search

aws / aws-sdk-java-v2

The official AWS SDK for Java - Version 2
Apache License 2.0
2.16k stars 840 forks source link

Unable to execute HTTP request: Unrecognized SSL message, plaintext connection #5322

Open facuqubika opened 3 months ago

facuqubika commented 3 months ago

Describe the bug

I'm trying to set a proxy for the S3Client with the following code:

ProxyConfiguration.Builder apacheProxyConfiguration = ProxyConfiguration.builder();
apacheProxyConfiguration.useSystemPropertyValues(true);
String host = HTTPS + proxyUrl;
apacheProxyConfiguration.endpoint(URI.create(host + ":" + proxyPort));
S3Client.builder()
            .region(Region.of(US_EAST_1))
            .credentialsProvider(() -> basicCredentials)
            .httpClient(ApacheHttpClient
                    .builder()
                    .proxyConfiguration(apacheProxyConfiguration
                            .build())
                    .build())
            .build();

But when I try to execute a getObject using the proxy, I get the following error: Unable to execute HTTP request: Unrecognized SSL message, plaintext connection It looks like it's executing an HTTP request instead of a HTTPS request to the proxy so it gets rejected. What could be the reason behind this problem?

Expected Behavior

Use the proxy with HTTPS protocol

Current Behavior

Reaching proxy with HTTP protocol

Reproduction Steps

Code:

ProxyConfiguration.Builder apacheProxyConfiguration = ProxyConfiguration.builder();
apacheProxyConfiguration.useSystemPropertyValues(true);
String host = HTTPS + proxyUrl;
apacheProxyConfiguration.endpoint(URI.create(host + ":" + proxyPort));
S3Client.builder()
            .region(Region.of(US_EAST_1))
            .credentialsProvider(() -> basicCredentials)
            .httpClient(ApacheHttpClient
                    .builder()
                    .proxyConfiguration(apacheProxyConfiguration
                            .build())
                    .build())
            .build();

S3Client:

amazonS3.getObject(
              GetObjectRequest.builder().bucket(bucket).key(key).build()

Possible Solution

No response

Additional Information/Context

No response

AWS Java SDK version used

2.25.47

JDK version used

8

Operating System and version

Mac

debora-ito commented 3 months ago

It looks like it's executing an HTTP request instead of a HTTPS request to the proxy so it gets rejected.

Do you have the request logs or the SSL logs to confirm this? Also, I see you are enabling useSystemPropertyValues, which proxy attributes are you setting via system property?

