Https Proxy with Restlet Client - restlet

I am trying to get an https page over a proxy in restlet 2.1.7 with HTTPClient 4.1 and it is not authorizing with the proxy. If I connect to a page through http the authorization works. Connecting with httpurlconnect through the proxy to the same https site also works.
public class TestProxy {
public static void main(String[] args) {
Series<Parameter> parameters = null;
ClientResource clientResource = null;
Representation representation = null;
try {
Client client = new Client(new Context(), Protocol.HTTPS);
parameters = client.getContext().getParameters();
// proxy with credentials Works as excepted with http sites
parameters.add("proxyHost", PROXYIP);
parameters.add("proxyPort", PROXYPORT);
// create trust manager that trusts everything to eliminate
// certificates as an issue
TrustManager tm = new X509TrustManager() {
public void checkClientTrusted(X509Certificate[] chain,
String authType) throws CertificateException {
}
public X509Certificate[] getAcceptedIssuers() {
return new X509Certificate[0];
}
public void checkServerTrusted(X509Certificate[] chain,
String authType) throws CertificateException {
// This will never throw an exception.
// This doesn't check anything at all: it's insecure.
}
};
final SSLContext sslContext = SSLContext.getInstance("TLS");
sslContext.init(null, new TrustManager[] { tm }, null);
Context context = client.getContext();
context.getAttributes().put("sslContextFactory",
new SslContextFactory() {
public void init(Series<Parameter> parameters) {
}
public SSLContext createSslContext() {
return sslContext;
}
});
clientResource = new ClientResource("https://www.google.com");
clientResource.setProxyChallengeResponse(
ChallengeScheme.HTTP_BASIC, USER, PASS);
clientResource.setNext(client);
representation = clientResource.get();
System.out.println(representation.getText());
clientResource.get();
} catch (Exception e) {
e.printStackTrace();
}
}
}
It then throws a 407 proxy not authorized exception
Starting the Apache HTTP client
ThreadSafeClientConnManager.java:221) Get connection: HttpRoute[{tls}->http://PROXYIP:3128->https://www.google.com], timeout = 0
13 Jul 2015 10:18:11,747 DEBUG (ConnPoolByRoute.java:350) [HttpRoute[{tls}->http://PROXYIP:3128->https://www.google.com]] total kept alive: 0, total issued: 0, total allocated: 0 out of 20
13 Jul 2015 10:18:11,748 DEBUG (ConnPoolByRoute.java:523) No free connections [HttpRoute[{tls}->http://PROXYIP:3128->https://www.google.com]][null]
13 Jul 2015 10:18:11,749 DEBUG (ConnPoolByRoute.java:369) Available capacity: 10 out of 10 [HttpRoute[{tls}->http://PROXYIP:3128->https://www.google.com]][null]
13 Jul 2015 10:18:11,749 DEBUG (ConnPoolByRoute.java:549) Creating new connection [HttpRoute[{tls}->http://PROXYIP:3128->https://www.google.com]]
13 Jul 2015 10:18:11,769 DEBUG (DefaultClientConnectionOperator.java:145) Connecting to /PROXYIP:3128
13 Jul 2015 10:18:16,426 DEBUG (RequestAuthCache.java:75) Auth cache not set in the context
