Try to run old app with TLSv1.0 only against TLSv1.1+ only server


I’m running a very old JDK5 based client which is using HttpsUrlConnection to connect to a 3rd party service using TLSv1 (which is the only supported TLS version in JDK5). Recently the 3rd party service upgraded to TLSv1.1+ only. Since I can’t ugrade the client to JDK7 or newer (libraries aren’t compatible), my hope is, that mitmproxy can help out here.

In my dreams, I simply set mitmproxy as a https proxy using

-Dhttps.proxyHost=mymitmproxyhost -Dhttps.proxyPort=8443

in the JVM. Then the client connects via https to its origin 3rd party service like The TLSv1 connection then terminates @ mitmproxy and invokes the 3rd party service with whatever TLS version is required there. Then returning the result via mitmproxy and the TLSv1 connection back to the client. Is this possible in general? Of course I have to add the mitmproxy certs to the java keystore in the first place.

I tried it using mitmproxy -p 8443. But that ends up with: Unrecognized SSL message, plaintext connection?

Taking a look at the log reveals:

0000: 48 54 54 50 2F HTTP/
main, handling exception: Unrecognized SSL message, plaintext connection?
main, SEND TLSv1 ALERT: fatal, description = unexpected_message
main, WRITE: TLSv1 Alert, length = 2
[Raw write]: length = 7
0000: 15 03 01 00 02 02 0A …

It seems that “HTTP/” is returned without a version?! Also If I try the same e.g. via curl/wget I get

OpenSSL: error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol

also s similar error (my guess is “unknown protocol” means it can’t recognized “HTTP/”?).
Maybe I’m missing something here?

Any help is appreciated!

I remember we talked on Slack about this - is this fixed?