[jira] [Resolved] (HTTPCLIENT-2368) IllegalStateException: "TLS already activated" with HttpAsyncClient and HTTPS Proxy

Oleg Kalnichevski (Jira) Mon, 26 May 2025 01:26:05 -0700


     [ 
https://issues.apache.org/jira/browse/HTTPCLIENT-2368?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Oleg Kalnichevski resolved HTTPCLIENT-2368.
-------------------------------------------
    Resolution: Duplicate

> IllegalStateException: "TLS already activated" with HttpAsyncClient and HTTPS 
> Proxy
> -----------------------------------------------------------------------------------
>
>                 Key: HTTPCLIENT-2368
>                 URL: https://issues.apache.org/jira/browse/HTTPCLIENT-2368
>             Project: HttpComponents HttpClient
>          Issue Type: Bug
>          Components: HttpClient (async)
>    Affects Versions: 5.4
>            Reporter: Akash
>            Priority: Major
>
> *Getting error: java.util.concurrent.ExecutionException: 
> java.lang.IllegalStateException: TLS already activated*
>  
> Has anyone encountered this issue or knows how to properly handle double TLS 
> handshake with HttpAsyncClient when using an HTTPS proxy?
> When HttpAsyncClient is configured to use a proxy, it uses the HTTP CONNECT 
> protocol. Here's the flow that leads to this error:
> 1. The client connects over TLS to the proxy
> 2. Client issues an HTTP CONNECT request to the proxy
> 3. Proxy opens a TCP connection to the target URL's host
> 4. If successful, proxy replies with 200 OK
> 5. For HTTPS targets, client attempts another TLS handshake with the target 
> host
> 6. This second TLS handshake fails with IllegalStateException because the 
> connection already has a TLS context
> Stack Trace:
> {{{*}Caused by: java.util.concurrent.ExecutionException: 
> java.lang.IllegalStateException: TLS already activated{*}
> *at org.apache.hc.core5.concurrent.BasicFuture.getResult(BasicFuture.java:84) 
> ~[Apache-HttpComponents-HttpCore5-5.0.x.jar:?]*
> *at org.apache.hc.core5.concurrent.BasicFuture.get(BasicFuture.java:122) 
> ~[Apache-HttpComponents-HttpCore5-5.0.x.jar:?]*
> *at 
> com.amazon.mons.control.http.client.apache.ApacheHttpClient5AsyncBuffered.execute(ApacheHttpClient5AsyncBuffered.java:103)
>  ~[main/:?]*
> *... 16 more*
> *Caused by: java.lang.IllegalStateException: TLS already activated*
> *at 
> org.apache.hc.core5.reactor.InternalDataChannel.startTls(InternalDataChannel.java:253)
>  ~[Apache-HttpComponents-HttpCore5-5.0.x.jar:?]*
> *at 
> org.apache.hc.client5.http.impl.nio.DefaultManagedAsyncClientConnection.startTls(DefaultManagedAsyncClientConnection.java:171)
>  ~[Apache-HttpComponents-HttpClient5-5.0.x.jar:?]*
> *at 
> org.apache.hc.client5.http.ssl.AbstractClientTlsStrategy.upgrade(AbstractClientTlsStrategy.java:127)
>  ~[Apache-HttpComponents-HttpClient5-5.0.x.jar:?]*
> *at 
> org.apache.hc.client5.http.ssl.DefaultClientTlsStrategy.upgrade(DefaultClientTlsStrategy.java:48)
>  ~[Apache-HttpComponents-HttpClient5-5.0.x.jar:?]*
> *at 
> org.apache.hc.client5.http.impl.nio.DefaultAsyncClientConnectionOperator.upgrade(DefaultAsyncClientConnectionOperator.java:206)
>  ~[Apache-HttpComponents-HttpClient5-5.0.x.jar:?]*
> *at 
> org.apache.hc.client5.http.impl.nio.PoolingAsyncClientConnectionManager.upgrade(PoolingAsyncClientConnectionManager.java:505)
>  ~[Apache-HttpComponents-HttpClient5-5.0.x.jar:?]*
> *at 
> org.apache.hc.client5.http.impl.async.InternalHttpAsyncExecRuntime.upgradeTls(InternalHttpAsyncExecRuntime.java:267)
>  ~[Apache-HttpComponents-HttpClient5-5.0.x.jar:?]*
> *at 
> org.apache.hc.client5.http.impl.async.AsyncConnectExec.doProceedToNextHop(AsyncConnectExec.java:336)
>  ~[Apache-HttpComponents-HttpClient5-5.0.x.jar:?]*
> *at 
> org.apache.hc.client5.http.impl.async.AsyncConnectExec.proceedToNextHop(AsyncConnectExec.java:195)
