java
network_error
ai_generated
true
javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection?
ID: java/ssl-exception-unrecognized-ssl-message
90%Fix Rate
85%Confidence
1Evidence
2023-12-05First Seen
Version Compatibility
| Version | Status | Introduced | Deprecated | Notes |
|---|---|---|---|---|
| Java 8 | active | — | — | — |
| Java 11 | active | — | — | — |
| Java 17 | active | — | — | — |
| Java 21 | active | — | — | — |
Root Cause
The JVM is trying to establish an SSL/TLS connection but the server is speaking a non-SSL protocol (typically plain HTTP) on the expected SSL port, often due to misconfigured ports or incorrect URL scheme.
generic中文
JVM 尝试建立 SSL/TLS 连接,但服务器在预期的 SSL 端口上使用非 SSL 协议(通常是纯 HTTP),通常由端口配置错误或 URL 方案不正确引起。
Official Documentation
https://docs.oracle.com/en/java/javase/17/docs/api/java.base/javax/net/ssl/SSLException.htmlWorkarounds
-
90% success Verify the correct URL scheme: use https:// for SSL connections and http:// for plain connections. Check the server's actual port configuration.
Verify the correct URL scheme: use https:// for SSL connections and http:// for plain connections. Check the server's actual port configuration.
-
85% success If the server supports both HTTP and HTTPS on different ports, ensure the client connects to the correct port. Use tools like curl to test: curl -v https://host:port.
If the server supports both HTTP and HTTPS on different ports, ensure the client connects to the correct port. Use tools like curl to test: curl -v https://host:port.
-
70% success For development or testing, if the server is misconfigured and you must use SSL, configure a reverse proxy (e.g., nginx) to terminate SSL and forward to the backend HTTP server.
For development or testing, if the server is misconfigured and you must use SSL, configure a reverse proxy (e.g., nginx) to terminate SSL and forward to the backend HTTP server.
中文步骤
Verify the correct URL scheme: use https:// for SSL connections and http:// for plain connections. Check the server's actual port configuration.
If the server supports both HTTP and HTTPS on different ports, ensure the client connects to the correct port. Use tools like curl to test: curl -v https://host:port.
For development or testing, if the server is misconfigured and you must use SSL, configure a reverse proxy (e.g., nginx) to terminate SSL and forward to the backend HTTP server.
Dead Ends
Common approaches that don't work:
-
95% fail
Disabling SSL verification does not fix the protocol mismatch; the server is not speaking SSL at all.
-
90% fail
Changing the SSL protocol version (e.g., TLSv1.2 to TLSv1.3) does not help because the server is not using SSL.
-
95% fail
Increasing connection timeout does not change the protocol; the server still responds with plain HTTP.