Why does an SSL Server Socket connection block in Java whereas a non SSL Server Socket does not?











up vote
0
down vote

favorite












Consider the following code for a non-SSL Socket server and client all on the one thread:



import java.io.DataInputStream;

import java.io.IOException;

import java.io.OutputStream;

import java.net.ServerSocket;

import java.net.Socket;



public class ServerClient {

    public static void main(String args) throws IOException {

        ServerSocket ss = new ServerSocket(0); // open a random free port.



        Socket c = new Socket(ss.getInetAddress(), ss.getLocalPort());



        Socket s = ss.accept();



        final byte bytes = "Hello World!".getBytes();

        final OutputStream out = c.getOutputStream();

        System.out.println("writing to stream");

        out.write(bytes.length);

        out.write(bytes);



        System.out.println("reading from stream");



        final DataInputStream in = new DataInputStream(s.getInputStream());

        int len = in.read();

        final byte b = new byte[len];

        in.readFully(b);

        System.out.println(new String(b));



        c.close();

        ss.close();

    }

}


This produces the following output:



writing to stream

reading from stream

Hello World!


This process opened a server socket - connected with a client socket. Passed data down the socket and then closed down. There was no issue passing the data.



Consider a version to a prove a point with SSL Sockets:



import javax.net.ssl.SSLServerSocket;

import javax.net.ssl.SSLServerSocketFactory;

import javax.net.ssl.SSLSocket;

import javax.net.ssl.SSLSocketFactory;

import java.io.DataInputStream;

import java.io.IOException;

import java.io.OutputStream;

import java.net.Socket;

import java.util.logging.Logger;



public class SSLServerClient {



    private static Logger log = Logger.getLogger("InfoLogging");



    public static void main(String args) throws IOException {



        System.setProperty("javax.net.ssl.keyStore", "/path/KeyStore.jks");

        System.setProperty("javax.net.ssl.keyStorePassword", "password");



        SSLServerSocketFactory sslserversocketfactory = (SSLServerSocketFactory) SSLServerSocketFactory.getDefault();



        SSLServerSocket serverListeningSSLSocket = (SSLServerSocket) sslserversocketfactory.createServerSocket(4380);

        log.info("Server started");



        SSLSocketFactory sslSocketFactory=(SSLSocketFactory) SSLSocketFactory.getDefault();

        SSLSocket clientSocket =  (SSLSocket) sslSocketFactory.createSocket(serverListeningSSLSocket.getInetAddress(),

                serverListeningSSLSocket.getLocalPort());



        SSLSocket serverCommsSSLSocket = (SSLSocket) serverListeningSSLSocket.accept();

        log.info("new client");



        final byte bytes = "Hello World!".getBytes();

        final OutputStream out = clientSocket.getOutputStream();

        System.out.println("writing to stream");

        out.write(bytes.length);

        out.write(bytes);



        System.out.println("reading from stream");



        final DataInputStream in = new DataInputStream(serverCommsSSLSocket.getInputStream());

        int len = in.read();

        final byte b = new byte[len];

        in.readFully(b);

        System.out.println(new String(b));



        clientSocket.close();

        serverCommsSSLSocket.close();

        serverListeningSSLSocket.close();

    }

}


This gives the following output:



Nov 21, 2018 10:23:51 PM com.gamble.ssl.SSLServerClient main INFO: Server started

Nov 21, 2018 10:23:52 PM com.gamble.ssl.SSLServerClient main INFO: new client

writing to stream


ie it blocks on the server socket starting.



My question is: Why does an SSL Server Socket connection block in Java whereas a non SSL Server Socket does not?






java sockets ssl sslsocketfactory







share|improve this question




























    up vote
    0
    down vote

    favorite












    Consider the following code for a non-SSL Socket server and client all on the one thread:



    import java.io.DataInputStream;
    
import java.io.IOException;
    
import java.io.OutputStream;
    
import java.net.ServerSocket;
    
import java.net.Socket;
    

    
public class ServerClient {
    
    public static void main(String args) throws IOException {
    
        ServerSocket ss = new ServerSocket(0); // open a random free port.
    

    
        Socket c = new Socket(ss.getInetAddress(), ss.getLocalPort());
    

    
        Socket s = ss.accept();
    

    
        final byte bytes = "Hello World!".getBytes();
    
        final OutputStream out = c.getOutputStream();
    
        System.out.println("writing to stream");
    
        out.write(bytes.length);
    
        out.write(bytes);
    

    
        System.out.println("reading from stream");
    

    
        final DataInputStream in = new DataInputStream(s.getInputStream());
    
        int len = in.read();
    
        final byte b = new byte[len];
    
        in.readFully(b);
    
        System.out.println(new String(b));
    

    
        c.close();
    
        ss.close();
    
    }
    
}


    This produces the following output:



    writing to stream
    
reading from stream
    
Hello World!


    This process opened a server socket - connected with a client socket. Passed data down the socket and then closed down. There was no issue passing the data.



    Consider a version to a prove a point with SSL Sockets:



    import javax.net.ssl.SSLServerSocket;
    
import javax.net.ssl.SSLServerSocketFactory;
    
import javax.net.ssl.SSLSocket;
    
import javax.net.ssl.SSLSocketFactory;
    
import java.io.DataInputStream;
    
import java.io.IOException;
    
import java.io.OutputStream;
    
import java.net.Socket;
    
import java.util.logging.Logger;
    

    
public class SSLServerClient {
    

    
    private static Logger log = Logger.getLogger("InfoLogging");
    

    
    public static void main(String args) throws IOException {
    

    
        System.setProperty("javax.net.ssl.keyStore", "/path/KeyStore.jks");
    
        System.setProperty("javax.net.ssl.keyStorePassword", "password");
    

    
        SSLServerSocketFactory sslserversocketfactory = (SSLServerSocketFactory) SSLServerSocketFactory.getDefault();
    

    
        SSLServerSocket serverListeningSSLSocket = (SSLServerSocket) sslserversocketfactory.createServerSocket(4380);
    
        log.info("Server started");
    

    
        SSLSocketFactory sslSocketFactory=(SSLSocketFactory) SSLSocketFactory.getDefault();
    
        SSLSocket clientSocket =  (SSLSocket) sslSocketFactory.createSocket(serverListeningSSLSocket.getInetAddress(),
    
                serverListeningSSLSocket.getLocalPort());
    

    
        SSLSocket serverCommsSSLSocket = (SSLSocket) serverListeningSSLSocket.accept();
    
        log.info("new client");
    

    
        final byte bytes = "Hello World!".getBytes();
    
        final OutputStream out = clientSocket.getOutputStream();
    
        System.out.println("writing to stream");
    
        out.write(bytes.length);
    
        out.write(bytes);
    

    
        System.out.println("reading from stream");
    

    
        final DataInputStream in = new DataInputStream(serverCommsSSLSocket.getInputStream());
    
        int len = in.read();
    
        final byte b = new byte[len];
    
        in.readFully(b);
    
        System.out.println(new String(b));
    

    
        clientSocket.close();
    
        serverCommsSSLSocket.close();
    
        serverListeningSSLSocket.close();
    
    }
    
}


    This gives the following output:



    Nov 21, 2018 10:23:51 PM com.gamble.ssl.SSLServerClient main INFO: Server started
    
Nov 21, 2018 10:23:52 PM com.gamble.ssl.SSLServerClient main INFO: new client
    
writing to stream


    ie it blocks on the server socket starting.



    My question is: Why does an SSL Server Socket connection block in Java whereas a non SSL Server Socket does not?






    java sockets ssl sslsocketfactory







    share|improve this question


























      up vote
      0
      down vote

      favorite









      up vote
      0
      down vote

      favorite











      Consider the following code for a non-SSL Socket server and client all on the one thread:



      import java.io.DataInputStream;
      
import java.io.IOException;
      
import java.io.OutputStream;
      
import java.net.ServerSocket;
      
import java.net.Socket;
      

      
public class ServerClient {
      
    public static void main(String args) throws IOException {
      
        ServerSocket ss = new ServerSocket(0); // open a random free port.
      

