java
network_error
ai_generated
true
javax.net.ssl.SSLException:无法识别的 SSL 消息,明文连接?
javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection?
ID: java/ssl-exception-unrecognized-ssl-message
90%修复率
85%置信度
1证据数
2023-12-05首次发现
版本兼容性
| 版本 | 状态 | 引入 | 弃用 | 备注 |
|---|---|---|---|---|
| Java 8 | active | — | — | — |
| Java 11 | active | — | — | — |
| Java 17 | active | — | — | — |
| Java 21 | active | — | — | — |
根因分析
JVM 尝试建立 SSL/TLS 连接,但服务器在预期的 SSL 端口上使用非 SSL 协议(通常是纯 HTTP),通常由端口配置错误或 URL 方案不正确引起。
English
The JVM is trying to establish an SSL/TLS connection but the server is speaking a non-SSL protocol (typically plain HTTP) on the expected SSL port, often due to misconfigured ports or incorrect URL scheme.
官方文档
https://docs.oracle.com/en/java/javase/17/docs/api/java.base/javax/net/ssl/SSLException.html解决方案
-
Verify the correct URL scheme: use https:// for SSL connections and http:// for plain connections. Check the server's actual port configuration.
-
If the server supports both HTTP and HTTPS on different ports, ensure the client connects to the correct port. Use tools like curl to test: curl -v https://host:port.
-
For development or testing, if the server is misconfigured and you must use SSL, configure a reverse proxy (e.g., nginx) to terminate SSL and forward to the backend HTTP server.
无效尝试
常见但无效的做法:
-
95% 失败
Disabling SSL verification does not fix the protocol mismatch; the server is not speaking SSL at all.
-
90% 失败
Changing the SSL protocol version (e.g., TLSv1.2 to TLSv1.3) does not help because the server is not using SSL.
-
95% 失败
Increasing connection timeout does not change the protocol; the server still responds with plain HTTP.