For this scenario I'm accessing to the HTTP page via HTTPS request so I received the this exception. After the network rule changes, this exception also self resolved. – oguzhankinik Jul 10 '18 at 21:07

Unrecognized SSL message, plaintext connection? Exception

19 Answers19

Linked

Related