java.net.SocketException

tip

It's possible you're trying to write to a connection that's already closed. Another cause for this is that you closed the socket with unread data in the socket receive buffer.


rafaelrafael
tip

This might be caused by unmatching versions of SSL. Java starts normally with SSLv2 and your server might not be able to negotiate. You have to force Java to use SSLv3. See this comment: https://goo.gl/hx0YB3


rafaelrafael

You have a different solution? A short tip here would help you and many other users who saw this issue last week.

  • GitHub comment 58#69433085
    via GitHub by MoltenDM
    ,
  • Bug reported at http://mail.openjdk.java.net/pipermail/security-dev/2016-February/013387.html ---------------------------------------------------------- Hi, while supporting an app development team, I'm facing a tough TLS issue - maybe you experts have an idea. They try to open an HTTPS connection to the server URL https://nfe-homologacao.sefazrs.rs.gov.br:443/ws/NfeAutorizacao/NFeAutorizacao.asmx. This is a Web Service of some Brazilian financial authority. So, what I'm basically doing is this: --code snippet-- URL url = new URL("https://nfe-homologacao.sefazrs.rs.gov.br:443/ws/NfeAutorizacao/NFeAutorizacao.asmx"); HttpsURLConnection con = (HttpsURLConnection)url.openConnection(); con.setHostnameVerifier(new DefaultHostnameVerifier()); // optional default is GET con.setRequestMethod("GET"); System.out.println("Sending 'GET' request to URL: " + url); int responseCode = con.getResponseCode(); System.out.println("Response Code: " + responseCode); --end code snippet- I expect it to return "403 - not authorized". The coding will work with JDK7. However, with JDK8, I get this type of exception: java.net.SocketException: Unrecognized Windows Sockets error: 0: recv failed at java.net.SocketInputStream.socketRead0(Native Method) at java.net.SocketInputStream.socketRead(SocketInputStream.java:116) at java.net.SocketInputStream.read(SocketInputStream.java:170) at java.net.SocketInputStream.read(SocketInputStream.java:141) at sun.security.ssl.InputRecord.readFully(InputRecord.java:465) at sun.security.ssl.InputRecord.read(InputRecord.java:503) at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:973) at sun.security.ssl.SSLSocketImpl.readDataRecord(SSLSocketImpl.java:930) at sun.security.ssl.AppInputStream.read(AppInputStream.java:105) at java.io.BufferedInputStream.fill(BufferedInputStream.java:246) at java.io.BufferedInputStream.read1(BufferedInputStream.java:286) at java.io.BufferedInputStream.read(BufferedInputStream.java:345) at sun.net.www.http.HttpClient.parseHTTPHeader(HttpClient.java:704) at sun.net.www.http.HttpClient.parseHTTP(HttpClient.java:647) at sun.net.www.http.HttpClient.parseHTTP(HttpClient.java:675) at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1536) at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1441) at java.net.HttpURLConnection.getResponseCode(HttpURLConnection.java:480) at sun.net.www.protocol.https.HttpsURLConnectionImpl.getResponseCode(HttpsURLConnectionImpl.java:338) ... I can get it to work in JDK8 by forcing it to TLSv1 only, e.g. by setting property -Djdk.tls.client.protocols=TLSv1. For JDK9 I even get a different exception: javax.net.ssl.SSLException: java.nio.BufferOverflowException at sun.security.ssl.Alerts.getSSLException(Alerts.java:214) at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1948) at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1900) at sun.security.ssl.SSLSocketImpl.handleException(SSLSocketImpl.java:1883) at sun.security.ssl.SSLSocketImpl.handleException(SSLSocketImpl.java:1809) at sun.security.ssl.AppInputStream.read(AppInputStream.java:173) at java.io.BufferedInputStream.fill(BufferedInputStream.java:246) at java.io.BufferedInputStream.read1(BufferedInputStream.java:286) at java.io.BufferedInputStream.read(BufferedInputStream.java:345) at sun.net.www.http.HttpClient.parseHTTPHeader(HttpClient.java:704) at sun.net.www.http.HttpClient.parseHTTP(HttpClient.java:647) at