On Tue, 2011-09-06 at 03:48 -0700, Ahmed Ashour wrote: > Hi Vasile, > > Thanks, I saw the error "main, RECV SSLv3 ALERT: fatal, bad_record_mac", and > read > http://old.nabble.com/Fwd%3A-Httpclient-sslv3---bad_record_mac-error-tt21999553.html#a22000148 > > Another question, is there is way to automatically detect the server SSL > version. Because I see the default enabled protocols are "SSLv2Hello", > "SSLv3", and "TLSv1". But restricting to SSLv3 will not make the code generic > for all websites. > > Is there any better way other than restricting the version to SSLv3? > > Ahmed > >
I think the only feasible strategy is to re-try connections with a lower SSL protocol version. Try SSLv3 first, if fails, try SSLv2, if fails, try SSLv1, if fails, give up and have a drink. Oleg > ________________________________ > From: Vasile Alin <[email protected]> > To: HttpClient User Discussion <[email protected]>; Ahmed Ashour > <[email protected]> > Sent: Tuesday, September 6, 2011 12:31 PM > Subject: Re: Some websites: SSLPeerUnverifiedException: peer not authenticated > > Enabling the SSL debug may help to find the root cause: > > for example: System.setProperty("javax.net.debug", "all"); > > On 6 September 2011 11:56, Ahmed Ashour <[email protected]> wrote: > > Dear all, > > > > I know this is a common question, but the below answer doesn't work for all > > the websites (e.g. https://tradingpartners.comcast.com/PortOut/) > > > > On trying to specify custom TrustMangaer, it works for many websites, but > > not all. > > > > The below code gives "javax.net.ssl.SSLPeerUnverifiedException: peer not > > authenticated" > > > > Appreciate your help. > > > > ------------------------------------------------- > > HttpClient client = new DefaultHttpClient(); > > final SSLContext sslContext = SSLContext.getInstance("SSL"); > > sslContext.init(null, new TrustManager[] {new > > X509TrustManager(){ > > > > public void checkClientTrusted(X509Certificate[] arg0, > > String arg1) throws CertificateException { > > } > > > > public void checkServerTrusted(X509Certificate[] arg0, > > String arg1) throws CertificateException { > > } > > > > public X509Certificate[] getAcceptedIssuers() { > > return new X509Certificate[0]; > > } > > > > }}, null); > > final SSLSocketFactory factory = new > > SSLSocketFactory(sslContext, new AllowAllHostnameVerifier()); > > final Scheme https = new Scheme("https", 443, factory); > > > > final SchemeRegistry schemeRegistry = > > client.getConnectionManager().getSchemeRegistry(); > > schemeRegistry.register(https); > > > > HttpGet get = new > > HttpGet("https://tradingpartners.comcast.com/PortOut/";); > > client.execute(get); > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