      
        Socket c = new Socket(ss.getInetAddress(), ss.getLocalPort());
      

      
        Socket s = ss.accept();
      

      
        final byte bytes = "Hello World!".getBytes();
      
        final OutputStream out = c.getOutputStream();
      
        System.out.println("writing to stream");
      
        out.write(bytes.length);
      
        out.write(bytes);
      

      
        System.out.println("reading from stream");
      

      
        final DataInputStream in = new DataInputStream(s.getInputStream());
      
        int len = in.read();
      
        final byte b = new byte[len];
      
        in.readFully(b);
      
        System.out.println(new String(b));
      

      
        c.close();
      
        ss.close();
      
    }
      
}


      This produces the following output:



      writing to stream
      
reading from stream
      
Hello World!


      This process opened a server socket - connected with a client socket. Passed data down the socket and then closed down. There was no issue passing the data.



      Consider a version to a prove a point with SSL Sockets:



      import javax.net.ssl.SSLServerSocket;
      
import javax.net.ssl.SSLServerSocketFactory;
      
import javax.net.ssl.SSLSocket;
      
import javax.net.ssl.SSLSocketFactory;
      
import java.io.DataInputStream;
      
import java.io.IOException;
      
import java.io.OutputStream;
      
import java.net.Socket;
      
import java.util.logging.Logger;
      

      
public class SSLServerClient {
      

      
    private static Logger log = Logger.getLogger("InfoLogging");
      

      
    public static void main(String args) throws IOException {
      

      
        System.setProperty("javax.net.ssl.keyStore", "/path/KeyStore.jks");
      
        System.setProperty("javax.net.ssl.keyStorePassword", "password");
      

      
        SSLServerSocketFactory sslserversocketfactory = (SSLServerSocketFactory) SSLServerSocketFactory.getDefault();
      

      
        SSLServerSocket serverListeningSSLSocket = (SSLServerSocket) sslserversocketfactory.createServerSocket(4380);
      
        log.info("Server started");
      

      
        SSLSocketFactory sslSocketFactory=(SSLSocketFactory) SSLSocketFactory.getDefault();
      
        SSLSocket clientSocket =  (SSLSocket) sslSocketFactory.createSocket(serverListeningSSLSocket.getInetAddress(),
      
                serverListeningSSLSocket.getLocalPort());
      

      
        SSLSocket serverCommsSSLSocket = (SSLSocket) serverListeningSSLSocket.accept();
      
        log.info("new client");
      

      
        final byte bytes = "Hello World!".getBytes();
      
        final OutputStream out = clientSocket.getOutputStream();
      
        System.out.println("writing to stream");
      
        out.write(bytes.length);
      
        out.write(bytes);
      

      
        System.out.println("reading from stream");
      

      
        final DataInputStream in = new DataInputStream(serverCommsSSLSocket.getInputStream());
      
        int len = in.read();
      
        final byte b = new byte[len];
      
        in.readFully(b);
      
        System.out.println(new String(b));
      

      
        clientSocket.close();
      
        serverCommsSSLSocket.close();
      
        serverListeningSSLSocket.close();
      
    }
      
}


      This gives the following output:



      Nov 21, 2018 10:23:51 PM com.gamble.ssl.SSLServerClient main INFO: Server started
      
Nov 21, 2018 10:23:52 PM com.gamble.ssl.SSLServerClient main INFO: new client
      
writing to stream


      ie it blocks on the server socket starting.



      My question is: Why does an SSL Server Socket connection block in Java whereas a non SSL Server Socket does not?






      java sockets ssl sslsocketfactory







      share|improve this question















      Consider the following code for a non-SSL Socket server and client all on the one thread:



      import java.io.DataInputStream;
      
import java.io.IOException;
      
import java.io.OutputStream;
      
import java.net.ServerSocket;
      
import java.net.Socket;
      

      
public class ServerClient {
      
    public static void main(String args) throws IOException {
      
        ServerSocket ss = new ServerSocket(0); // open a random free port.
      

