AHC 1.9 throw handshake error at second time request

[ghost]

I found a SSL server that first time request is OK, but second time is handshake error when use AHC 1.9. However, AHC 1.8 has no error at any time.

I think some SSL config of the server will cause this problem. But the server is in private network, so I cannot share the URL. And sorry, I could not find websites that cause same problem.

This issue is similer to #828 (Is it solved ?)

• Example

  AsyncHttpClientConfig.Builder builder = new AsyncHttpClientConfig.Builder();
  builder.setAcceptAnyCertificate(true);
  // If set or not set, result is same.
  builder.setAllowPoolingConnections(false);
  builder.setAllowPoolingSslConnections(false);
  
  AsyncHttpClient client = new AsyncHttpClient(builder.build());
  
  // No problem for most servers.
  client.prepareGet("https://www.google.com/").execute().get();
  client.prepareGet("https://www.google.com/").execute().get();
  
  // 1.8.16 and 1.9.24 is OK.
  client.prepareGet("https://the-host-that-cause-problem-if-ahc-1.9/").execute().get();
  // TODO 1.8.16 is OK, but 1.9.24 cause exception below.
  client.prepareGet("https://the-host-that-cause-problem-if-ahc-1.9/").execute().get();

• Log (AHC 1.9.24)

  2015-05-21 10:29:55.607 DEBUG   [ I/O worker #10] --- c.n.h.c.p.n.r.NettyConnectListener       : Using non-cached Channel [id: 0x0dddfa66, /192.168.0.7:53712 => the-host-that-cause-problem-if-ahc-1.9/XXX.XXX.XXX.XXX:443] for GET '/'
  2015-05-21 10:29:55.691 DEBUG   [ I/O worker #10] --- c.n.h.c.p.netty.handler.HttpProtocol     : 
  
  Request DefaultHttpRequest(chunked: false)
  GET / HTTP/1.1
  Connection: close
  Host: the-host-that-cause-problem-if-ahc-1.9
  Accept: * / *
  User-Agent: AHC/1.0
  
  Response DefaultHttpResponse(chunked: false)
  HTTP/1.1 404 Not Found
  Date: Thu, 22 May 2015 01:29:54 GMT
  Content-Type: text/html;charset=UTF-8
  Content-Length: 49
  Cache-Control: no-cache,no-store
  Pragma: no-cache
  Expires: -1
  X-Frame-Options: SAMEORIGIN
  Connection: close
  
  2015-05-21 10:29:56.006 DEBUG   [ I/O worker #10] --- c.n.h.c.p.netty.channel.ChannelManager   : Closing Channel [id: 0x0dddfa66, /192.168.0.7:53712 => the-host-that-cause-problem-if-ahc-1.9/XXX.XXX.XXX.XXX:443] 
  2015-05-21 10:29:56.006 DEBUG   [ I/O worker #10] --- c.n.h.c.p.netty.handler.Processor        : Channel Closed: [id: 0x0dddfa66, /192.168.0.7:53712 :> the-host-that-cause-problem-if-ahc-1.9/XXX.XXX.XXX.XXX:443] with attribute INSTANCE
  2015-05-21 10:30:06.102 DEBUG   [ wheel timer #3] --- c.n.h.c.p.n.r.NettyConnectListener       : Trying to recover from failing to connect channel [id: 0xe9f118cf, /192.168.0.7:53713 => the-host-that-cause-problem-if-ahc-1.9/XXX.XXX.XXX.XXX:443] with a retry value of true 
  2015-05-21 10:30:06.104 DEBUG   [ wheel timer #3] --- c.n.h.c.p.n.r.NettyConnectListener       : Failed to recover from connect exception: javax.net.ssl.SSLException: Handshake did not complete within 10000ms with channel [id: 0xe9f118cf, /192.168.0.7:53713 => the-host-that-cause-problem-if-ahc-1.9/XXX.XXX.XXX.XXX:443]
  2015-05-21 10:30:06.105 DEBUG   [ wheel timer #3] --- c.n.h.client.AsyncCompletionHandlerBase  : Handshake did not complete within 10000ms
  
  java.net.ConnectException: Handshake did not complete within 10000ms
      at com.ning.http.client.providers.netty.request.NettyConnectListener.onFutureFailure(NettyConnectListener.java:131)
      at com.ning.http.client.providers.netty.request.NettyConnectListener.access$200(NettyConnectListener.java:37)
      at com.ning.http.client.providers.netty.request.NettyConnectListener$1.operationComplete(NettyConnectListener.java:104)
      at org.jboss.netty.channel.DefaultChannelFuture.notifyListener(DefaultChannelFuture.java:409)
      at org.jboss.netty.channel.DefaultChannelFuture.notifyListeners(DefaultChannelFuture.java:395)
      at org.jboss.netty.channel.DefaultChannelFuture.setFailure(DefaultChannelFuture.java:362)
      at org.jboss.netty.handler.ssl.SslHandler.setHandshakeFailure(SslHandler.java:1460)
      at org.jboss.netty.handler.ssl.SslHandler.access$200(SslHandler.java:180)
      at org.jboss.netty.handler.ssl.SslHandler$1.run(SslHandler.java:372)
      at org.jboss.netty.util.HashedWheelTimer$HashedWheelTimeout.expire(HashedWheelTimer.java:556)
      at org.jboss.netty.util.HashedWheelTimer$HashedWheelBucket.expireTimeouts(HashedWheelTimer.java:632)
      at org.jboss.netty.util.HashedWheelTimer$Worker.run(HashedWheelTimer.java:369)
      at org.jboss.netty.util.ThreadRenamingRunnable.run(ThreadRenamingRunnable.java:108)
      at java.lang.Thread.run(Thread.java:745)
  Caused by: javax.net.ssl.SSLException: Handshake did not complete within 10000ms
      ... 6 common frames omitted
  
  2015-05-21 10:30:06.105 DEBUG   [ I/O worker #11] --- c.n.h.c.p.netty.handler.Processor        : Channel Closed: [id: 0xe9f118cf, /192.168.0.7:53713 :> the-host-that-cause-problem-if-ahc-1.9/XXX.XXX.XXX.XXX:443] with attribute null

[slandelle]

The main difference regarding SSL between AHC 1.8 and 1.9 is that 1.9 used a custom very insecure implementation for dealing with certificate hostname validation, while 1.9 uses the standard Java way that was introduced in Java 7: http://docs.oracle.com/javase/7/docs/api/javax/net/ssl/SSLParameters.html#setEndpointIdentificationAlgorithm(java.lang.String)

Without a reproducer, there's nothing I can do.

[ghost]

Thank you for reply.

That's right. I'll find a reproducer or cause and post new issue.

Sorry for taking time.

[slandelle]

Sorry I can't do more, but AHC works fine for me, both for proper certificates, and self signed ones.

[slandelle]

Can't reproduce. Closing until user provides a reproducer.

[jagte]

I am having the same issue. I posted a response here: https://groups.google.com/forum/#!topic/gatling/QEMYnZsVI-k

[ghost]

I tried AHC 2.0-RC1, and handshake error did not appeared at second time request.

Thank you.

[slandelle]

Great. Thanks for your feedback.