Home > Archive > Java Security > December 2004 > javax.net.ssl.SSLException: Unrecognized SSL message
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
javax.net.ssl.SSLException: Unrecognized SSL message
|
|
|
| I am trying to instantiate a simple SSL client socket(connection to an
SSH port on a linux host (port 22) but get the below exception :
"javax.net.ssl.SSLException: Unrecognized SSL message, plaintext
connection?".
I am using the default factory (javax.net.ssl.SSLSocketFactory) to
create the SSLSocket (javax.net.ssl.SSLSocket). I am not enabling any
specific cipher suite. I tried enabling each of the protocols
(SSLv2Hello, SSLv3, TLSv1) separately - but still the same problem.
I put some debug print statements to print the enabled cipher suites
and I notice the most common cipher suites are indeed enabled :
SSL_RSA_WITH_RC4_128_MD5
SSL_RSA_WITH_RC4_128_SHA
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_DHE_RSA_WITH_AES_128_CBC_SHA
TLS_DHE_DSS_WITH_AES_128_CBC_SHA
SSL_RSA_WITH_3DES_EDE_CBC_SHA
SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA
SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA
SSL_RSA_WITH_DES_CBC_SHA
SSL_DHE_RSA_WITH_DES_CBC_SHA
SSL_DHE_DSS_WITH_DES_CBC_SHA
SSL_RSA_EXPORT_WITH_RC4_40_MD5
SSL_RSA_EXPORT_WITH_DES40_CBC_SHA
SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA
SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA
Any help is appreciated.
| |
| Juha Laiho 2004-12-22, 9:14 pm |
| "Ranga" <rthittai@telcordia.com> said:
>I am trying to instantiate a simple SSL client socket(connection to an
>SSH port on a linux host (port 22) but get the below exception :
>"javax.net.ssl.SSLException: Unrecognized SSL message, plaintext
>connection?".
Ok. SSH is not SSL, and vice versa. There are some common cryptographic
algorithms used in both, but the actual protocols are not interoperable.
--
Wolf a.k.a. Juha Laiho Espoo, Finland
(GC 3.0) GIT d- s+: a C++ ULSH++++$ P++@ L+++ E- W+$@ N++ !K w !O !M V
PS(+) PE Y+ PGP(+) t- 5 !X R !tv b+ !DI D G e+ h---- r+++ y++++
"...cancel my subscription to the resurrection!" (Jim Morrison)
| |
|
| Juha - thanks.
But I believe there is an FTP service running on this port (22) on this
linux host that I am trying to connect to. Wouldn't that be sftp?
If it is sftp, then should I not be able to connect to it using an SSL
socket?
Or is an FTP service running on SSH not equivaltent to the ubiquitous
"sftp"?
-Ranga
Juha Laiho wrote:
> "Ranga" <rthittai@telcordia.com> said:
an[color=darkred]
>
> Ok. SSH is not SSL, and vice versa. There are some common
cryptographic
> algorithms used in both, but the actual protocols are not
interoperable.
> --
> Wolf a.k.a. Juha Laiho Espoo, Finland
> (GC 3.0) GIT d- s+: a C++ ULSH++++$ P++@ L+++ E- W+$@ N++ !K w !O !M
V
> PS(+) PE Y+ PGP(+) t- 5 !X R !tv b+ !DI D G e+ h---- r+++
y++++
> "...cancel my subscription to the resurrection!" (Jim Morrison)
| |
|
| -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Ranga wrote:
> Juha - thanks.
>
> But I believe there is an FTP service running on this port (22) on
> this linux host that I am trying to connect to. Wouldn't that be
> sftp? If it is sftp, then should I not be able to connect to it
> using an SSL socket?
>
> Or is an FTP service running on SSH not equivaltent to the
> ubiquitous "sftp"?
>
> -Ranga
>
Hi,
What I always call "sftp" is actually a variant of FTP operating over
SSHv2, which on my systems is invoked with the sftp command (or scp,
depending on what you're trying to do). However, I'm aware that there
is also something else called "ftps" which is FTP over SSL or TLS.
They're not the same thing, since SSL!=SSH. However, on the flip
side, there are Java libraries out there that do SSH, although I've
never actually used them, so I can't recommend one.
Chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)
iD8DBQFByw7ggxSrXuMbw1YRAkndAKDHb+0ZaEOT
WpHKZ9f6TJBtwygCogCg5s1l
jZg6P0WHij3YOOJpV5n6jh4=
=ZolP
-----END PGP SIGNATURE-----
|
|
|
|
|