javanna.net…not just java

In the previous post I wrote about some SSL common issues in Java. One of them, the most popular in my opinion, points out to a flexible way to make ssl connections using Jakarta Commons Http Client 3.1 without any static call. This is a good choice if your client has to communicate with two or more different hosts using different keystores or truststores.

Basically, you have to use a specific HostConfiguration and a given ProtocolSocketFactory implementation within your HttpClient object. I found out that the HostConfiguration has to contain the name of the host you want to communicate with, while the HttpMethod object must contain a relative path, otherwise the HostConfiguration will be overridden at runtime with the default one. And what about doing the same to make a web service call through Spring Web Services?

Much has been written about making SSL connections in Java. I think it would be useful to share my personal experience, so I’m gonna write about some common issues I dealt with.

• First of all, I remember a generic SSLHandshakeException due to the popular Transport Layer Security (TLS) Renegotiation Issue. I solved it by re-enabling the SSL renegotiation this way:

  System.setProperty("sun.security.ssl.allowUnsafeRenegotiation", true);
  

• I came across the following error too:

  javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
  

  which might depend on either the server configuration or the client certificate. For example, if you try to use a client certificate signed by a an issuer refused on the server side, you’ll have this exception thrown on the client side.