facuqubika commented 3 months ago

Yes I have the logs

"software.amazon.awssdk.core.exception.SdkClientException: Unable to execute HTTP request: Unrecognized SSL message, plaintext connection?\n\tat software.amazon.awssdk.core.exception.SdkClientException$BuilderImpl.build(SdkClientException.java:111)\n\tat software.amazon.awssdk.core.exception.SdkClientException.create(SdkClientException.java:47)\n\tat software.amazon.awssdk.core.internal.http.pipeline.stages.utils.RetryableStageHelper.setLastException(RetryableStageHelper.java:223)\n\tat software.amazon.awssdk.core.internal.http.pipeline.stages.RetryableStage.execute(RetryableStage.java:83)\n\tat software.amazon.awssdk.core.internal.http.pipeline.stages.RetryableStage.execute(RetryableStage.java:36)\n\tat software.amazon.awssdk.core.internal.http.pipeline.RequestPipelineBuilder$ComposingRequestPipelineStage.execute(RequestPipelineBuilder.java:206)\n\tat software.amazon.awssdk.core.internal.http.StreamManagingStage.execute(StreamManagingStage.java:56)\n\tat software.amazon.awssdk.core.internal.http.StreamManagingStage.execute(StreamManagingStage.java:36)\n\tat software.amazon.awssdk.core.internal.http.pipeline.stages.ApiCallTimeoutTrackingStage.executeWithTimer(ApiCallTimeoutTrackingStage.java:80)\n\tat software.amazon.awssdk.core.internal.http.pipeline.stages.ApiCallTimeoutTrackingStage.execute(ApiCallTimeoutTrackingStage.java:60)\n\tat software.amazon.awssdk.core.internal.http.pipeline.stages.ApiCallTimeoutTrackingStage.execute(ApiCallTimeoutTrackingStage.java:42)\n\tat software.amazon.awssdk.core.internal.http.pipeline.stages.ApiCallMetricCollectionStage.execute(ApiCallMetricCollectionStage.java:50)\n\tat software.amazon.awssdk.core.internal.http.pipeline.stages.ApiCallMetricCollectionStage.execute(ApiCallMetricCollectionStage.java:32)\n\tat software.amazon.awssdk.core.internal.http.pipeline.RequestPipelineBuilder$ComposingRequestPipelineStage.execute(RequestPipelineBuilder.java:206)\n\tat software.amazon.awssdk.core.internal.http.pipeline.RequestPipelineBuilder$ComposingRequestPipelineStage.execute(RequestPipelineBuilder.java:206)\n\tat software.amazon.awssdk.core.internal.http.pipeline.stages.ExecutionFailureExceptionReportingStage.execute(ExecutionFailureExceptionReportingStage.java:37)\n\tat software.amazon.awssdk.core.internal.http.pipeline.stages.ExecutionFailureExceptionReportingStage.execute(ExecutionFailureExceptionReportingStage.java:26)\n\tat software.amazon.awssdk.core.internal.http.AmazonSyncHttpClient$RequestExecutionBuilderImpl.execute(AmazonSyncHttpClient.java:224)\n\tat software.amazon.awssdk.core.internal.handler.BaseSyncClientHandler.invoke(BaseSyncClientHandler.java:103)\n\tat software.amazon.awssdk.core.internal.handler.BaseSyncClientHandler.doExecute(BaseSyncClientHandler.java:173)\n\tat software.amazon.awssdk.core.internal.handler.BaseSyncClientHandler.lambda$execute$0(BaseSyncClientHandler.java:66)\n\tat software.amazon.awssdk.core.internal.handler.BaseSyncClientHandler.measureApiCallSuccess(BaseSyncClientHandler.java:182)\n\tat software.amazon.awssdk.core.internal.handler.BaseSyncClientHandler.execute(BaseSyncClientHandler.java:60)\n\tat software.amazon.awssdk.core.client.handler.SdkSyncClientHandler.execute(SdkSyncClientHandler.java:52)\n\tat software.amazon.awssdk.awscore.client.handler.AwsSyncClientHandler.execute(AwsSyncClientHandler.java:60)\n\tat software.amazon.awssdk.services.s3.DefaultS3Client.getObject(DefaultS3Client.java:5203)\n\tat software.amazon.awssdk.services.s3.S3Client.getObject(S3Client.java:9063)\n\tat

I have no system properties affecting the behaviour, did the same test with that property disabled and had the same error

debora-ito commented 3 months ago

Yeah unfortunately that stacktrace doesn't show specifically which endpoint the SDK tried to reach, I was hoping to catch this info in the logs. SSL handshake logs will also show this info.

A quick internet search also showed a StackOverflow answer saying that you might be trying to connect to a HTTP server, not HTTPS. Meaning, it can be the other way around.

facuqubika commented 3 months ago

This isn't a HTTP connect problem because I was able to connect to the proxy with the V1 AWS SDK. When updating to AWS V2 I get this error so the proxy is correctly configured

facuqubika commented 3 months ago

This is how we did it with the V1 SDK and it worked

config.setProtocol(Protocol.HTTPS);
config.setProxyHost(proxyUrl);
config.setProxyPort(Integer.valueOf(proxyPort));
facuqubika commented 2 months ago

@debora-ito is there anything that we can do?