sun.net.www.http.HttpClient.parseHTTP(HttpClient.java:675) at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1534) at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1439) at java.net.HttpURLConnection.getResponseCode(HttpURLConnection.java:480) at sun.net.www.protocol.https.HttpsURLConnectionImpl.getResponseCode(HttpsURLConnectionImpl.java:319) at com.sap.cl.HttpsURLConnectionTest.sendGETRequest(HttpsURLConnectionTest.java:42) at com.sap.cl.HttpsURLConnectionTest.main(HttpsURLConnectionTest.java:63) Caused by: java.nio.BufferOverflowException at java.nio.HeapByteBuffer.put(HeapByteBuffer.java:206) at sun.security.ssl.SSLSocketInputRecord.decodeInputRecord(SSLSocketInputRecord.java:226) at sun.security.ssl.SSLSocketInputRecord.decode(SSLSocketInputRecord.java:178) at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1012) at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:957) at sun.security.ssl.AppInputStream.read(AppInputStream.java:159) ... 12 more I've debugged a lot today and tried to get something out of the javax.net.debug output but I didn't get any further with this - probably due to my lack of understanding the details of TLS communication and its implementation. I know the server is using some legacy protocol but still I think it should work. Maybe someone has any helpful idea? Is it a bug? You can simply try to run my test code snippet and should see the issue immediately... Thanks Christoph
    via by Xue-Lei Fan,
  • Bug reported at http://mail.openjdk.java.net/pipermail/security-dev/2016-February/013387.html ---------------------------------------------------------- Hi, while supporting an app development team, I'm facing a tough TLS issue - maybe you experts have an idea. They try to open an HTTPS connection to the server URL https://nfe-homologacao.sefazrs.rs.gov.br:443/ws/NfeAutorizacao/NFeAutorizacao.asmx. This is a Web Service of some Brazilian financial authority. So, what I'm basically doing is this: --code snippet-- URL url = new URL("https://nfe-homologacao.sefazrs.rs.gov.br:443/ws/NfeAutorizacao/NFeAutorizacao.asmx"); HttpsURLConnection con = (HttpsURLConnection)url.openConnection(); con.setHostnameVerifier(new DefaultHostnameVerifier()); // optional default is GET con.setRequestMethod("GET"); System.out.println("Sending 'GET' request to URL: " + url); int responseCode = con.getResponseCode(); System.out.println("Response Code: " + responseCode); --end code snippet- I expect it to return "403 - not authorized". The coding will work with JDK7. However, with JDK8, I get this type of exception: java.net.SocketException: Unrecognized Windows Sockets error: 0: recv failed at java.net.SocketInputStream.socketRead0(Native Method) at java.net.SocketInputStream.socketRead(SocketInputStream.java:116) at java.net.SocketInputStream.read(SocketInputStream.java:170) at java.net.SocketInputStream.read(SocketInputStream.java:141) at sun.security.ssl.InputRecord.readFully(InputRecord.java:465) at sun.security.ssl.InputRecord.read(InputRecord.java:503) at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:973) at sun.security.ssl.SSLSocketImpl.readDataRecord(SSLSocketImpl.java:930) at sun.security.ssl.AppInputStream.read(AppInputStream.java:105) at java.io.BufferedInputStream.fill(BufferedInputStream.java:246) at java.io.BufferedInputStream.read1(BufferedInputStream.java:286) at java.io.BufferedInputStream.read(BufferedInputStream.java:345) at sun.net.www.http.HttpClient.parseHTTPHeader(HttpClient.java:704) at sun.net.www.http.HttpClient.parseHTTP(HttpClient.java:647) at sun.net.www.http.HttpClient.parseHTTP(HttpClient.java:675) at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1536) at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1441) at java.net.HttpURLConnection.getResponseCode(HttpURLConnection.java:480) at sun.net.www.protocol.https.HttpsURLConnectionImpl.getResponseCode(HttpsURLConnectionImpl.java:338) ... I can get it to work in JDK8 by forcing it to TLSv1 only, e.g. by setting property -Djdk.tls.client.protocols=TLSv1. For JDK9 I even get a different exception: javax.net.ssl.SSLException: java.nio.BufferOverflowException at sun.security.ssl.Alerts.getSSLException(Alerts.java:214) at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1948) at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1900) at sun.security.ssl.SSLSocketImpl.handleException(SSLSocketImpl.java:1883) at sun.security.ssl.SSLSocketImpl.handleException(SSLSocketImpl.java:1809) at sun.security.ssl.AppInputStream.read(AppInputStream.java:173) at java.io.BufferedInputStream.fill(BufferedInputStream.java:246) at java.io.BufferedInputStream.read1(BufferedInputStream.java:286) at java.io.BufferedInputStream.read(BufferedInputStream.java:345) at sun.net.www.http.HttpClient.parseHTTPHeader(HttpClient.java:704) at sun.net.www.http.HttpClient.parseHTTP(HttpClient.java:647) at sun.net.www.http.HttpClient.parseHTTP(HttpClient.java:675) at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1534) at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1439) at java.net.HttpURLConnection.getResponseCode(HttpURLConnection.java:480) at sun.net.www.protocol.https.HttpsURLConnectionImpl.getResponseCode(HttpsURLConnectionImpl.java:319) at com.sap.cl.HttpsURLConnectionTest.sendGETRequest(HttpsURLConnectionTest.java:42) at com.sap.cl.HttpsURLConnectionTest.main(HttpsURLConnectionTest.java:63) Caused by: java.nio.BufferOverflowException at java.nio.HeapByteBuffer.put(HeapByteBuffer.java:206) at sun.security.ssl.SSLSocketInputRecord.decodeInputRecord(SSLSocketInputRecord.java:226) at sun.security.ssl.SSLSocketInputRecord.decode(SSLSocketInputRecord.java:178) at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1012) at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:957) at sun.security.ssl.AppInputStream.read(AppInputStream.java:159) ... 12 more I've debugged a lot today and tried to get something out of the javax.net.debug output but I didn't get any further with this - probably due to my lack of understanding the details of TLS communication and its implementation. I know the server is using some legacy protocol but still I think it should work. Maybe someone has any helpful idea? Is it a bug? You can simply try to run my test code snippet and should see the issue immediately... Thanks Christoph
    via by Xue-Lei Fan,
    • java.net.SocketException: Connection reset at java.net.SocketInputStream.read(SocketInputStream.java:209)[?:1.8.0_91] at java.net.SocketInputStream.read(SocketInputStream.java:141)[?:1.8.0_91] at sun.security.ssl.InputRecord.readFully(InputRecord.java:465)[?:1.8.0_91] at sun.security.ssl.InputRecord.read(InputRecord.java:503)[?:1.8.0_91] at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:973)[?:1.8.0_91] at sun.security.ssl.SSLSocketImpl.readDataRecord(SSLSocketImpl.java:930)[?:1.8.0_91] at sun.security.ssl.AppInputStream.read(AppInputStream.java:105)[?:1.8.0_91] at java.io.BufferedInputStream.fill(BufferedInputStream.java:246)[?:1.8.0_91] at java.io.BufferedInputStream.read1(BufferedInputStream.java:286)[?:1.8.0_91] at java.io.BufferedInputStream.read(BufferedInputStream.java:345)[?:1.8.0_91] at sun.net.www.http.HttpClient.parseHTTPHeader(HttpClient.java:704)[?:1.8.0_91] at sun.net.www.http.HttpClient.parseHTTP(HttpClient.java:647)[?:1.8.0_91] at sun.net.www.http.HttpClient.parseHTTP(HttpClient.java:675)[?:1.8.0_91] at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1536)[?:1.8.0_91] at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1441)[?:1.8.0_91] at java.net.HttpURLConnection.getResponseCode(HttpURLConnection.java:480)[?:1.8.0_91] at sun.net.www.protocol.https.HttpsURLConnectionImpl.getResponseCode(HttpsURLConnectionImpl.java:338)[?:1.8.0_91] at com.paypal.core.HttpConnection.execute(HttpConnection.java:77)[paypal-core-1.4.4.jar:?]

    Users with the same issue

    Unknown visitor
    Unknown visitor1 times, last one,
    Unknown visitor
    Unknown visitor1 times, last one,
    Unknown visitor
    Unknown visitor1 times, last one,
    Unknown visitor
    Unknown visitor1 times, last one,
    Unknown visitor
    Unknown visitor1 times, last one,
    263 more bugmates