aws-sdk-java-v2 icon indicating copy to clipboard operation
aws-sdk-java-v2 copied to clipboard
verified publisher icon aws

Unable to execute HTTP request: Unrecognized SSL message, plaintext connection

Open facuqubika opened this issue 1 year ago • 5 comments

Describe the bug

I'm trying to set a proxy for the S3Client with the following code:

ProxyConfiguration.Builder apacheProxyConfiguration = ProxyConfiguration.builder();
apacheProxyConfiguration.useSystemPropertyValues(true);
String host = HTTPS + proxyUrl;
apacheProxyConfiguration.endpoint(URI.create(host + ":" + proxyPort));
S3Client.builder()
            .region(Region.of(US_EAST_1))
            .credentialsProvider(() -> basicCredentials)
            .httpClient(ApacheHttpClient
                    .builder()
                    .proxyConfiguration(apacheProxyConfiguration
                            .build())
                    .build())
            .build();

But when I try to execute a getObject using the proxy, I get the following error: Unable to execute HTTP request: Unrecognized SSL message, plaintext connection It looks like it's executing an HTTP request instead of a HTTPS request to the proxy so it gets rejected. What could be the reason behind this problem?

Expected Behavior

Use the proxy with HTTPS protocol

Current Behavior

Reaching proxy with HTTP protocol

Reproduction Steps

Code:

ProxyConfiguration.Builder apacheProxyConfiguration = ProxyConfiguration.builder();
apacheProxyConfiguration.useSystemPropertyValues(true);
String host = HTTPS + proxyUrl;
apacheProxyConfiguration.endpoint(URI.create(host + ":" + proxyPort));
S3Client.builder()
            .region(Region.of(US_EAST_1))
            .credentialsProvider(() -> basicCredentials)
            .httpClient(ApacheHttpClient
                    .builder()
                    .proxyConfiguration(apacheProxyConfiguration
                            .build())
                    .build())
            .build();

S3Client:

amazonS3.getObject(
              GetObjectRequest.builder().bucket(bucket).key(key).build()

Possible Solution

No response

Additional Information/Context

No response

AWS Java SDK version used

2.25.47

JDK version used

8

Operating System and version

Mac

facuqubika avatar Jun 21 '24 17:06 facuqubika

It looks like it's executing an HTTP request instead of a HTTPS request to the proxy so it gets rejected.

Do you have the request logs or the SSL logs to confirm this? Also, I see you are enabling useSystemPropertyValues, which proxy attributes are you setting via system property?

