New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
https handshakeFailure with CIO HttpClient #439
Comments
Related to this? #394 |
Actually I can't tell, if it is the same. Exception is different, and in the linked issue they are talking about a certificate problem, which it doesn't seem to be, because it doesn't even get to the TrustManager (i've tested) |
To give you a reproducible example:
Pay attention - other websites like "https://google.com" or "https://facebook.com" have no TLS Problem. They work fine and deliver a status 301 |
And if change the url to "https://www.elster.de" the exception is slightly different:
|
Hi, @henry1986. Thanks for the report. It look's like the problem that had been already fixed, and the fix will appear in next alpha release. Just to make sure, could you provide |
Unfortunately "https://elster.de" use Consider using |
Using Apache is not really an option, because we want to use websockets ;) Actually, elster.de was just an example, we use different websites and I have looked with chrome, what the cipher suite is:
Is this currently not supported, too? Or can I make a build with the master branch and use that? EDIT: I'm using the newest java, java 10:
|
Yep, cipher suite |
Fixed in |
The Ktor HTTP client throws a fatal TLSException HandshakeFailure when connecting to the repository. Curiously this doesn't occur in our staging environment, but can easily be reproduced locally. The issue seems to find root in the CIO Ktor client's cipher support suite as indicated by issues with the same error such as [1]. Supposedly this issue was resolved, but others such as [2] indicate the issue is still present despite it being closed upstream. Without useful error information from the stack trace, the best option seems to be switching to another well-supported client engine such as Apache5. As a bonus, Apache5 also has HTTP/2 enabled by default. [1]: ktorio/ktor#439 [2]: oliver-charlesworth/craft-watch#198
I want to implement a HttpClient, that connects via https for a websocket communication.
Currently only the CIO HttpClient supports websockets, but it seems to have an issue with https.
When using Apache HttpClient, a
client.call("ip")
works fine, but with CIO Client it throws
Same happens on client.wss(...)
Is there a difference between the implementation of the TLS Handshake of the Apache HttpClient and the CIO client? And if so, why? If I look in the code, TLS Handling seems to be independent of Apache Client and CIO Client, but maybe I have overseen something. I would appreciate some help.
The text was updated successfully, but these errors were encountered: