# javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection? - **ID:** `java/ssl-exception-unrecognized-ssl-message` - **Domain:** java - **Category:** network_error - **Verification:** ai_generated - **Fix Rate:** 90% ## Root Cause The JVM is trying to establish an SSL/TLS connection but the server is speaking a non-SSL protocol (typically plain HTTP) on the expected SSL port, often due to misconfigured ports or incorrect URL scheme. ## Version Compatibility | Version | Status | Introduced | Deprecated | |---------|--------|------------|------------| | Java 8 | active | — | — | | Java 11 | active | — | — | | Java 17 | active | — | — | | Java 21 | active | — | — | ## Workarounds 1. **Verify the correct URL scheme: use https:// for SSL connections and http:// for plain connections. Check the server's actual port configuration.** (90% success) ``` Verify the correct URL scheme: use https:// for SSL connections and http:// for plain connections. Check the server's actual port configuration. ``` 2. **If the server supports both HTTP and HTTPS on different ports, ensure the client connects to the correct port. Use tools like curl to test: curl -v https://host:port.** (85% success) ``` If the server supports both HTTP and HTTPS on different ports, ensure the client connects to the correct port. Use tools like curl to test: curl -v https://host:port. ``` 3. **For development or testing, if the server is misconfigured and you must use SSL, configure a reverse proxy (e.g., nginx) to terminate SSL and forward to the backend HTTP server.** (70% success) ``` For development or testing, if the server is misconfigured and you must use SSL, configure a reverse proxy (e.g., nginx) to terminate SSL and forward to the backend HTTP server. ``` ## Dead Ends - **** — Disabling SSL verification does not fix the protocol mismatch; the server is not speaking SSL at all. (95% fail) - **** — Changing the SSL protocol version (e.g., TLSv1.2 to TLSv1.3) does not help because the server is not using SSL. (90% fail) - **** — Increasing connection timeout does not change the protocol; the server still responds with plain HTTP. (95% fail)