      
        Socket c = new Socket(ss.getInetAddress(), ss.getLocalPort());
      

      
        Socket s = ss.accept();
      

      
        final byte bytes = "Hello World!".getBytes();
      
        final OutputStream out = c.getOutputStream();
      
        System.out.println("writing to stream");
      
        out.write(bytes.length);
      
        out.write(bytes);
      

      
        System.out.println("reading from stream");
      

      
        final DataInputStream in = new DataInputStream(s.getInputStream());
      
        int len = in.read();
      
        final byte b = new byte[len];
      
        in.readFully(b);
      
        System.out.println(new String(b));
      

      
        c.close();
      
        ss.close();
      
    }
      
}


      This produces the following output:



      writing to stream
      
reading from stream
      
Hello World!


      This process opened a server socket - connected with a client socket. Passed data down the socket and then closed down. There was no issue passing the data.



      Consider a version to a prove a point with SSL Sockets:



      import javax.net.ssl.SSLServerSocket;
      
import javax.net.ssl.SSLServerSocketFactory;
      
import javax.net.ssl.SSLSocket;
      
import javax.net.ssl.SSLSocketFactory;
      
import java.io.DataInputStream;
      
import java.io.IOException;
      
import java.io.OutputStream;
      
import java.net.Socket;
      
import java.util.logging.Logger;
      

      
public class SSLServerClient {
      

      
    private static Logger log = Logger.getLogger("InfoLogging");
      

      
    public static void main(String args) throws IOException {
      

      
        System.setProperty("javax.net.ssl.keyStore", "/path/KeyStore.jks");
      
        System.setProperty("javax.net.ssl.keyStorePassword", "password");
      

      
        SSLServerSocketFactory sslserversocketfactory = (SSLServerSocketFactory) SSLServerSocketFactory.getDefault();
      

      
        SSLServerSocket serverListeningSSLSocket = (SSLServerSocket) sslserversocketfactory.createServerSocket(4380);
      
        log.info("Server started");
      

      
        SSLSocketFactory sslSocketFactory=(SSLSocketFactory) SSLSocketFactory.getDefault();
      
        SSLSocket clientSocket =  (SSLSocket) sslSocketFactory.createSocket(serverListeningSSLSocket.getInetAddress(),
      
                serverListeningSSLSocket.getLocalPort());
      

      
        SSLSocket serverCommsSSLSocket = (SSLSocket) serverListeningSSLSocket.accept();
      
        log.info("new client");
      

      
        final byte bytes = "Hello World!".getBytes();
      
        final OutputStream out = clientSocket.getOutputStream();
      
        System.out.println("writing to stream");
      
        out.write(bytes.length);
      
        out.write(bytes);
      

      
        System.out.println("reading from stream");
      

      
        final DataInputStream in = new DataInputStream(serverCommsSSLSocket.getInputStream());
      
        int len = in.read();
      
        final byte b = new byte[len];
      
        in.readFully(b);
      
        System.out.println(new String(b));
      

      
        clientSocket.close();
      
        serverCommsSSLSocket.close();
      
        serverListeningSSLSocket.close();
      
    }
      
}


      This gives the following output:



      Nov 21, 2018 10:23:51 PM com.gamble.ssl.SSLServerClient main INFO: Server started
      
Nov 21, 2018 10:23:52 PM com.gamble.ssl.SSLServerClient main INFO: new client
      
writing to stream


      ie it blocks on the server socket starting.



      My question is: Why does an SSL Server Socket connection block in Java whereas a non SSL Server Socket does not?






      java sockets ssl sslsocketfactory




      java sockets ssl sslsocketfactory






      share|improve this question















      share|improve this question













      share|improve this question




      share|improve this question








      edited 2 hours ago

























      asked 2 days ago









      hawkeye

      14.3k1798214




      14.3k1798214
























          1 Answer
          1






          active

          oldest

          votes

















          up vote
          0
          down vote













          What does "flip to plaintext?" mean?



