JDK-8059013 : JVM always uses http protocol for crossdomain.xml download
  • Type: Bug
  • Component: deploy
  • Affected Version: 8u20
  • Priority: P4
  • Status: Resolved
  • Resolution: Won't Fix
  • OS: os_x
  • CPU: x86
  • Submitted: 2014-09-23
  • Updated: 2018-08-23
  • Resolved: 2018-08-23
Description
FULL PRODUCT VERSION :
Version 8 Update 20 (Build 1.8.0_20-b26)

ADDITIONAL OS VERSION INFORMATION :
OS X 10.9.5

A DESCRIPTION OF THE PROBLEM :
When running Sandbox Java Applet with the latest JDK, from within Java code we try to connect back to the server with a different protocol - instead of original HTTPS we use WSS (secured Websockets connection, we use third party Websockets Client Java library). As the result, JVM tries to retrieve `crossdomain.xml` file from the server. The problem is, that the file is retrieved using HTTP (and not HTTPS) protocol. 

For example, in our case the server IP is 192.168.1.1, the applet is loaded over HTTPS default port (443). Using trace level 5 in Java console we see that the `crossdomain.xml` is retrieved from `http://192.168.1.1:443`. And of course it doesn't work because the server listens only for HTTPS connections on port 443 (and not HTTP).

On the other hand, when we use HTTP protocol and open new WS (unsecured Websockets connection) to the server, the problem doesn't appear, because crossdomain.xml is retrieved from `http://192.168.1.1:80` and it is completely correct.


REPRODUCIBILITY :
This bug can be reproduced always.