How do a send an HTTPS request through a proxy in Java?

by

HTTPS proxy doesn’t make sense because you can’t terminate your HTTP connection at the proxy for security reasons. With your trust policy, it might work if the proxy server has a HTTPS port. Your error is caused by connecting to HTTP proxy port with HTTPS.

You can connect through a proxy using SSL tunneling (many people call that proxy) using proxy CONNECT command. However, Java doesn’t support newer version of proxy tunneling. In that case, you need to handle the tunneling yourself. You can find sample code here,

http://www.javaworld.com/javaworld/javatips/jw-javatip111.html

EDIT: If you want defeat all the security measures in JSSE, you still need your own TrustManager. Something like this,

 public SSLTunnelSocketFactory(String proxyhost, String proxyport){
      tunnelHost = proxyhost;
      tunnelPort = Integer.parseInt(proxyport);
      dfactory = (SSLSocketFactory)sslContext.getSocketFactory();
 }

 ...

 connection.setSSLSocketFactory( new SSLTunnelSocketFactory( proxyHost, proxyPort ) );
 connection.setDefaultHostnameVerifier( new HostnameVerifier()
 {
    public boolean verify( String arg0, SSLSession arg1 )
    {
        return true;
    }
 }  );

EDIT 2: I just tried my program I wrote a few years ago using SSLTunnelSocketFactory and it doesn’t work either. Apparently, Sun introduced a new bug sometime in Java 5. See this bug report,

http://bugs.sun.com/view_bug.do?bug_id=6614957

The good news is that the SSL tunneling bug is fixed so you can just use the default factory. I just tried with a proxy and everything works as expected. See my code,

public class SSLContextTest {

    public static void main(String[] args) {

        System.setProperty("https.proxyHost", "proxy.xxx.com");
        System.setProperty("https.proxyPort", "8888");

        try {

            SSLContext sslContext = SSLContext.getInstance("SSL");

            // set up a TrustManager that trusts everything
            sslContext.init(null, new TrustManager[] { new X509TrustManager() {
                public X509Certificate[] getAcceptedIssuers() {
                    System.out.println("getAcceptedIssuers =============");
                    return null;
                }

                public void checkClientTrusted(X509Certificate[] certs,
                        String authType) {
                    System.out.println("checkClientTrusted =============");
                }

                public void checkServerTrusted(X509Certificate[] certs,
                        String authType) {
                    System.out.println("checkServerTrusted =============");
                }
            } }, new SecureRandom());

            HttpsURLConnection.setDefaultSSLSocketFactory(
                    sslContext.getSocketFactory());

            HttpsURLConnection
                    .setDefaultHostnameVerifier(new HostnameVerifier() {
                        public boolean verify(String arg0, SSLSession arg1) {
                            System.out.println("hostnameVerifier =============");
                            return true;
                        }
                    });

            URL url = new URL("https://www.verisign.net");
            URLConnection conn = url.openConnection();
            BufferedReader reader = 
                new BufferedReader(new InputStreamReader(conn.getInputStream()));
            String line;
            while ((line = reader.readLine()) != null) {
                System.out.println(line);
            }
        } catch (Exception e) {
            e.printStackTrace();
        } 
    }
}

This is what I get when I run the program,

checkServerTrusted =============
hostnameVerifier =============
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
......

As you can see, both SSLContext and hostnameVerifier are getting called. HostnameVerifier is only involved when the hostname doesn’t match the cert. I used “www.verisign.net” to trigger this.

More Related Contents:

  1. Received fatal alert: handshake_failure through SSLHandshakeException
  2. How do I set the proxy to be used by the JVM
  3. How to solve javax.net.ssl.SSLHandshakeException Error?
  4. Java client certificates over HTTPS/SSL
  5. How to convert a Hibernate proxy to a real entity object
  6. Problems using Maven and SSL behind proxy
  7. How do I make HttpURLConnection use a proxy?
  8. Java SSLHandshakeException “no cipher suites in common”
  9. Gradle proxy configuration
  10. Authenticated HTTP proxy with Java
  11. Setting JVM/JRE to use Windows Proxy Automatically
  12. Problems connecting via HTTPS/SSL through own Java client
  13. SSLHandshakeException while connecting to a https site
  14. spring scoped proxy bean
  15. Apache HttpClient 4.1 – Proxy Authentication
  16. Does Java’s ProxySelector not work with automatic proxy configuration scripts?
  17. Using RestTemplate, how to send the request to a proxy first so I can use my junits with JMeter?
  18. How do I get the underlying type of a proxy object in java?
  19. Unable to tunnel through proxy. Proxy returns “HTTP/1.1 407” via https
  20. How to make Java 6, which fails SSL connection with “SSL peer shut down incorrectly”, succeed like Java 7?
  21. How to use an HTTP proxy in java
  22. How to set proxy authentication in PhantomJS using selenium?
  23. How to call a user defined Matlab from Java using matlabcontrol.jar
  24. How to change Firefox web driver proxy settings at runtime?
  25. How can I use an HTTP proxy for a JAX-WS request without setting a system-wide property?
  26. printing Prime numbers in java
  27. What is the meaning of “this” in Java?
  28. Properly removing an Integer from a List
  29. The specified DSN contains an architecture mismatch between the Driver and Application. JAVA
  30. A tool to add and complete PHP source code documentation [closed]

Leave a Comment