Unrecognized SSL message, plaintext connection? Exception

I have a java complied package to speak with the https server on net. Running the compilation gives the following exception:

javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection?
    at com.sun.net.ssl.internal.ssl.InputRecord.handleUnknownRecord(Unknown Source)
at com.sun.net.ssl.internal.ssl.InputRecord.read(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(Unknown Source)

I think this is due to the connection established with the client machine is not secure. Is there any way to configure the local machine or ports in order to connect to the remote https server?

> I think this is due to the connection > established with the client machine is > not secure.

It is due to the fact that you are talking to an HTTP server, not an HTTPS server. Probably you didn't use the correct port number for HTTPS.

javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection?

You should have a local SMTP domain name that will contact the mail server and establishes a new connection as well you should change the SSL property in your programming below

javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection

 props.put("mail.smtp.socketFactory.fallback", "true"); // Should be true

I got the same error message when I forgot to log in to the company firewall, before performing a POST request through a proxy.

I got the same error. it was because I was accessing the https port using http.. The issue solved when I changed http to https.

Adding this as an answer as it might help someone later.

I had to force jvm to use the IPv4 stack to resolve the error. My application used to work within company network, but while connecting from home it gave the same exception. No proxy involved. Added the jvm argument -Djava.net.preferIPv4Stack=true and all the https requests were behaving normally.

I face the same issue from Java application built in Jdevelopr 11.1.1.7 IDE. I solved the issue by unchecking the use of proxy form Project properties.

You can find it in the following: Project Properties -> (from left panle )Run/Debug/Profile ->Click (edit) form the right panel -> Tool Setting from the left panel -> uncheck (Use Proxy) option.

i solved my problem using port 25 and Following prop

mailSender.javaMailProperties.putAll([                "mail.smtp.auth": "true",                "mail.smtp.starttls.enable": "false",                "mail.smtp.ssl.enable": "false",                "mail.smtp.socketFactory.fallback": "true",        ]);

If you are running local using spring i'd suggest use:

@Bean
public AmazonDynamoDB amazonDynamoDB() throws IOException {
    return AmazonDynamoDBClientBuilder.standard()
            .withCredentials(
                    new AWSStaticCredentialsProvider(
                            new BasicAWSCredentials("fake", "credencial")
                    )
            )
            .withClientConfiguration(new ClientConfigurationFactory().getConfig().withProtocol(Protocol.HTTP))
            .withEndpointConfiguration(new AwsClientBuilder.EndpointConfiguration("localhost:8443", "central"))
            .build();
}

It works for me using unit test.

Hope it's help!

As EJP said, it's a message shown because of a call to a non-https protocol. If you are sure it is HTTPS, check your bypass proxy settings, and in case add your webservice host url to the bypass proxy list

It worked for me now, I have change the setting of my google account as below:

        System.out.println("Start");
  		final String username = "[email protected]";
		final String password = "************";

		Properties props = new Properties();
		props.put("mail.smtp.auth", "true");
		props.put("mail.smtp.host", "smtp.gmail.com");
		props.put("mail.smtp.port", "465");
		props.put("mail.transport.protocol", "smtp");
		props.put("mail.smtp.starttls.enable", "true");
		props.put("mail.smtp.starttls.enable", "true");
		props.put("mail.smtp.socketFactory.class", "javax.net.ssl.SSLSocketFactory");

		 Session session = Session.getInstance(props,
	              new javax.mail.Authenticator() {
	                protected PasswordAuthentication getPasswordAuthentication() {
	                    return new PasswordAuthentication(username, password);
	                }
	              });
        
      
        try {
        	Transport transport=session.getTransport();
            Message message = new MimeMessage(session);
            message.setFrom(new InternetAddress("[email protected]"));//formBean.getString("fromEmail")
            message.setRecipients(Message.RecipientType.TO,InternetAddress.parse("[email protected]"));
            message.setSubject("subject");//formBean.getString(
            message.setText("mailBody");
            transport.connect();
            transport.send(message, InternetAddress.parse("[email protected]"));//(message);

            System.out.println("Done");

        } catch (MessagingException e) {
            System.out.println("e="+e);
            e.printStackTrace();
        	throw new RuntimeException(e);
            
        }

Though I have enabled SSL and TSL while running program in this link of same post. I spend a lot of time but than I realized and found this link. And done 2 following steps and setting control in google. :

• Disable the 2-step verification (password and OTP)

• Enabling to allow to access less secure app(Allow less secure apps: ON.)

Now I am able to send mail using above program.

if connection is FTPS test:

FTPSClient ftpClient = new FTPSClient(protocol, false);

protocol = TLS,SSL and false = isImplicit.

In case you are running

• Cisco AnyConnect Secure Mobility Agent
• Cisco AnyConnect Web Security Agent

try stopping the service(s).

Not sure why I got a down vote for this answer. In our corporate network this IS the solution to the issue.

I got the same issue and it got resolved by setting "proxyUser" and "proxyPassword" in system properties.

System.setProperty("http.proxyUser", PROXY_USER);
System.setProperty("http.proxyPassword", PROXY_PASSWORD);

along with "proxyHost" and "proxyPort"

System.setProperty("http.proxyHost", PROXY_ADDRESS);
System.setProperty("http.proxyPort", PROXY_PORT);

Hope it will work.

I was facing this exception when using Gmail.

In order to use Gmail I had to turn ON "Allow less secure apps".

This Gmail setting can be found at https://www.google.com/settings/security/lesssecureapps after login the gmail account.

I've got similar error using camel-mail component to send e-mails by gmail smtp.

The solution was changing from TLS port (587) to SSL port (465) as below:

<route id="sendMail">
  <from uri="jason:toEmail"/>
  <convertBodyTo type="java.lang.String"/>
  <setHeader headerName="Subject"><constant>Something</constant></setHeader>
  <to uri="smtps://smtp.gmail.com:[email protected]&amp;password=mypw&amp;[email protected]&amp;debugMode=true&amp;mail.smtp.starttls.enable=true"/>
</route>

If you're running the Java process from the command line on Java 6 or earlier, adding this switch solved the issue above for me:

-Dhttps.protocols="TLSv1"

HERE A VERY IMPORTANT ANSWER:

You just change your API URL String (in your method) from https to http.. This could also be the cause:

client.resource("http://192.168.0.100:8023/jaxrs/tester/tester");

instead of

client.resource("https://192.168.0.100:8023/jaxrs/tester/tester");

Maybe your default cerficate has expired. to renew it through admin console go "Security >SSL certificate and key management > Key stores and certificates > NodeDefaultKeyStore > Personal certificates" select the "default" alias and click on "renew" after then restart WAS.

Another reason is maybe "access denided", maybe you can't access to the URI and received blocking response page for internal network access. If you are not sure your application zone need firewall rule, you try to connect from terminal,command line. For GNU/Linux or Unix, you can try run like this command and see result is coming from blocking rule or really remote address: echo | nc -v yazilimcity.net 443