On Fri, 2025-01-17 at 00:55 +0100, Polybios wrote: > Hi everyone, > > after upgrading my Spring project (corporate setting) to HttpClient > 5.4.1 from HttpClient 5.3, I suddenly started to receive errors when > sending requests through corporate proxies. Before, this worked > without > problems. > The error message is: "org.apache.hc.core5.http.ProtocolException: > Chunked transfer encoding not allowed for HTTP/1.0" (also see > stacktrace > below). > > After being unable to find anything meaningful on the web, I > investigated a bit further by looking at the wire protocol (also see > below). > > There I can see that, after a CONNECT request is sent to the proxy, > the > proxy responds with "HTTP/1.0 200 Connection Established". > > Looking at the diff between HttpClient 5.3 and 5.4, I get the > impression > that the protocol version of this proxy response is now interpreted > and > also set on the HTTP connection that is made after establishing the > TLS > connection through the TCP tunnel set up by the proxy. > > While I'm by far no expert on the finer details of HTTP, interpreting > the protocol version in this response strikes me as a bit odd due to > the > following reasons: > > 1. as far as I understand it, the proxy has merely the job to set up > the > tunnel after CONNECT and further content will not be interpreted by > it. > 2. CONNECT itself seems to be part of HTTP/1.1 > > Of course, the proxy should probably respond with "HTTP/1.1" instead > of > "HTTP/1.0". However, due to the rigid corporate setting I am in, it > will > be very difficult and time consuming, if at all possible to find the > appropriate team(s) and convince them to configure every proxy's > response to be "HTTP/1.1 200 Connection Established" (1.1 instead of > 1.0). > > Finally, the actual request that is sent after the TLS connection has > been established, is sent with HTTP/1.1 (not 1.0), as can be seen in > the > wire protocol below. This seems to be a bit inconsistent. > > Unfortunately, the only solution I have found so far, given time > constraints, is to use a different http client. > > What is your opinion on this issue? > Did I miss something? > Is this an intentional change with 5.4?
No, it is not. > Is it a bug? It likely is. Please raise a JIRA ticket for this issue and attach the log to it. Oleg > > If the behavior is intentional, would it maybe be possible to > introduce > a configuration flag to ignore the HTTP/1.0 protocol version in a > CONNECT-response by such proxies to regain compatibility? > > I should also mention that the error does not occur when the request > body is something with a predictable length, e.g. a string. This is > related to Spring's usage of different HttpMessageConverters and > their > effect on the content-length header. > > Thanks and kind regards, > Polybios > > > --- > > Stack trace: > > > org.apache.hc.core5.http.ProtocolException: Chunked transfer encoding > not allowed for HTTP/1.0 > at > org.apache.hc.core5.http.protocol.RequestContent.process(RequestConte > nt.java:127) > ~[httpcore5-5.3.1.jar:5.3.1] > at > org.apache.hc.core5.http.protocol.DefaultHttpProcessor.process(Defaul > tHttpProcessor.java:107) > ~[httpcore5-5.3.1.jar:5.3.1] > at > org.apache.hc.client5.http.impl.classic.MainClientExec.execute(MainCl > ientExec.java:119) > ~[httpclient5-5.4.1.jar:5.4.1] > at > org.apache.hc.client5.http.impl.classic.ExecChainElement.execute(Exec > ChainElement.java:51) > ~[httpclient5-5.4.1.jar:5.4.1] > at > org.apache.hc.client5.http.impl.classic.ConnectExec.execute(ConnectEx > ec.java:199) > ~[httpclient5-5.4.1.jar:5.4.1] > at > org.apache.hc.client5.http.impl.classic.ExecChainElement.execute(Exec > ChainElement.java:51) > ~[httpclient5-5.4.1.jar:5.4.1] > at > org.apache.hc.client5.http.impl.classic.ProtocolExec.execute(Protocol > Exec.java:192) > ~[httpclient5-5.4.1.jar:5.4.1] > at > org.apache.hc.client5.http.impl.classic.ExecChainElement.execute(Exec > ChainElement.java:51) > ~[httpclient5-5.4.1.jar:5.4.1] > at > org.apache.hc.client5.http.impl.classic.ContentCompressionExec.execut > e(ContentCompressionExec.java:150) > ~[httpclient5-5.4.1.jar:5.4.1] > at > org.apache.hc.client5.http.impl.classic.ExecChainElement.execute(Exec > ChainElement.java:51) > ~[httpclient5-5.4.1.jar:5.4.1] > at > org.apache.hc.client5.http.impl.classic.HttpRequestRetryExec.execute( > HttpRequestRetryExec.java:113) > ~[httpclient5-5.4.1.jar:5.4.1] > at > org.apache.hc.client5.http.impl.classic.ExecChainElement.execute(Exec > ChainElement.java:51) > ~[httpclient5-5.4.1.jar:5.4.1] > at > org.apache.hc.client5.http.impl.classic.RedirectExec.execute(Redirect > Exec.java:110) > ~[httpclient5-5.4.1.jar:5.4.1] > at > org.apache.hc.client5.http.impl.classic.ExecChainElement.execute(Exec > ChainElement.java:51) > ~[httpclient5-5.4.1.jar:5.4.1] > at > org.apache.hc.client5.http.impl.classic.InternalHttpClient.doExecute( > InternalHttpClient.java:174) > ~[httpclient5-5.4.1.jar:5.4.1] > at > org.apache.hc.client5.http.impl.classic.CloseableHttpClient.execute(C > loseableHttpClient.java:87) > ~[httpclient5-5.4.1.jar:5.4.1] > at > org.apache.hc.client5.http.impl.classic.CloseableHttpClient.execute(C > loseableHttpClient.java:55) > ~[httpclient5-5.4.1.jar:5.4.1] > at > org.apache.hc.client5.http.classic.HttpClient.executeOpen(HttpClient. > java:183) > ~[httpclient5-5.4.1.jar:5.4.1] > at > org.springframework.http.client.HttpComponentsClientHttpRequest.execu > teInternal(HttpComponentsClientHttpRequest.java:99) > ~[spring-web-6.2.1.jar:6.2.1] > > > --- > > Wire protocol (I have replaced proxy and target host names) > > h.i.i.DefaultHttpClientConnectionOperator http-outgoing-0 > http://PROXY_HOST:8080 connected [...] > h.i.i.PoolingHttpClientConnectionManager ep-0000000001 executing > exchange ex-0000000001 over http-outgoing-0 > [...] > org.apache.hc.client5.http.wire http-outgoing-0 >> "CONNECT > TARGET_HOST:443 HTTP/1.1[\r][\n]" > org.apache.hc.client5.http.wire http-outgoing-0 >> "Host > TARGET_HOST:443[\r][\n]" > org.apache.hc.client5.http.wire http-outgoing-0 >> "User-Agent: > ApacheHttpClient/5.4.1 (Java/17.[...])[\r][\n]" > org.apache.hc.client5.http.wire http-outgoing-0 >> "[\r][\n]" > org.apache.hc.client5.http.wire http-outgoing-0 << "HTTP/1.0 200 > Connection Established[\r][\n]" > org.apache.hc.client5.http.wire http-outgoing-0 << "[\r][\n]" > [...] > h.i.i.DefaultHttpClientConnectionOperator http-outgoing-0 upgrading > to > TLS TARGET_HOST:443 > [...] > o.a.h.c.ssl.AbstractClientTlsStrategy Secure session established > o.a.h.c.ssl.AbstractClientTlsStrategy negotiated protocol: TLSv1.3 > [...] > h.i.i.DefaultHttpClientConnectionOperator http-outgoing-0 upgraded to > TLS TARGET_HOST:443 > o.a.h.c.h.impl.classic.MainClientExec ex-0000000001 executing POST > /path > HTTP/1.1 > h.i.i.DefaultManagedHttpClientConnection http-outgoing-0 close > connection IMMEDIATE > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: httpclient-users-unsubscr...@hc.apache.org > For additional commands, e-mail: httpclient-users-h...@hc.apache.org > --------------------------------------------------------------------- To unsubscribe, e-mail: httpclient-users-unsubscr...@hc.apache.org For additional commands, e-mail: httpclient-users-h...@hc.apache.org