          Here's what you are doing:




          • Creating an SSL server socket

          • Creating a normal socket connected to the SSL server socket

          • Sending some data from the client side

          • Reading some data on the server side


          Now, the SSL socket expects encrypted data transfer. But the data you are not sending is not encrypted, so it's not valid SSL and it throws an exception - as it says, "Unrecognized SSL message" because you are not sending a valid SSL message, and "plaintext connection?" is a hint about what might be wrong.



          You have to use SSL on both sides of the connection, or they can't talk to each other properly.






          share|improve this answer





















          • Thanks for this comment - it is super helpful. I've updated the question.
            – hawkeye
            2 hours ago











          Your Answer






          StackExchange.ifUsing("editor", function () {
          StackExchange.using("externalEditor", function () {
          StackExchange.using("snippets", function () {
          StackExchange.snippets.init();
          });
          });
          }, "code-snippets");

          StackExchange.ready(function() {
          var channelOptions = {
          tags: "".split(" "),
          id: "1"
          };
          initTagRenderer("".split(" "), "".split(" "), channelOptions);

          StackExchange.using("externalEditor", function() {
          // Have to fire editor after snippets, if snippets enabled
          if (StackExchange.settings.snippets.snippetsEnabled) {
          StackExchange.using("snippets", function() {
          createEditor();
          });
          }
          else {
          createEditor();
          }
          });

          function createEditor() {
          StackExchange.prepareEditor({
          heartbeatType: 'answer',
          convertImagesToLinks: true,
          noModals: true,
          showLowRepImageUploadWarning: true,
          reputationToPostImages: 10,
          bindNavPrevention: true,
          postfix: "",
          imageUploader: {
          brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
          contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
          allowUrls: true
          },
          onDemand: true,
          discardSelector: ".discard-answer"
          ,immediatelyShowMarkdownHelp:true
          });


          }
          });














           

          draft saved


          draft discarded


















          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53373183%2fwhy-does-an-ssl-server-socket-connection-block-in-java-whereas-a-non-ssl-server%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown

























          1 Answer
          1






          active

          oldest

          votes








          1 Answer
          1






          active

          oldest

          votes









          active

          oldest

          votes






          active

          oldest

          votes








          up vote
          0
          down vote













          What does "flip to plaintext?" mean?



          Here's what you are doing:




          • Creating an SSL server socket

          • Creating a normal socket connected to the SSL server socket

          • Sending some data from the client side

          • Reading some data on the server side


          Now, the SSL socket expects encrypted data transfer. But the data you are not sending is not encrypted, so it's not valid SSL and it throws an exception - as it says, "Unrecognized SSL message" because you are not sending a valid SSL message, and "plaintext connection?" is a hint about what might be wrong.



          You have to use SSL on both sides of the connection, or they can't talk to each other properly.






          share|improve this answer





















          • Thanks for this comment - it is super helpful. I've updated the question.
            – hawkeye
            2 hours ago















          up vote
          0
          down vote













          What does "flip to plaintext?" mean?



          Here's what you are doing:




          • Creating an SSL server socket

          • Creating a normal socket connected to the SSL server socket

          • Sending some data from the client side

          • Reading some data on the server side


          Now, the SSL socket expects encrypted data transfer. But the data you are not sending is not encrypted, so it's not valid SSL and it throws an exception - as it says, "Unrecognized SSL message" because you are not sending a valid SSL message, and "plaintext connection?" is a hint about what might be wrong.



          You have to use SSL on both sides of the connection, or they can't talk to each other properly.






          share|improve this answer





















          • Thanks for this comment - it is super helpful. I've updated the question.
            – hawkeye
            2 hours ago













          up vote
          0
          down vote










          up vote
          0
          down vote









          What does "flip to plaintext?" mean?



          Here's what you are doing:




          • Creating an SSL server socket

          • Creating a normal socket connected to the SSL server socket

          • Sending some data from the client side

          • Reading some data on the server side


          Now, the SSL socket expects encrypted data transfer. But the data you are not sending is not encrypted, so it's not valid SSL and it throws an exception - as it says, "Unrecognized SSL message" because you are not sending a valid SSL message, and "plaintext connection?" is a hint about what might be wrong.



          You have to use SSL on both sides of the connection, or they can't talk to each other properly.






          share|improve this answer












          What does "flip to plaintext?" mean?