13 Jul 2015 10:18:16,426 DEBUG (DefaultClientConnection.java:264) Sending request: CONNECT www.google.com:443 HTTP/1.1
13 Jul 2015 10:18:16,428 DEBUG (Wire.java:63) >> "CONNECT www.google.com:443 HTTP/1.1[\r][\n]"
13 Jul 2015 10:18:16,430 DEBUG (Wire.java:63) >> "Host: www.google.com[\r][\n]"
13 Jul 2015 10:18:16,430 DEBUG (Wire.java:63) >> "Proxy-Connection: Keep-Alive[\r][\n]"
13 Jul 2015 10:18:16,431 DEBUG (Wire.java:63) >> "[\r][\n]"
13 Jul 2015 10:18:16,431 DEBUG (DefaultClientConnection.java:268) >> CONNECT www.google.com:443 HTTP/1.1
13 Jul 2015 10:18:16,432 DEBUG (DefaultClientConnection.java:271) >> Host: www.google.com
13 Jul 2015 10:18:16,432 DEBUG (DefaultClientConnection.java:271) >> Proxy-Connection: Keep-Alive
13 Jul 2015 10:18:16,455 DEBUG (Wire.java:63) << "HTTP/1.0 407 Proxy Authentication Required[\r][\n]"
13 Jul 2015 10:18:16,458 DEBUG (Wire.java:63) << "Server: squid/2.6.STABLE21[\r][\n]"
13 Jul 2015 10:18:16,459 DEBUG (Wire.java:63) << "Date: Mon, 13 Jul 2015 09:29:46 GMT[\r][\n]"
13 Jul 2015 10:18:16,459 DEBUG (Wire.java:63) << "Content-Type: text/html[\r][\n]"
13 Jul 2015 10:18:16,459 DEBUG (Wire.java:63) << "Content-Length: 1298[\r][\n]"
13 Jul 2015 10:18:16,460 DEBUG (Wire.java:63) << "Expires: Mon, 13 Jul 2015 09:29:46 GMT[\r][\n]"
13 Jul 2015 10:18:16,460 DEBUG (Wire.java:63) << "X-Squid-Error: ERR_CACHE_ACCESS_DENIED 0[\r][\n]"
13 Jul 2015 10:18:16,461 DEBUG (Wire.java:63) << "Proxy-Authenticate: Basic realm="Squid proxy-caching web server"[\r][\n]"
13 Jul 2015 10:18:16,461 DEBUG (Wire.java:63) << "X-Cache: MISS from hostname.domain.tld[\r][\n]"
13 Jul 2015 10:18:16,461 DEBUG (Wire.java:63) << "X-Cache-Lookup: NONE from hostname.domain.tld:3128[\r][\n]"
13 Jul 2015 10:18:16,462 DEBUG (Wire.java:63) << "Via: 1.0 hostname.domain.tld:3128 (squid/2.6.STABLE21)[\r][\n]"
13 Jul 2015 10:18:16,462 DEBUG (Wire.java:63) << "Proxy-Connection: close[\r][\n]"
13 Jul 2015 10:18:16,462 DEBUG (Wire.java:63) << "[\r][\n]"
13 Jul 2015 10:18:16,464 DEBUG (DefaultClientConnection.java:249) Receiving response: HTTP/1.0 407 Proxy Authentication Required
13 Jul 2015 10:18:16,464 DEBUG (DefaultClientConnection.java:252) << HTTP/1.0 407 Proxy Authentication Required
13 Jul 2015 10:18:16,464 DEBUG (DefaultClientConnection.java:255) << Server: squid/2.6.STABLE21
13 Jul 2015 10:18:16,465 DEBUG (DefaultClientConnection.java:255) << Date: Mon, 13 Jul 2015 09:29:46 GMT
13 Jul 2015 10:18:16,465 DEBUG (DefaultClientConnection.java:255) << Content-Type: text/html
13 Jul 2015 10:18:16,465 DEBUG (DefaultClientConnection.java:255) << Content-Length: 1298
13 Jul 2015 10:18:16,466 DEBUG (DefaultClientConnection.java:255) << Expires: Mon, 13 Jul 2015 09:29:46 GMT
13 Jul 2015 10:18:16,466 DEBUG (DefaultClientConnection.java:255) << X-Squid-Error: ERR_CACHE_ACCESS_DENIED 0
13 Jul 2015 10:18:16,466 DEBUG (DefaultClientConnection.java:255) << Proxy-Authenticate: Basic realm="Squid proxy-caching web server"
13 Jul 2015 10:18:16,467 DEBUG (DefaultClientConnection.java:255) << X-Cache: MISS from hostname.domain.tld
13 Jul 2015 10:18:16,467 DEBUG (DefaultClientConnection.java:255) << X-Cache-Lookup: NONE from hostname.domain.tld:3128
13 Jul 2015 10:18:16,467 DEBUG (DefaultClientConnection.java:255) << Via: 1.0 hostname.domain.tld:3128 (squid/2.6.STABLE21)
13 Jul 2015 10:18:16,468 DEBUG (DefaultClientConnection.java:255) << Proxy-Connection: close
13 Jul 2015 10:18:16,470 DEBUG (ResponseProcessCookies.java:78) Cookie spec not specified in HTTP context
13 Jul 2015 10:18:16,473 DEBUG (Wire.java:63) << "<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">[\n]"
13 Jul 2015 10:18:16,474 DEBUG (Wire.java:63) << "<HTML><HEAD><META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">[\n]"
13 Jul 2015 10:18:16,474 DEBUG (Wire.java:63) << "<TITLE>ERROR: Cache Access Denied</TITLE>[\n]"
13 Jul 2015 10:18:16,475 DEBUG (Wire.java:63) << "<STYLE type="text/css"><!--BODY{background-color:#ffffff;font-family:verdana,sans-serif}PRE{font-family:sans-serif}--></STYLE>[\n]"
13 Jul 2015 10:18:16,475 DEBUG (Wire.java:63) << "</HEAD>[\n]"
13 Jul 2015 10:18:16,476 DEBUG (Wire.java:63) << "<BODY>[\n]"
13 Jul 2015 10:18:16,476 DEBUG (Wire.java:63) << "<H1>ERROR</H1>[\n]"
13 Jul 2015 10:18:16,477 DEBUG (Wire.java:63) << "<H2>Cache Access Denied</H2>[\n]"
13 Jul 2015 10:18:16,477 DEBUG (Wire.java:63) << "<HR noshade size="1px">[\n]"
13 Jul 2015 10:18:16,478 DEBUG (Wire.java:63) << "<P>[\n]"
13 Jul 2015 10:18:16,478 DEBUG (Wire.java:63) << "While trying to retrieve the URL:[\n]"
13 Jul 2015 10:18:16,479 DEBUG (Wire.java:63) << "www.google.com:443[\n]"
13 Jul 2015 10:18:16,479 DEBUG (Wire.java:63) << "<P>[\n]"
13 Jul 2015 10:18:16,480 DEBUG (Wire.java:63) << "The following error was encountered:[\n]"
13 Jul 2015 10:18:16,480 DEBUG (Wire.java:63) << "<UL>[\n]"
13 Jul 2015 10:18:16,480 DEBUG (Wire.java:63) << "<LI>[\n]"
13 Jul 2015 10:18:16,481 DEBUG (Wire.java:63) << "<STRONG>[\n]"
13 Jul 2015 10:18:16,481 DEBUG (Wire.java:63) << "Cache Access Denied.[\n]"
13 Jul 2015 10:18:16,482 DEBUG (Wire.java:63) << "</STRONG>[\n]"
13 Jul 2015 10:18:16,482 DEBUG (Wire.java:63) << "</UL>[\n]"
13 Jul 2015 10:18:16,483 DEBUG (Wire.java:63) << "</P>[\n]"
13 Jul 2015 10:18:16,483 DEBUG (Wire.java:63) << "[\n]"
13 Jul 2015 10:18:16,483 DEBUG (Wire.java:63) << "<P>Sorry, you are not currently allowed to request:[\n]"
13 Jul 2015 10:18:16,484 DEBUG (Wire.java:63) << "<PRE> www.google.com:443</PRE>[\n]"
13 Jul 2015 10:18:16,484 DEBUG (Wire.java:63) << "from this cache until you have authenticated yourself.[\n]"
13 Jul 2015 10:18:16,485 DEBUG (Wire.java:63) << "</P>[\n]"
13 Jul 2015 10:18:16,485 DEBUG (Wire.java:63) << "[\n]"
13 Jul 2015 10:18:16,486 DEBUG (Wire.java:63) << "<P>[\n]"
13 Jul 2015 10:18:16,486 DEBUG (Wire.java:63) << "You need to use Netscape version 2.0 or greater, or Microsoft Internet[\n]"
13 Jul 2015 10:18:16,487 DEBUG (Wire.java:63) << "Explorer 3.0, or an HTTP/1.1 compliant browser for this to work. Please[\n]"
13 Jul 2015 10:18:16,487 DEBUG (Wire.java:63) << "contact the cache administrator if you have[\n]"
13 Jul 2015 10:18:16,487 DEBUG (Wire.java:63) << "difficulties authenticating yourself or [\n]"
13 Jul 2015 10:18:16,488 DEBUG (Wire.java:63) << "change your default password.[\n]"
13 Jul 2015 10:18:16,488 DEBUG (Wire.java:63) << "</P>[\n]"
13 Jul 2015 10:18:16,488 DEBUG (Wire.java:63) << "[\n]"
13 Jul 2015 10:18:16,489 DEBUG (Wire.java:63) << "<BR clear="all">[\n]"
13 Jul 2015 10:18:16,489 DEBUG (Wire.java:63) << "<HR noshade size="1px">[\n]"
13 Jul 2015 10:18:16,489 DEBUG (Wire.java:63) << "<ADDRESS>[\n]"
13 Jul 2015 10:18:16,490 DEBUG (Wire.java:63) << "Generated Mon, 13 Jul 2015 09:29:46 GMT by hostname.domain.tld (squid/2.6.STABLE21)[\n]"
13 Jul 2015 10:18:16,490 DEBUG (Wire.java:63) << "</ADDRESS>[\n]"
13 Jul 2015 10:18:16,490 DEBUG (Wire.java:63) << "</BODY></HTML>[\n]"
13 Jul 2015 10:18:16,491 DEBUG (DefaultClientConnection.java:165) Connection closed
13 Jul 2015 10:18:16,491 DEBUG (DefaultRequestDirector.java:418) CONNECT refused by proxy: HTTP/1.0 407 Proxy Authentication Required
13 Jul 2015 10:18:16,492 DEBUG (ThreadSafeClientConnManager.java:272) Released connection is not reusable.
13 Jul 2015 10:18:16,492 DEBUG (ConnPoolByRoute.java:434) Releasing connection [HttpRoute[{tls}->http://PROXYIP:3128->https://www.google.com]][null]
13 Jul 2015 10:18:16,493 DEBUG (ConnPoolByRoute.java:679) Notifying no-one, there are no waiting threads
Proxy Authentication Required (407) - Proxy Authentication Required
at org.restlet.resource.ClientResource.doError(ClientResource.java:612)
at org.restlet.resource.ClientResource.handleInbound(ClientResource.java:1202)
at org.restlet.resource.ClientResource.handle(ClientResource.java:1069)
at org.restlet.resource.ClientResource.handle(ClientResource.java:1044)
at org.restlet.resource.ClientResource.handle(ClientResource.java:950)
at org.restlet.resource.ClientResource.get(ClientResource.java:658)
at TestProxy.main(TestProxy.java:68)

Related

Scrapy+Splash returning wrong headers

When using Splash with Scrapy the headers are returned from the Splash server instead of the website Splash renders.
response.headers returns:
{b'Server': [b'TwistedWeb/19.7.0'], b'Date': [b'Sun, 11 Jul 2021 07:31:32 GMT'], b'Content-Type': [b'text/html; charset=utf-8']}
And I'm trying to get the headers of the actual website:
Connection: Keep-Alive
Content-Length: 5
Content-Type: text/html
Date: Sun, 11 Jul 2021 07:05:49 GMT
Keep-Alive: timeout=5, max=100
Server: Apache
X-Cache: HIT
How can I get the headers of the website instead of the Splash server?
I got it to work with this:
splash_lua_script = """
function main(splash, args)
assert(splash:go(args.url))
assert(splash:wait(0.5))
local entries = splash:history()
local last_response = entries[#entries].response
return {
html = splash:html(),
headers = last_response.headers
}
end
"""
And then refer it to response.headers with Scrapy.

