JDK-6708421 : SSLException: Received fatal alert, thrown when accessing SSL service by Oracle
  • Type: Bug
  • Component: deploy
  • Sub-Component: webstart
  • Affected Version: 6
  • Priority: P4
  • Status: Closed
  • Resolution: Duplicate
  • OS: windows_xp
  • CPU: x86
  • Submitted: 2008-05-29
  • Updated: 2011-02-16
  • Resolved: 2008-12-02
Related Reports
Duplicate :  
Description
FULL PRODUCT VERSION :
Java(TM) SE Runtime Environment (build 1.6.0_03-b05)
Java HotSpot(TM) Client VM (build 1.6.0_03-b05, mixed mode, sharing)

ADDITIONAL OS VERSION INFORMATION :
Windows XP Pro 5.1.2600, Ubuntu Linux 7.10 (and probably more)

EXTRA RELEVANT SYSTEM CONFIGURATION :
Attached Seperatly

A DESCRIPTION OF THE PROBLEM :
When accesssing a Oracle Web-Cache server (http://www.oracle.com/technology/products/ias/web_cache/index.html) using a HttpsURLConnection (uptained through the URL factory), something internal goes wrong right after or during handshaking (see error messages below).

Oddly, the issue only shows when running in a Web Start environment but not when running as a normal JAR application. Also, it seems to be in combination with Oracle servers and their implementation of SSL. In any case, the message in the exception should/could be retrofitted with a more descriptive version if there is no "fix" for this issue.

http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=4947863

STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
Try to connect to an Oracle Application Server/10g (10.1.2) Apache-Coyote/1.1 OracleAS-Web-Cache-10g server using HttpsURLConnection from a Java Web Start environment, and you will see the problem. You may test up against ours at "https://brunata.com/service/" with the following program:


...and run this as a Java Web Start application.

EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
   "http://www.w3.org/TR/html4/loose.dtd">

<html>
    <head>
        <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
        <title>JSP Page</title>
    </head>
    <body>

    <h1>JSP Page</h1>
    </body>
</html>
ACTUAL -
Stacktrace, content is never fetched. (See error messages.)

ERROR MESSAGES/STACK TRACES THAT OCCUR :
Caused by: javax.net.ssl.SSLException: Received fatal alert:
unexpected_message
        at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown Source)
        at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown Source)
        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.recvAlert(Unknown Source)
        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown Source)
        at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source)
        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source)
        at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source)
        at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source)
        at sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(Unknown
Source)

REPRODUCIBILITY :
This bug can be reproduced always.

---------- BEGIN SOURCE ----------
//
// Sign and deploy the sample as a JWS/JNLP application
//

package sandbox;
import javax.net.ssl.*;
import java.net.URL;
import java.io.InputStream;
import java.io.IOException;

public class HttpsTest
{

    public static final String PTD3_PING = "https://brunata.com/service/PTDServlet?PING=Hello";

    public HttpsTest()
    {
        try
        {
            URL u = new URL("https://brunata.com/service/");
            HttpsURLConnection con = (HttpsURLConnection) u.openConnection();
            InputStream in = con.getInputStream();

            int c = 0;
            while ((c = in.read()) != -1)
                System.out.print((char) c);
        }
        catch (IOException e)
        {
            e.printStackTrace();
        }
    }

    public static void main(String[] args)
    {
        new HttpsTest();
    }
}

---------- END SOURCE ----------

CUSTOMER SUBMITTED WORKAROUND :
That the JWS/JNLP environment is a lot different than a normal JAR/Application environment. It turns out, that if I override (remove) 3 specific environment properties before the initial HttpsUrlConnection, all works fine.

        System.getProperties().remove("https.protocols");
        System.getProperties().remove("javaplugin.proxy.config.type");
        System.getProperties().remove("trustProxy");

Comments
EVALUATION I have running the testcase attached against our JRE 6u10, it works fine. The issue looks like the same as bug 6514454, which has been fixed in JRE 6u4, therefore I closed this bug as a duplicate.
02-12-2008