Cloudflare free SSL ConnectException

Question

I had put my website behind CloudFlare with it's free SSL feature.

Every thing works fine in browser. SSL lock appears properly in browser.

But if I to make HTTP GET request to same web using Java program I will get exception.

Following is small java program I wrote.

package com.mycompany.textexception;

import java.io.IOException;
import java.net.URI;
import java.net.URISyntaxException;
import org.apache.http.HttpResponse;
import org.apache.http.client.HttpClient;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.impl.client.DefaultHttpClient;

public class Main {
    public static void main(String [] args) throws IOException, URISyntaxException{
        URI loginUri = new URI("https://site-behind-cf.in/");

        HttpClient httpclient = new DefaultHttpClient();
        HttpGet httpget = new HttpGet( loginUri );
        HttpResponse response = httpclient.execute( httpget );
        System.out.println("Done");
    }
}

And the exception is

Exception in thread "main" java.net.ConnectException: Connection refused: connect
    at java.net.DualStackPlainSocketImpl.connect0(Native Method)
    at java.net.DualStackPlainSocketImpl.socketConnect(DualStackPlainSocketImpl.java:79)
    at java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:345)
    at java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:206)
    at java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:188)
    at java.net.PlainSocketImpl.connect(PlainSocketImpl.java:172)
    at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392)
    at java.net.Socket.connect(Socket.java:589)
    at sun.security.ssl.SSLSocketImpl.connect(SSLSocketImpl.java:656)
    at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:524)
    at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:403)
    at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:177)
    at org.apache.http.impl.conn.ManagedClientConnectionImpl.open(ManagedClientConnectionImpl.java:304)
    at org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:611)
    at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:446)
    at org.apache.http.impl.client.AbstractHttpClient.doExecute(AbstractHttpClient.java:863)
    at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:82)
    at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:106)
    at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:57)
    at com.mycompany.textexception.Main.main(Main.java:26)

Note: Same program will work fine if I point to https://www.google.co.in or https://my-other-web.com which is not behind CloudFlare and has it's own SSL issued.

score 0 · Answer 1 · answered Sep 17 '15 at 12:04

0

The SSL for Free plan utilize Elliptic Curve Digital Signature Algorithm (ECDSA) certificates from Comodo or GlobalSign.

These certificates only work with modern browsers which support Server Name Indication (SNI)

You may not have the same problem if you go Cloudflare Pro

answered Sep 17 '15 at 12:04

Faiz Mohamed Haneef

2,704
3
24
38

Neither upgrading to Cloudflare Pro nor ordering a "Dedicated" SSL certificate didn't resolve the issue for me. – TomTasche Apr 23 '18 at 16:05
my skype- gofaizmh .. any exceptions that you face during http request? – Faiz Mohamed Haneef Apr 23 '18 at 16:37
1

It turned out to be related to this: https://stackoverflow.com/questions/13670692/403-forbidden-with-java-but-not-web-browser – TomTasche Apr 25 '18 at 18:13

score 0 · Answer 2 · answered Dec 02 '15 at 16:26

The SSL for Free plan utilize Elliptic Curve Digital Signature Algorithm (ECDSA) certificates from Comodo or GlobalSign.

These certificates only work with modern browsers which support Server Name Indication (SNI)

You need to add same headers browsers(support SNI) would do for you. The following test code may help you. Thx.

import java.io.IOException;

import org.apache.http.HttpResponse;
import org.apache.http.client.ClientProtocolException;
import org.apache.http.client.HttpClient;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.impl.client.HttpClients;

public class CloudFlareTest {

    public static void main(String[] params){
        HttpClient httpClient = HttpClients.createDefault();
        HttpGet getMethod = new HttpGet("https://your.domain.com/path/to/yourrequest");

        getMethod.addHeader(":authority", "your.domain.com");
        getMethod.addHeader(":method","GET");
        getMethod.addHeader(":path","/path/to/yourrequest");
        getMethod.addHeader(":scheme","https");

        try {
            HttpResponse httpResponse = httpClient.execute(getMethod);

            if(httpResponse.getStatusLine().getStatusCode() == 200){

                System.out.println("Done: " + httpResponse.getEntity().getContentLength());
            }
        } catch (ClientProtocolException e) {
            // TODO Auto-generated catch block
            e.printStackTrace();
        } catch (IOException e) {
            // TODO Auto-generated catch block
            e.printStackTrace();
        }
    }
}

Cloudflare free SSL ConnectException

2 Answers2