United StatesChange Country, Oracle Worldwide Web Sites Communities I am a... I want to...
JDK-4977704 : Incompatibility in https behaviour between 1.3.1 (with jsse 1.0.3) and 1.4

Details
Type:
Bug
Submit Date:
2004-01-13
Status:
Closed
Updated Date:
2004-04-28
Project Name:
JDK
Resolved Date:
2004-01-22
Component:
security-libs
OS:
generic
Sub-Component:
javax.net.ssl
CPU:
generic
Priority:
P4
Resolution:
Fixed
Affected Versions:
1.4.0
Fixed Versions:
1.4.2_05 (05)

Related Reports
Backport:

Sub Tasks

Description
Attached is a testcase that makes a https connection thru a proxy 
and is able to retrieve the html response using 1.3.1_09 with the
JSSE1.0.3 packages as seen below:

C:\Support\Towers>\jdk1.3.1_09\bin\java -cp .;jcert.jar;jnet.jar;jsse.jar ProxySSL set
Setting provider
<head><title>Document moved</title></head>
<body><h1>Document moved</h1>
This document has moved <a href="https://dbconnect.towersperrin.com/dbconnect/noclient.jsp?TYPE=33554433&amp;TARGET=http://d
e2-1e81-ae63-83192e230000&amp;GUID=">here</a>.<p>
</body>


When running with 1.4.2_02 a SocketException is thrown:
C:\Support\Towers>java ProxySSL set
Setting provider
Exception in thread "main" java.net.SocketException: Unexpected end of file from server
        at sun.net.www.http.HttpClient.parseHTTPHeader(Unknown Source)
        at sun.net.www.http.HttpClient.parseHTTP(Unknown Source)
        at sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown Source)
        at com.sun.net.ssl.internal.www.protocol.https.HttpsURLConnectionOldImpl.getInputStream(Unknown Source)
        at java.net.URL.openStream(Unknown Source)
        at ProxySSL.main(ProxySSL.java:18)

Is this a bug in 1.4? Any input would be appreciated. Included is the
javax.net.debug output.

Thanks,

Albert.


                                    

Comments
EVALUATION

We've found that Apache server 1.3.20 doesn't like "Host" request header field with a value that contains the host name plus the default port number. In 1.3.1 (with JSSE1.0.3), we were omitting the port number when it uses the default value for a certain service; while since 1.4, when we are tunneling through a proxy server, we would set the port number even when it uses 443 (the default port number for https).

To keep backward compatibility, we should omit the port number when it contains the default value.

###@###.### 2004-01-13
                                     
2004-01-13
CONVERTED DATA

BugTraq+ Release Management Values

COMMIT TO FIX:
1.4.2_05
generic
tiger-beta2

FIXED IN:
1.4.2_05
tiger-beta2

INTEGRATED IN:
1.4.2_05
tiger-b36
tiger-beta2

VERIFIED IN:
1.4.2_05


                                     
2004-09-02



Hardware and Software, Engineered to Work Together