Details
Description
Description
The fix for NEXUS-6838 introduced a hard dependency on sun.security.ssl.SSLSocketImpl. JREs with alternative JSSE implementations like the IBM JRE do not ship this class.
This dependency leads to a NoClassDefFoundError on attempts to configure a proxy repository with a HTTPS URL, and thus renders the proxy repository feature unusable for https URLs on non-Oracle JVMs.
Symptoms
- Browsing remote for proxy repositories with https remote does not work
- Logfile shows
SEVERE: Unhandled exception or error intercepted java.lang.NoClassDefFoundError: sun/security/ssl/SSLSocketImpl at org.sonatype.nexus.apachehttpclient.NexusSSLConnectionSocketFactory.connectSocket(NexusSSLConnectionSocketFactory.java:114) at org.apache.http.impl.conn.HttpClientConnectionOperator.connect(HttpClientConnectionOperator.java:123) at org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:318) at org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:363) at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:219) at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:195)
Steps to reproduce:
- download and install IBM JRE
- start nexus 2.x with IBM JRE
- configure a proxy repository with a https remote
- navigate to "browse remote" and try to browse the content
Suggested fix
Use the plattform independent way to set the host for SNI as documented by Oracle: https://docs.oracle.com/javase/8/docs/technotes/guides/security/jsse/JSSERefGuide.html#SNIExamples
Quick fix
Remove dependency on Oracle JRE by using reflection to access SSLSocketImpl.
The quick fix makes https usable for non-Oracle JREs, but removes SNI support for these JREs.
—
---
The quick was implemented in this issue - SNI still does not work for any JVM other than Oracle JVMs. See NEXUS-6844.
—
---
Attachments
Issue Links
- duplicates
-
NEXUS-6844 make a durable Server Name Indication SNI fix that does not rely on specific sun classes
-
- Closed
-
- is caused by
-
NEXUS-6838 HTTP client TLS SNI Server Name Indication support broken
-
- Closed
-
- mentioned in
-
Page Loading...