Cloudflare免费SSL ConnectException

Question

I had put my website behind CloudFlare with it's free SSL feature.

Every thing works fine in browser. SSL lock appears properly in browser.

But if I to make HTTP GET request to same web using Java program I will get exception.

Following is small java program I wrote.

package com.mycompany.textexception;

import java.io.IOException;
import java.net.URI;
import java.net.URISyntaxException;
import org.apache.http.HttpResponse;
import org.apache.http.client.HttpClient;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.impl.client.DefaultHttpClient;

public class Main {
    public static void main(String [] args) throws IOException, URISyntaxException{
        URI loginUri = new URI("https://site-behind-cf.in/");

        HttpClient httpclient = new DefaultHttpClient();
        HttpGet httpget = new HttpGet( loginUri );
        HttpResponse response = httpclient.execute( httpget );
        System.out.println("Done");
    }
}

And the exception is

Exception in thread "main" java.net.ConnectException: Connection refused: connect
    at java.net.DualStackPlainSocketImpl.connect0(Native Method)
    at java.net.DualStackPlainSocketImpl.socketConnect(DualStackPlainSocketImpl.java:79)
    at java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:345)
    at java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:206)
    at java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:188)
    at java.net.PlainSocketImpl.connect(PlainSocketImpl.java:172)
    at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392)
    at java.net.Socket.connect(Socket.java:589)
    at sun.security.ssl.SSLSocketImpl.connect(SSLSocketImpl.java:656)
    at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:524)
    at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:403)
    at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:177)
    at org.apache.http.impl.conn.ManagedClientConnectionImpl.open(ManagedClientConnectionImpl.java:304)
    at org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:611)
    at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:446)
    at org.apache.http.impl.client.AbstractHttpClient.doExecute(AbstractHttpClient.java:863)
    at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:82)
    at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:106)
    at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:57)
    at com.mycompany.textexception.Main.main(Main.java:26)

Note: Same program will work fine if I point to https://www.google.co.in or https://my-other-web.com which is not behind CloudFlare and has it's own SSL issued.

Answer 1

The SSL for Free plan utilize Elliptic Curve Digital Signature Algorithm (ECDSA) certificates from Comodo or GlobalSign.

These certificates only work with modern browsers which support Server Name Indication (SNI)

You may not have the same problem if you go Cloudflare Pro

Answer 2

The SSL for Free plan utilize Elliptic Curve Digital Signature Algorithm (ECDSA) certificates from Comodo or GlobalSign.

These certificates only work with modern browsers which support Server Name Indication (SNI)

You need to add same headers browsers(support SNI) would do for you. The following test code may help you. Thx.

import java.io.IOException;

import org.apache.http.HttpResponse;
import org.apache.http.client.ClientProtocolException;
import org.apache.http.client.HttpClient;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.impl.client.HttpClients;

public class CloudFlareTest {

    public static void main(String[] params){
        HttpClient httpClient = HttpClients.createDefault();
        HttpGet getMethod = new HttpGet("https://your.domain.com/path/to/yourrequest");

        getMethod.addHeader(":authority", "your.domain.com");
        getMethod.addHeader(":method","GET");
        getMethod.addHeader(":path","/path/to/yourrequest");
        getMethod.addHeader(":scheme","https");

        try {
            HttpResponse httpResponse = httpClient.execute(getMethod);

            if(httpResponse.getStatusLine().getStatusCode() == 200){

                System.out.println("Done: " + httpResponse.getEntity().getContentLength());
            }
        } catch (ClientProtocolException e) {
            // TODO Auto-generated catch block
            e.printStackTrace();
        } catch (IOException e) {
            // TODO Auto-generated catch block
            e.printStackTrace();
        }
    }
}