Clever Geek Handbook

CloudClare Free SSL ConnectException

I hosted my site behind CloudFlare with free SSL feature.

Everything works fine in the browser. SSL blocking is displayed correctly in the browser.

But if I make an HTTP GET request to the same web interface using a Java program, I get an exception.

Below is a small java program I wrote.

package com.mycompany.textexception;

import java.io.IOException;
import java.net.URI;
import java.net.URISyntaxException;
import org.apache.http.HttpResponse;
import org.apache.http.client.HttpClient;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.impl.client.DefaultHttpClient;

public class Main {
    public static void main(String [] args) throws IOException, URISyntaxException{
        URI loginUri = new URI("https://site-behind-cf.in/");

        HttpClient httpclient = new DefaultHttpClient();
        HttpGet httpget = new HttpGet( loginUri );
        HttpResponse response = httpclient.execute( httpget );
        System.out.println("Done");
    }
}

And the exception is

Exception in thread "main" java.net.ConnectException: Connection refused: connect
    at java.net.DualStackPlainSocketImpl.connect0(Native Method)
    at java.net.DualStackPlainSocketImpl.socketConnect(DualStackPlainSocketImpl.java:79)
    at java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:345)
    at java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:206)
    at java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:188)
    at java.net.PlainSocketImpl.connect(PlainSocketImpl.java:172)
    at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392)
    at java.net.Socket.connect(Socket.java:589)
    at sun.security.ssl.SSLSocketImpl.connect(SSLSocketImpl.java:656)
    at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:524)
    at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:403)
    at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:177)
    at org.apache.http.impl.conn.ManagedClientConnectionImpl.open(ManagedClientConnectionImpl.java:304)
    at org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:611)
    at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:446)
    at org.apache.http.impl.client.AbstractHttpClient.doExecute(AbstractHttpClient.java:863)
    at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:82)
    at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:106)
    at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:57)
    at com.mycompany.textexception.Main.main(Main.java:26)

Note. The same program will work fine if I point to https://www.google.co.in

or https://my-other-web.com

, which is not behind CloudFlare and has its own SSL certificate.

+3


source to share


2 answers


SSL for Free uses Elliptic Curve Digital Signature Certificates (ECDSA) from Comodo or GlobalSign.

These certificates only work with modern browsers that support Server Name Indication (SNI)



You may not have the same problem if you launch Cloudflare Pro

0


source


SSL for Free uses Elliptic Curve Digital Signature Certificates (ECDSA) from Comodo or GlobalSign.

These certificates only work with modern browsers that support Server Name Indication (SNI)



You need to add the same header browsers (SNI support) that will help you. The following test code might help you. thank.

import java.io.IOException;

import org.apache.http.HttpResponse;
import org.apache.http.client.ClientProtocolException;
import org.apache.http.client.HttpClient;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.impl.client.HttpClients;

public class CloudFlareTest {

    public static void main(String[] params){
        HttpClient httpClient = HttpClients.createDefault();
        HttpGet getMethod = new HttpGet("https://your.domain.com/path/to/yourrequest");

        getMethod.addHeader(":authority", "your.domain.com");
        getMethod.addHeader(":method","GET");
        getMethod.addHeader(":path","/path/to/yourrequest");
        getMethod.addHeader(":scheme","https");

        try {
            HttpResponse httpResponse = httpClient.execute(getMethod);

            if(httpResponse.getStatusLine().getStatusCode() == 200){

                System.out.println("Done: " + httpResponse.getEntity().getContentLength());
            }
        } catch (ClientProtocolException e) {
            // TODO Auto-generated catch block
            e.printStackTrace();
        } catch (IOException e) {
            // TODO Auto-generated catch block
            e.printStackTrace();
        }
    }
}
0


source






More articles:


All Articles