fail2ban: apache-auth isn't banning failed login attempts

Trying to implement fail2ban on a Linux Mint 17.1 and cant seem to get it to ban me after multiple login attempts against apache-auth.
I followed this guide to get started.
I think its a problem with the apache-auth regex but cant get it right.
jail.local
[apache]
enabled = true
port = 80,443
filter = apache-auth
logpath = /var/log/apache2/*error.log
maxretry = 3
bantime = 600
##ignoreip = 192.168.3.70
##To block the remote host that is trying to request suspicious URLs, use the below jail.
[apache-overflows]
enabled = true
port = http,https
filter = apache-overflows
logpath = /var/log/apache2/*error.log
maxretry = 3
bantime = 600
ignoreip = 192.168.3.70
##To block the remote host that is trying to search for scripts on the website to execute, use the below jail.
[apache-noscript]
enabled = true
port = http,https
filter = apache-noscript
logpath = /var/log/apache2/*error.log
maxretry = 3
bantime = 600
ignoreip = 192.168.3.70
##To block the remote host that is trying to request malicious bot, use below jail.
[apache-badbots]
enabled = true
port = http,https
filter = apache-badbots
logpath = /var/log/apache2/*error.log
maxretry = 3
bantime = 600
ignoreip = 192.168.3.70
##To stop DOS attack from remote host.
[http-get-dos]
enabled = true
port = http,https
filter = http-get-dos
logpath = /var/log/apache*/access.log
maxretry = 400
findtime = 400
bantime = 200
##ignoreip = 192.168.3.70
action = iptables[name=HTTP, port=http, protocol=tcp]
apache-auth.conf
[INCLUDES]
before = apache-common.conf
[Definition]
failregex = ^%(_apache_error_client)s (AH01797: )?client denied by server configuration: (uri )?\S*(, referer: \S+)?\s*$
^%(_apache_error_client)s (AH01617: )?user .*? authentication failure for "\S*": Password Mismatch(, referer: \S+)?$
^%(_apache_error_client)s (AH01618: )?user .*? not found(: )?\S*(, referer: \S+)?\s*$
^%(_apache_error_client)s (AH01614: )?client used wrong authentication scheme: \S*(, referer: \S+)?\s*$
^%(_apache_error_client)s (AH\d+: )?Authorization of user \S+ to access \S* failed, reason: .*$
^%(_apache_error_client)s (AH0179[24]: )?(Digest: )?user .*?: password mismatch: \S*(, referer: \S+)?\s*$
^%(_apache_error_client)s (AH0179[01]: |Digest: )user `.*?' in realm `.+' (not found|denied by provider): \S*(, referer: \S+)?\s*$
^%(_apache_error_client)s (AH01631: )?user .*?: authorization failure for "\S*":(, referer: \S+)?\s*$
^%(_apache_error_client)s (AH01775: )?(Digest: )?invalid nonce .* received - length is not \S+(, referer: \S+)?\s*$
^%(_apache_error_client)s (AH01788: )?(Digest: )?realm mismatch - got `.*?' but expected `.+'(, referer: \S+)?\s*$
^%(_apache_error_client)s (AH01789: )?(Digest: )?unknown algorithm `.*?' received: \S*(, referer: \S+)?\s*$
^%(_apache_error_client)s (AH01793: )?invalid qop `.*?' received: \S*(, referer: \S+)?\s*$
^%(_apache_error_client)s (AH01777: )?(Digest: )?invalid nonce .*? received - user attempted time travel(, referer: \S+)?\s*$
apache-common.conf
_apache_error_client = \[[^]]*\] \[(error|\S+:\S+)\]( \[pid \d+:\S+\d+\])? \[client <HOST>(:\d{1,5})?\]
/var/log/apache2/error.log
[Thu Aug 02 23:03:42.143209 2018] [auth_basic:error] [pid 8025] [client 192.168.3.60:54788] AH01618: user aaa not found: /SEC/test.php
[Thu Aug 02 23:03:43.216097 2018] [auth_basic:error] [pid 8025] [client 192.168.3.60:54788] AH01618: user aaa not found: /SEC/test.php