debora-ito avatar Jun 24 '24 18:06 debora-ito

Yes I have the logs

"software.amazon.awssdk.core.exception.SdkClientException: Unable to execute HTTP request: Unrecognized SSL message, plaintext connection?\n\tat software.amazon.awssdk.core.exception.SdkClientException$BuilderImpl.build(SdkClientException.java:111)\n\tat software.amazon.awssdk.core.exception.SdkClientException.create(SdkClientException.java:47)\n\tat software.amazon.awssdk.core.internal.http.pipeline.stages.utils.RetryableStageHelper.setLastException(RetryableStageHelper.java:223)\n\tat software.amazon.awssdk.core.internal.http.pipeline.stages.RetryableStage.execute(RetryableStage.java:83)\n\tat software.amazon.awssdk.core.internal.http.pipeline.stages.RetryableStage.execute(RetryableStage.java:36)\n\tat software.amazon.awssdk.core.internal.http.pipeline.RequestPipelineBuilder$ComposingRequestPipelineStage.execute(RequestPipelineBuilder.java:206)\n\tat software.amazon.awssdk.core.internal.http.StreamManagingStage.execute(StreamManagingStage.java:56)\n\tat software.amazon.awssdk.core.internal.http.StreamManagingStage.execute(StreamManagingStage.java:36)\n\tat software.amazon.awssdk.core.internal.http.pipeline.stages.ApiCallTimeoutTrackingStage.executeWithTimer(ApiCallTimeoutTrackingStage.java:80)\n\tat software.amazon.awssdk.core.internal.http.pipeline.stages.ApiCallTimeoutTrackingStage.execute(ApiCallTimeoutTrackingStage.java:60)\n\tat software.amazon.awssdk.core.internal.http.pipeline.stages.ApiCallTimeoutTrackingStage.execute(ApiCallTimeoutTrackingStage.java:42)\n\tat software.amazon.awssdk.core.internal.http.pipeline.stages.ApiCallMetricCollectionStage.execute(ApiCallMetricCollectionStage.java:50)\n\tat software.amazon.awssdk.core.internal.http.pipeline.stages.ApiCallMetricCollectionStage.execute(ApiCallMetricCollectionStage.java:32)\n\tat software.amazon.awssdk.core.internal.http.pipeline.RequestPipelineBuilder$ComposingRequestPipelineStage.execute(RequestPipelineBuilder.java:206)\n\tat software.amazon.awssdk.core.internal.http.pipeline.RequestPipelineBuilder$ComposingRequestPipelineStage.execute(RequestPipelineBuilder.java:206)\n\tat software.amazon.awssdk.core.internal.http.pipeline.stages.ExecutionFailureExceptionReportingStage.execute(ExecutionFailureExceptionReportingStage.java:37)\n\tat software.amazon.awssdk.core.internal.http.pipeline.stages.ExecutionFailureExceptionReportingStage.execute(ExecutionFailureExceptionReportingStage.java:26)\n\tat software.amazon.awssdk.core.internal.http.AmazonSyncHttpClient$RequestExecutionBuilderImpl.execute(AmazonSyncHttpClient.java:224)\n\tat software.amazon.awssdk.core.internal.handler.BaseSyncClientHandler.invoke(BaseSyncClientHandler.java:103)\n\tat software.amazon.awssdk.core.internal.handler.BaseSyncClientHandler.doExecute(BaseSyncClientHandler.java:173)\n\tat software.amazon.awssdk.core.internal.handler.BaseSyncClientHandler.lambda$execute$0(BaseSyncClientHandler.java:66)\n\tat software.amazon.awssdk.core.internal.handler.BaseSyncClientHandler.measureApiCallSuccess(BaseSyncClientHandler.java:182)\n\tat software.amazon.awssdk.core.internal.handler.BaseSyncClientHandler.execute(BaseSyncClientHandler.java:60)\n\tat software.amazon.awssdk.core.client.handler.SdkSyncClientHandler.execute(SdkSyncClientHandler.java:52)\n\tat software.amazon.awssdk.awscore.client.handler.AwsSyncClientHandler.execute(AwsSyncClientHandler.java:60)\n\tat software.amazon.awssdk.services.s3.DefaultS3Client.getObject(DefaultS3Client.java:5203)\n\tat software.amazon.awssdk.services.s3.S3Client.getObject(S3Client.java:9063)\n\tat

I have no system properties affecting the behaviour, did the same test with that property disabled and had the same error

facuqubika avatar Jun 24 '24 18:06 facuqubika

Yeah unfortunately that stacktrace doesn't show specifically which endpoint the SDK tried to reach, I was hoping to catch this info in the logs. SSL handshake logs will also show this info.

A quick internet search also showed a StackOverflow answer saying that you might be trying to connect to a HTTP server, not HTTPS. Meaning, it can be the other way around.

debora-ito avatar Jun 24 '24 23:06 debora-ito

This isn't a HTTP connect problem because I was able to connect to the proxy with the V1 AWS SDK. When updating to AWS V2 I get this error so the proxy is correctly configured

facuqubika avatar Jun 25 '24 14:06 facuqubika

This is how we did it with the V1 SDK and it worked

config.setProtocol(Protocol.HTTPS);
config.setProxyHost(proxyUrl);
config.setProxyPort(Integer.valueOf(proxyPort));

facuqubika avatar Jun 25 '24 14:06 facuqubika

@debora-ito is there anything that we can do?

facuqubika avatar Jul 08 '24 14:07 facuqubika