>  ~[Apache-HttpComponents-HttpClient5-5.0.x.jar:?]*
> *at 
> org.apache.hc.client5.http.impl.async.AsyncConnectExec.access$000(AsyncConnectExec.java:90)
>  ~[Apache-HttpComponents-HttpClient5-5.0.x.jar:?]*
> *at 
> org.apache.hc.client5.http.impl.async.AsyncConnectExec$4.completed(AsyncConnectExec.java:313)
>  ~[Apache-HttpComponents-HttpClient5-5.0.x.jar:?]*
> *at 
> org.apache.hc.client5.http.impl.async.AsyncConnectExec$6.consumeResponse(AsyncConnectExec.java:468)
>  ~[Apache-HttpComponents-HttpClient5-5.0.x.jar:?]*
> *at 
> org.apache.hc.core5.http.impl.nio.ClientHttp1StreamHandler.consumeHeader(ClientHttp1StreamHandler.java:252)
>  ~[Apache-HttpComponents-HttpCore5-5.0.x.jar:?]*
> *at 
> org.apache.hc.core5.http.impl.nio.ClientHttp1StreamDuplexer.consumeHeader(ClientHttp1StreamDuplexer.java:348)
>  ~[Apache-HttpComponents-HttpCore5-5.0.x.jar:?]*
> *at 
> org.apache.hc.core5.http.impl.nio.ClientHttp1StreamDuplexer.consumeHeader(ClientHttp1StreamDuplexer.java:80)
>  ~[Apache-HttpComponents-HttpCore5-5.0.x.jar:?]*
> *at 
> org.apache.hc.core5.http.impl.nio.AbstractHttp1StreamDuplexer.onInput(AbstractHttp1StreamDuplexer.java:301)
>  ~[Apache-HttpComponents-HttpCore5-5.0.x.jar:?]*
> *at 
> org.apache.hc.core5.http.impl.nio.AbstractHttp1IOEventHandler.inputReady(AbstractHttp1IOEventHandler.java:64)
>  ~[Apache-HttpComponents-HttpCore5-5.0.x.jar:?]*
> *at 
> org.apache.hc.core5.http.impl.nio.ClientHttp1IOEventHandler.inputReady(ClientHttp1IOEventHandler.java:41)
>  ~[Apache-HttpComponents-HttpCore5-5.0.x.jar:?]*
> *at 
> org.apache.hc.core5.reactor.ssl.SSLIOSession.decryptData(SSLIOSession.java:618)
>  ~[Apache-HttpComponents-HttpCore5-5.0.x.jar:?]*
> *at 
> org.apache.hc.core5.reactor.ssl.SSLIOSession.access$200(SSLIOSession.java:74) 
> ~[Apache-HttpComponents-HttpCore5-5.0.x.jar:?]*
> *at 
> org.apache.hc.core5.reactor.ssl.SSLIOSession$1.inputReady(SSLIOSession.java:204)
>  ~[Apache-HttpComponents-HttpCore5-5.0.x.jar:?]*
> *at 
> org.apache.hc.core5.reactor.InternalDataChannel.onIOEvent(InternalDataChannel.java:143)
>  ~[Apache-HttpComponents-HttpCore5-5.0.x.jar:?]*
> *at 
> org.apache.hc.core5.reactor.InternalChannel.handleIOEvent(InternalChannel.java:51)
>  ~[Apache-HttpComponents-HttpCore5-5.0.x.jar:?]*
> *at 
> org.apache.hc.core5.reactor.SingleCoreIOReactor.processEvents(SingleCoreIOReactor.java:176)
>  ~[Apache-HttpComponents-HttpCore5-5.0.x.jar:?]*
> *at 
> org.apache.hc.core5.reactor.SingleCoreIOReactor.doExecute(SingleCoreIOReactor.java:125)
>  ~[Apache-HttpComponents-HttpCore5-5.0.x.jar:?]*
> *at 
> org.apache.hc.core5.reactor.AbstractSingleCoreIOReactor.execute(AbstractSingleCoreIOReactor.java:92)
>  ~[Apache-HttpComponents-HttpCore5-5.0.x.jar:?]*
> *at org.apache.hc.core5.reactor.IOReactorWorker.run(IOReactorWorker.java:44) 
> ~[Apache-HttpComponents-HttpCore5-5.0.x.jar:?]*
> *at java.lang.Thread.run(Thread.java:1583) [?:?]*
> }}
> *Code:*
>  
>  
>  
>  
> {noformat}
> HttpRoutePlanner planner = (target, context) → {
>  HttpHost httpHost = new HttpHost("https",target.getHostName(), 443);
>  HttpHost proxy = new HttpHost("https", proxynode, 443);
>  HttpRoute route = new HttpRoute(
>  httpHost,
>  null,
>  proxy,
>  true,
>  RouteInfo.TunnelType.TUNNELLED,
>  RouteInfo.LayerType.LAYERED
>  );
>  return route;
> };
> CachingHttpAsyncClients.custom()
>  //...
>  .setRoutePlanner(planner)
>  .build();
> future = httpAsyncClient.execute(
>  asyncRequestProducer,
>  SimpleResponseConsumer.create(),
>  null,
>  cacheContext,
>  null
> );{noformat}
>  



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@hc.apache.org
For additional commands, e-mail: dev-h...@hc.apache.org

[jira] [Resolved] (HTTPCLIENT-2368) IllegalStateException: "TLS already activated" with HttpAsyncClient and HTTPS Proxy

Reply via email to