JDK-4977704 : Incompatibility in https behaviour between 1.3.1 (with jsse 1.0.3) and 1.4
  • Type: Bug
  • Component: security-libs
  • Sub-Component: javax.net.ssl
  • Affected Version: 1.4.0
  • Priority: P4
  • Status: Closed
  • Resolution: Fixed
  • OS: generic
  • CPU: generic
  • Submitted: 2004-01-13
  • Updated: 2004-04-28
  • Resolved: 2004-01-22
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
1.4.2_05 05Fixed
Attached is a testcase that makes a https connection thru a proxy 
and is able to retrieve the html response using 1.3.1_09 with the
JSSE1.0.3 packages as seen below:

C:\Support\Towers>\jdk1.3.1_09\bin\java -cp .;jcert.jar;jnet.jar;jsse.jar ProxySSL set
Setting provider
<head><title>Document moved</title></head>
<body><h1>Document moved</h1>
This document has moved <a href="https://dbconnect.towersperrin.com/dbconnect/noclient.jsp?TYPE=33554433&amp;TARGET=http://d

When running with 1.4.2_02 a SocketException is thrown:
C:\Support\Towers>java ProxySSL set
Setting provider
Exception in thread "main" java.net.SocketException: Unexpected end of file from server
        at sun.net.www.http.HttpClient.parseHTTPHeader(Unknown Source)
        at sun.net.www.http.HttpClient.parseHTTP(Unknown Source)
        at sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown Source)
        at com.sun.net.ssl.internal.www.protocol.https.HttpsURLConnectionOldImpl.getInputStream(Unknown Source)
        at java.net.URL.openStream(Unknown Source)
        at ProxySSL.main(ProxySSL.java:18)

Is this a bug in 1.4? Any input would be appreciated. Included is the
javax.net.debug output.



CONVERTED DATA BugTraq+ Release Management Values COMMIT TO FIX: 1.4.2_05 generic tiger-beta2 FIXED IN: 1.4.2_05 tiger-beta2 INTEGRATED IN: 1.4.2_05 tiger-b36 tiger-beta2 VERIFIED IN: 1.4.2_05

EVALUATION We've found that Apache server 1.3.20 doesn't like "Host" request header field with a value that contains the host name plus the default port number. In 1.3.1 (with JSSE1.0.3), we were omitting the port number when it uses the default value for a certain service; while since 1.4, when we are tunneling through a proxy server, we would set the port number even when it uses 443 (the default port number for https). To keep backward compatibility, we should omit the port number when it contains the default value. ###@###.### 2004-01-13