Why does an SSL Server Socket connection block in Java whereas a non SSL Server Socket does not?











up vote
0
down vote

favorite












Consider the following code for a non-SSL Socket server and client all on the one thread:



import java.io.DataInputStream;

import java.io.IOException;

import java.io.OutputStream;

import java.net.ServerSocket;

import java.net.Socket;



public class ServerClient {

    public static void main(String args) throws IOException {

        ServerSocket ss = new ServerSocket(0); // open a random free port.



        Socket c = new Socket(ss.getInetAddress(), ss.getLocalPort());



        Socket s = ss.accept();



        final byte bytes = "Hello World!".getBytes();

        final OutputStream out = c.getOutputStream();

        System.out.println("writing to stream");

        out.write(bytes.length);

        out.write(bytes);



        System.out.println("reading from stream");



        final DataInputStream in = new DataInputStream(s.getInputStream());

        int len = in.read();

        final byte b = new byte[len];

        in.readFully(b);

        System.out.println(new String(b));



        c.close();

        ss.close();

    }

}


This produces the following output:



writing to stream

reading from stream

Hello World!


This process opened a server socket - connected with a client socket. Passed data down the socket and then closed down. There was no issue passing the data.



Consider a version to a prove a point with SSL Sockets:



import javax.net.ssl.SSLServerSocket;

import javax.net.ssl.SSLServerSocketFactory;

import javax.net.ssl.SSLSocket;

import javax.net.ssl.SSLSocketFactory;

import java.io.DataInputStream;

import java.io.IOException;

import java.io.OutputStream;

import java.net.Socket;

import java.util.logging.Logger;



public class SSLServerClient {



    private static Logger log = Logger.getLogger("InfoLogging");



    public static void main(String args) throws IOException {



        System.setProperty("javax.net.ssl.keyStore", "/path/KeyStore.jks");

        System.setProperty("javax.net.ssl.keyStorePassword", "password");



        SSLServerSocketFactory sslserversocketfactory = (SSLServerSocketFactory) SSLServerSocketFactory.getDefault();



        SSLServerSocket serverListeningSSLSocket = (SSLServerSocket) sslserversocketfactory.createServerSocket(4380);

        log.info("Server started");



        SSLSocketFactory sslSocketFactory=(SSLSocketFactory) SSLSocketFactory.getDefault();

        SSLSocket clientSocket =  (SSLSocket) sslSocketFactory.createSocket(serverListeningSSLSocket.getInetAddress(),

                serverListeningSSLSocket.getLocalPort());



        SSLSocket serverCommsSSLSocket = (SSLSocket) serverListeningSSLSocket.accept();

        log.info("new client");



        final byte bytes = "Hello World!".getBytes();

        final OutputStream out = clientSocket.getOutputStream();

        System.out.println("writing to stream");

        out.write(bytes.length);

        out.write(bytes);



        System.out.println("reading from stream");



        final DataInputStream in = new DataInputStream(serverCommsSSLSocket.getInputStream());

        int len = in.read();

        final byte b = new byte[len];

        in.readFully(b);

        System.out.println(new String(b));



        clientSocket.close();

        serverCommsSSLSocket.close();

        serverListeningSSLSocket.close();

    }

}


This gives the following output:



Nov 21, 2018 10:23:51 PM com.gamble.ssl.SSLServerClient main INFO: Server started

Nov 21, 2018 10:23:52 PM com.gamble.ssl.SSLServerClient main INFO: new client

writing to stream


ie it blocks on the server socket starting.



My question is: Why does an SSL Server Socket connection block in Java whereas a non SSL Server Socket does not?






java sockets ssl sslsocketfactory







share|improve this question




























    up vote
    0
    down vote

    favorite












    Consider the following code for a non-SSL Socket server and client all on the one thread:



    import java.io.DataInputStream;
    
import java.io.IOException;
    
import java.io.OutputStream;
    
import java.net.ServerSocket;
    
import java.net.Socket;
    

    
public class ServerClient {
    
    public static void main(String args) throws IOException {
    
        ServerSocket ss = new ServerSocket(0); // open a random free port.
    

    
        Socket c = new Socket(ss.getInetAddress(), ss.getLocalPort());
    

    
        Socket s = ss.accept();
    

    
        final byte bytes = "Hello World!".getBytes();
    
        final OutputStream out = c.getOutputStream();
    
        System.out.println("writing to stream");
    
        out.write(bytes.length);
    
        out.write(bytes);
    

    
        System.out.println("reading from stream");
    

    
        final DataInputStream in = new DataInputStream(s.getInputStream());
    
        int len = in.read();
    
        final byte b = new byte[len];
    
        in.readFully(b);
    
        System.out.println(new String(b));
    

    
        c.close();
    
        ss.close();
    
    }
    
}


    This produces the following output:



    writing to stream
    
reading from stream
    
Hello World!


    This process opened a server socket - connected with a client socket. Passed data down the socket and then closed down. There was no issue passing the data.



    Consider a version to a prove a point with SSL Sockets:



    import javax.net.ssl.SSLServerSocket;
    
import javax.net.ssl.SSLServerSocketFactory;
    
import javax.net.ssl.SSLSocket;
    
import javax.net.ssl.SSLSocketFactory;
    
import java.io.DataInputStream;
    
import java.io.IOException;
    
import java.io.OutputStream;
    
import java.net.Socket;
    
import java.util.logging.Logger;
    

    
public class SSLServerClient {
    

    
    private static Logger log = Logger.getLogger("InfoLogging");
    

    
    public static void main(String args) throws IOException {
    

    
        System.setProperty("javax.net.ssl.keyStore", "/path/KeyStore.jks");
    
        System.setProperty("javax.net.ssl.keyStorePassword", "password");
    

    
        SSLServerSocketFactory sslserversocketfactory = (SSLServerSocketFactory) SSLServerSocketFactory.getDefault();
    

    
        SSLServerSocket serverListeningSSLSocket = (SSLServerSocket) sslserversocketfactory.createServerSocket(4380);
    
        log.info("Server started");
    

    
        SSLSocketFactory sslSocketFactory=(SSLSocketFactory) SSLSocketFactory.getDefault();
    
        SSLSocket clientSocket =  (SSLSocket) sslSocketFactory.createSocket(serverListeningSSLSocket.getInetAddress(),
    
                serverListeningSSLSocket.getLocalPort());
    

    
        SSLSocket serverCommsSSLSocket = (SSLSocket) serverListeningSSLSocket.accept();
    
        log.info("new client");
    

    
        final byte bytes = "Hello World!".getBytes();
    
        final OutputStream out = clientSocket.getOutputStream();
    
        System.out.println("writing to stream");
    
        out.write(bytes.length);
    
        out.write(bytes);
    

    
        System.out.println("reading from stream");
    

    
        final DataInputStream in = new DataInputStream(serverCommsSSLSocket.getInputStream());
    
        int len = in.read();
    
        final byte b = new byte[len];
    
        in.readFully(b);
    
        System.out.println(new String(b));
    

    
        clientSocket.close();
    
        serverCommsSSLSocket.close();
    
        serverListeningSSLSocket.close();
    
    }
    
}


    This gives the following output:



    Nov 21, 2018 10:23:51 PM com.gamble.ssl.SSLServerClient main INFO: Server started
    
Nov 21, 2018 10:23:52 PM com.gamble.ssl.SSLServerClient main INFO: new client
    
writing to stream


    ie it blocks on the server socket starting.



    My question is: Why does an SSL Server Socket connection block in Java whereas a non SSL Server Socket does not?






    java sockets ssl sslsocketfactory







    share|improve this question


























      up vote
      0
      down vote

      favorite









      up vote
      0
      down vote

      favorite











      Consider the following code for a non-SSL Socket server and client all on the one thread:



      import java.io.DataInputStream;
      
import java.io.IOException;
      
import java.io.OutputStream;
      
import java.net.ServerSocket;
      
import java.net.Socket;
      

      
public class ServerClient {
      
    public static void main(String args) throws IOException {
      
        ServerSocket ss = new ServerSocket(0); // open a random free port.
      

      
        Socket c = new Socket(ss.getInetAddress(), ss.getLocalPort());
      

      
        Socket s = ss.accept();
      

      
        final byte bytes = "Hello World!".getBytes();
      
        final OutputStream out = c.getOutputStream();
      
        System.out.println("writing to stream");
      
        out.write(bytes.length);
      
        out.write(bytes);
      

      
        System.out.println("reading from stream");
      

      
        final DataInputStream in = new DataInputStream(s.getInputStream());
      
        int len = in.read();
      
        final byte b = new byte[len];
      
        in.readFully(b);
      
        System.out.println(new String(b));
      

      
        c.close();
      
        ss.close();
      
    }
      
}


      This produces the following output:



      writing to stream
      
reading from stream
      
Hello World!


      This process opened a server socket - connected with a client socket. Passed data down the socket and then closed down. There was no issue passing the data.



      Consider a version to a prove a point with SSL Sockets:



      import javax.net.ssl.SSLServerSocket;
      
import javax.net.ssl.SSLServerSocketFactory;
      
import javax.net.ssl.SSLSocket;
      
import javax.net.ssl.SSLSocketFactory;
      
import java.io.DataInputStream;
      
import java.io.IOException;
      
import java.io.OutputStream;
      
import java.net.Socket;
      
import java.util.logging.Logger;
      

      
public class SSLServerClient {
      

      
    private static Logger log = Logger.getLogger("InfoLogging");
      

      
    public static void main(String args) throws IOException {
      

      
        System.setProperty("javax.net.ssl.keyStore", "/path/KeyStore.jks");
      
        System.setProperty("javax.net.ssl.keyStorePassword", "password");
      

      
        SSLServerSocketFactory sslserversocketfactory = (SSLServerSocketFactory) SSLServerSocketFactory.getDefault();
      

      
        SSLServerSocket serverListeningSSLSocket = (SSLServerSocket) sslserversocketfactory.createServerSocket(4380);
      
        log.info("Server started");
      

      
        SSLSocketFactory sslSocketFactory=(SSLSocketFactory) SSLSocketFactory.getDefault();
      
        SSLSocket clientSocket =  (SSLSocket) sslSocketFactory.createSocket(serverListeningSSLSocket.getInetAddress(),
      
                serverListeningSSLSocket.getLocalPort());
      

      
        SSLSocket serverCommsSSLSocket = (SSLSocket) serverListeningSSLSocket.accept();
      
        log.info("new client");
      

      
        final byte bytes = "Hello World!".getBytes();
      
        final OutputStream out = clientSocket.getOutputStream();
      
        System.out.println("writing to stream");
      
        out.write(bytes.length);
      
        out.write(bytes);
      

      
        System.out.println("reading from stream");
      

      
        final DataInputStream in = new DataInputStream(serverCommsSSLSocket.getInputStream());
      
        int len = in.read();
      
        final byte b = new byte[len];
      
        in.readFully(b);
      
        System.out.println(new String(b));
      

      
        clientSocket.close();
      
        serverCommsSSLSocket.close();
      
        serverListeningSSLSocket.close();
      
    }
      
}


      This gives the following output:



      Nov 21, 2018 10:23:51 PM com.gamble.ssl.SSLServerClient main INFO: Server started
      
Nov 21, 2018 10:23:52 PM com.gamble.ssl.SSLServerClient main INFO: new client
      
writing to stream


      ie it blocks on the server socket starting.



      My question is: Why does an SSL Server Socket connection block in Java whereas a non SSL Server Socket does not?






      java sockets ssl sslsocketfactory







      share|improve this question















      Consider the following code for a non-SSL Socket server and client all on the one thread:



      import java.io.DataInputStream;
      
import java.io.IOException;
      
import java.io.OutputStream;
      
import java.net.ServerSocket;
      
import java.net.Socket;
      

      
public class ServerClient {
      
    public static void main(String args) throws IOException {
      
        ServerSocket ss = new ServerSocket(0); // open a random free port.
      

      
        Socket c = new Socket(ss.getInetAddress(), ss.getLocalPort());
      

      
        Socket s = ss.accept();
      

      
        final byte bytes = "Hello World!".getBytes();
      
        final OutputStream out = c.getOutputStream();
      
        System.out.println("writing to stream");
      
        out.write(bytes.length);
      
        out.write(bytes);
      

      
        System.out.println("reading from stream");
      

      
        final DataInputStream in = new DataInputStream(s.getInputStream());
      
        int len = in.read();
      
        final byte b = new byte[len];
      
        in.readFully(b);
      
        System.out.println(new String(b));
      

      
        c.close();
      
        ss.close();
      
    }
      
}


      This produces the following output:



      writing to stream
      
reading from stream
      
Hello World!


      This process opened a server socket - connected with a client socket. Passed data down the socket and then closed down. There was no issue passing the data.



      Consider a version to a prove a point with SSL Sockets:



      import javax.net.ssl.SSLServerSocket;
      
import javax.net.ssl.SSLServerSocketFactory;
      
import javax.net.ssl.SSLSocket;
      
import javax.net.ssl.SSLSocketFactory;
      
import java.io.DataInputStream;
      
import java.io.IOException;
      
import java.io.OutputStream;
      
import java.net.Socket;
      
import java.util.logging.Logger;
      

      
public class SSLServerClient {
      

      
    private static Logger log = Logger.getLogger("InfoLogging");
      

      
    public static void main(String args) throws IOException {
      

      
        System.setProperty("javax.net.ssl.keyStore", "/path/KeyStore.jks");
      
        System.setProperty("javax.net.ssl.keyStorePassword", "password");
      

      
        SSLServerSocketFactory sslserversocketfactory = (SSLServerSocketFactory) SSLServerSocketFactory.getDefault();
      

      
        SSLServerSocket serverListeningSSLSocket = (SSLServerSocket) sslserversocketfactory.createServerSocket(4380);
      
        log.info("Server started");
      

      
        SSLSocketFactory sslSocketFactory=(SSLSocketFactory) SSLSocketFactory.getDefault();
      
        SSLSocket clientSocket =  (SSLSocket) sslSocketFactory.createSocket(serverListeningSSLSocket.getInetAddress(),
      
                serverListeningSSLSocket.getLocalPort());
      

      
        SSLSocket serverCommsSSLSocket = (SSLSocket) serverListeningSSLSocket.accept();
      
        log.info("new client");
      

      
        final byte bytes = "Hello World!".getBytes();
      
        final OutputStream out = clientSocket.getOutputStream();
      
        System.out.println("writing to stream");
      
        out.write(bytes.length);
      
        out.write(bytes);
      

      
        System.out.println("reading from stream");
      

      
        final DataInputStream in = new DataInputStream(serverCommsSSLSocket.getInputStream());
      
        int len = in.read();
      
        final byte b = new byte[len];
      
        in.readFully(b);
      
        System.out.println(new String(b));
      

      
        clientSocket.close();
      
        serverCommsSSLSocket.close();
      
        serverListeningSSLSocket.close();
      
    }
      
}


      This gives the following output:



      Nov 21, 2018 10:23:51 PM com.gamble.ssl.SSLServerClient main INFO: Server started
      
Nov 21, 2018 10:23:52 PM com.gamble.ssl.SSLServerClient main INFO: new client
      
writing to stream


      ie it blocks on the server socket starting.



      My question is: Why does an SSL Server Socket connection block in Java whereas a non SSL Server Socket does not?






      java sockets ssl sslsocketfactory




      java sockets ssl sslsocketfactory






      share|improve this question















      share|improve this question













      share|improve this question




      share|improve this question








      edited 2 hours ago

























      asked 2 days ago









      hawkeye

      14.3k1798214




      14.3k1798214
























          1 Answer
          1






          active

          oldest

          votes

















          up vote
          0
          down vote













          What does "flip to plaintext?" mean?



          Here's what you are doing:




          • Creating an SSL server socket

          • Creating a normal socket connected to the SSL server socket

          • Sending some data from the client side

          • Reading some data on the server side


          Now, the SSL socket expects encrypted data transfer. But the data you are not sending is not encrypted, so it's not valid SSL and it throws an exception - as it says, "Unrecognized SSL message" because you are not sending a valid SSL message, and "plaintext connection?" is a hint about what might be wrong.



          You have to use SSL on both sides of the connection, or they can't talk to each other properly.






          share|improve this answer





















          • Thanks for this comment - it is super helpful. I've updated the question.
            – hawkeye
            2 hours ago











          Your Answer






          StackExchange.ifUsing("editor", function () {
          StackExchange.using("externalEditor", function () {
          StackExchange.using("snippets", function () {
          StackExchange.snippets.init();
          });
          });
          }, "code-snippets");

          StackExchange.ready(function() {
          var channelOptions = {
          tags: "".split(" "),
          id: "1"
          };
          initTagRenderer("".split(" "), "".split(" "), channelOptions);

          StackExchange.using("externalEditor", function() {
          // Have to fire editor after snippets, if snippets enabled
          if (StackExchange.settings.snippets.snippetsEnabled) {
          StackExchange.using("snippets", function() {
          createEditor();
          });
          }
          else {
          createEditor();
          }
          });

          function createEditor() {
          StackExchange.prepareEditor({
          heartbeatType: 'answer',
          convertImagesToLinks: true,
          noModals: true,
          showLowRepImageUploadWarning: true,
          reputationToPostImages: 10,
          bindNavPrevention: true,
          postfix: "",
          imageUploader: {
          brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
          contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
          allowUrls: true
          },
          onDemand: true,
          discardSelector: ".discard-answer"
          ,immediatelyShowMarkdownHelp:true
          });


          }
          });














           

          draft saved


          draft discarded


















          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53373183%2fwhy-does-an-ssl-server-socket-connection-block-in-java-whereas-a-non-ssl-server%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown

























          1 Answer
          1






          active

          oldest

          votes








          1 Answer
          1






          active

          oldest

          votes









          active

          oldest

          votes






          active

          oldest

          votes








          up vote
          0
          down vote













          What does "flip to plaintext?" mean?



          Here's what you are doing:




          • Creating an SSL server socket

          • Creating a normal socket connected to the SSL server socket

          • Sending some data from the client side

          • Reading some data on the server side


          Now, the SSL socket expects encrypted data transfer. But the data you are not sending is not encrypted, so it's not valid SSL and it throws an exception - as it says, "Unrecognized SSL message" because you are not sending a valid SSL message, and "plaintext connection?" is a hint about what might be wrong.



          You have to use SSL on both sides of the connection, or they can't talk to each other properly.






          share|improve this answer





















          • Thanks for this comment - it is super helpful. I've updated the question.
            – hawkeye
            2 hours ago















          up vote
          0
          down vote













          What does "flip to plaintext?" mean?



          Here's what you are doing:




          • Creating an SSL server socket

          • Creating a normal socket connected to the SSL server socket

          • Sending some data from the client side

          • Reading some data on the server side


          Now, the SSL socket expects encrypted data transfer. But the data you are not sending is not encrypted, so it's not valid SSL and it throws an exception - as it says, "Unrecognized SSL message" because you are not sending a valid SSL message, and "plaintext connection?" is a hint about what might be wrong.



          You have to use SSL on both sides of the connection, or they can't talk to each other properly.






          share|improve this answer





















          • Thanks for this comment - it is super helpful. I've updated the question.
            – hawkeye
            2 hours ago













          up vote
          0
          down vote










          up vote
          0
          down vote









          What does "flip to plaintext?" mean?



          Here's what you are doing:




          • Creating an SSL server socket

          • Creating a normal socket connected to the SSL server socket

          • Sending some data from the client side

          • Reading some data on the server side


          Now, the SSL socket expects encrypted data transfer. But the data you are not sending is not encrypted, so it's not valid SSL and it throws an exception - as it says, "Unrecognized SSL message" because you are not sending a valid SSL message, and "plaintext connection?" is a hint about what might be wrong.



          You have to use SSL on both sides of the connection, or they can't talk to each other properly.






          share|improve this answer












          What does "flip to plaintext?" mean?



          Here's what you are doing:




          • Creating an SSL server socket

          • Creating a normal socket connected to the SSL server socket

          • Sending some data from the client side

          • Reading some data on the server side


          Now, the SSL socket expects encrypted data transfer. But the data you are not sending is not encrypted, so it's not valid SSL and it throws an exception - as it says, "Unrecognized SSL message" because you are not sending a valid SSL message, and "plaintext connection?" is a hint about what might be wrong.



          You have to use SSL on both sides of the connection, or they can't talk to each other properly.







          share|improve this answer












          share|improve this answer



          share|improve this answer










          answered 13 hours ago









          immibis

          33.8k43562




          33.8k43562












          • Thanks for this comment - it is super helpful. I've updated the question.
            – hawkeye
            2 hours ago


















          • Thanks for this comment - it is super helpful. I've updated the question.
            – hawkeye
            2 hours ago
















          Thanks for this comment - it is super helpful. I've updated the question.
          – hawkeye
          2 hours ago




          Thanks for this comment - it is super helpful. I've updated the question.
          – hawkeye
          2 hours ago


















           

          draft saved


          draft discarded



















































           


          draft saved


          draft discarded














          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53373183%2fwhy-does-an-ssl-server-socket-connection-block-in-java-whereas-a-non-ssl-server%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown





















































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown

































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown







          Popular posts from this blog

          android studio warns about leanback feature tag usage required on manifest while using Unity exported app?

          Image
          .everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty{ height:90px;width:728px;box-sizing:border-box; } 0 This is a simple project showing cubes on Unity, exported to android project and imported on Android studio. On maifest file it showed following warning: Expecting <uses-feature android:name="android.software.leanback" android:required="false" /> tag I have no information about it. And also on default emptyview android project does not use/mention this feature. I know it is required by TV's and such but why its not added by default? Why is this? And Should I concern about it? android unity3d
          Read more

          SQL update select statement

          Image
          0 I'm trying to update an entry in my database (postgresql). I'm having a problem with updating the query: INSERT INTO prices (price, product_id) SELECT product_price, commn_id FROM products_temp as prod WHERE NOT EXISTS (SELECT * FROM prices od WHERE prod.commn_id = od.product_id) OR prod.product_price != ( SELECT price FROM prices as p WHERE p.product_id = prod.commn_id order by p.end desc LIMIT 1 ) Query works fine when i delete: OR prod.product_price != ( SELECT price FROM prices as p WHERE p.product_id = prod.commn_id order by p.end desc LIMIT 1 ) So it seems to me that it's looping through this operation. My question is, how can I fix it? sql postgresql
          Read more

          WPF add header to Image with URL pettitions [duplicate]

          Image
          up vote 0 down vote favorite This question already has an answer here: Image source URI requiring authorization 3 answers Add header to all* HTTP requests on a machine 1 answer first of all sorry for my english. Recently I added some security in the backend of my project, and now I need to send a validation code(apiKey) inside the headers to retrieve the images. I have a problem with ALL images in my project that I had attached in my UI. For example, before I had: <Image Height="90" Source="{Binding Video.Thumbnail}"/> Now I need to change my code to create a CUSTOM petition add the apiKey in the header:
          Read more