          Here's what you are doing:




          • Creating an SSL server socket

          • Creating a normal socket connected to the SSL server socket

          • Sending some data from the client side

          • Reading some data on the server side


          Now, the SSL socket expects encrypted data transfer. But the data you are not sending is not encrypted, so it's not valid SSL and it throws an exception - as it says, "Unrecognized SSL message" because you are not sending a valid SSL message, and "plaintext connection?" is a hint about what might be wrong.



          You have to use SSL on both sides of the connection, or they can't talk to each other properly.







          share|improve this answer












          share|improve this answer



          share|improve this answer










          answered 13 hours ago









          immibis

          33.8k43562




          33.8k43562












          • Thanks for this comment - it is super helpful. I've updated the question.
            – hawkeye
            2 hours ago


















          • Thanks for this comment - it is super helpful. I've updated the question.
            – hawkeye
            2 hours ago
















          Thanks for this comment - it is super helpful. I've updated the question.
          – hawkeye
          2 hours ago




          Thanks for this comment - it is super helpful. I've updated the question.
          – hawkeye
          2 hours ago


















           

          draft saved


          draft discarded



















































           


          draft saved


          draft discarded














          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53373183%2fwhy-does-an-ssl-server-socket-connection-block-in-java-whereas-a-non-ssl-server%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown





















































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown

































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown







          Popular posts from this blog

          Can a sorcerer learn a 5th-level spell early by creating spell slots using the Font of Magic feature?

          Image
          28 6 $begingroup$ Per the Font of Magic feature, sorcerer can use Flexible Casting to create 5th-level spell slots at level 7, even though they are not typically available until level 9. You can transform unexpended sorcery points into one spell slot as a bonus action on your turn. The Creating Spell Slots table shows the cost of creating a spell slot of [5th level is 7] If such a sorcerer levels up while still having this 5th-level spell slot, can they choose a 5th-level spell as the spell they gain upon levelling up? The Spellcasting feature states: Additionally, when you gain a level in this class, you can choose one of the sorcerer spells you know and replace it with another spell from the sorcerer spell list, which also must be of a level for which you have spell slots.
          Read more

          Does disintegrating a polymorphed enemy still kill it after the 2018 errata?

          Image
          up vote 13 down vote favorite 1 After the 2018 errata, the disintegrate spell description now reads: A creature targeted by this spell must make a Dexterity saving throw. On a failed save, the target takes 10d6 + 40 force damage. The target is disintegrated if this damage leaves it with 0 hit points. If you were to polymorph an enemy into a rat and then disintegrate it, would the enemy be disintegrated or would it just return to its original form? I know that for Druids, it’s not an instant kill anymore, but is this the case for polymorph as well? dnd-5e spells polymorph errata share | improve this question edited 18 hours ago
          Read more

          A Topological Invariant for $pi_3(U(n))$

          Image
          3 3 $begingroup$ Recently, I saw a construction of topological invariant for $pi_3(U(n))$ with $ngeq 2$ : $$ N=frac{1}{24pi^2}int_{S^3} d^3x epsilon^{ijk} Tr[(U^{-1}partial_{x_i}U)(U^{-1}partial_{x_j}U)(U^{-1}partial_{x_k}U)] , $$ where $Uin U(n)$ depends on $boldsymbol{x}=(x_1,x_2,x_3)in S^3$ , $epsilon^{ijk}$ is the Levi-Civita symbol, $i,j,k=1,2,3$ , and the duplicated indexes are summed over. It is claimed that $N$ is an integer, but why? Update 02/02/2019 I think I got an argument for $n=2$ . In this case, $U=e^{i varphi} q$ with $qin SU(2)$ . Due to the trace and the Levi-Civita symbol in $N$ , $varphi$ does not contribute to $N$ . As $Tr[q^{dagger}partial_i q]=0$ and $(q^{dagger}partial_i q)^{dagger}=-q^{dagger}partial_i q$ , $q^{dagger}partial_i q$ in geneeral has the form $q^{dagger}partia
          Read more