[Thu Aug 02 23:03:44.124570 2018] [auth_basic:error] [pid 8025][client 192.168.3.60:54788] AH01618: user aaa not found: /SEC/test.php
[Thu Aug 02 23:03:45.104747 2018] [auth_basic:error] [pid 8025][client 192.168.3.60:54788] AH01618: user aaa not found: /SEC/test.php
[Thu Aug 02 23:03:46.001161 2018] [auth_basic:error] [pid 8025][client 192.168.3.60:54788] AH01618: user aaa not found: /SEC/test.php
[Thu Aug 02 23:03:46.871802 2018] [auth_basic:error] [pid 8025][client 192.168.3.60:54788] AH01618: user aaa not found: /SEC/test.php
[Thu Aug 02 23:03:47.843740 2018] [auth_basic:error] [pid 8025][client 192.168.3.60:54788] AH01618: user aaa not found: /SEC/test.php
As I said I think the problem is in the regex, since the http-get-dos jail worked fine. The regex for apache-common.conf doesn't look right since my log files seem to follow a different standard, BUT I'm not sure if that's true or how to properly format the regex.
ANy help is appreciated.
Found my problem
I had to change the line in apache-common.conf to the following;
_apache_error_client = \[[^]]*\] \[(error|\S+:\S+)\]( \[pid \d+\])? \[client <HOST>(:\d{1,5})?\]
The difference being in the PID section. I used Regex101 to work the expression until it matched.

Testing with gmail account

I try to test schema integration with rails application. I used my personal Gmail account to configure SMTP :
config.action_mailer.delivery_method = :smtp
config.action_mailer.smtp_settings = {
address: 'smtp.gmail.com',
port: 587,
domain: 'gmail.com',
user_name: 'XXXX#gmail.com',
password: 'XXXX',
authentication: 'plain',
enable_starttls_auto: true
}
I test to send it to my own account. But it's seems that doesn't work..
I test with example code from :
PS : The mail pass validation
Thank you
EDIT : Header of my mail
Return-Path: <XXX#gmail.com>
Received: from gmail.com (84-74-24-22.dclient.hispeed.ch. [84.74.24.22])
by mx.google.com with ESMTPSA id m8sm9364668eeg.11.2014.04.23.13.34.35
for <XXX#gmail.com>
(version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
Wed, 23 Apr 2014 13:34:35 -0700 (PDT)
Date: Wed, 23 Apr 2014 22:34:34 +0200
From: XXX#gmail.com
To: XXX#gmail.com
Message-ID: <535823da92e7c_3d223ffc2442dbe093598#WS-39.local.mail>
Subject: =?UTF-8?Q?Merci_d'avoir_command=C3=A9_!?=
Mime-Version: 1.0
Content-Type: multipart/alternative;
boundary="--==_mimepart_535823da916a1_3d223ffc2442dbe0934a9";
charset=UTF-8
Content-Transfer-Encoding: 7bit

Programmatically configure WCF client binding to access SSL + Soap 1.1 + Basic Auth

I'm trying to write a C# WCF client (generated by svcutil from wsdl) to access a CXF (java) service implementing the same wsdl.
The service is working fine but I'm having trouble connecting to it on my C# client because the CXF is configured with SSL + Soap 1.1 + Basic Auth.
So far I've tried the following:
Why would Basic Auth not work with my WCF client to Java SOAP Web Service?
new BasicHttpBinding()
{
Security =
{
Mode = BasicHttpSecurityMode.Transport,
Transport =
{
ClientCredentialType = HttpClientCredentialType.Basic,
ProxyCredentialType = HttpProxyCredentialType.None
},
Message =
{
ClientCredentialType = BasicHttpMessageCredentialType.UserName,
AlgorithmSuite = SecurityAlgorithmSuite.Default
}
}
}
var client = new WebServiceClient(binding, endpoint);
client.ClientCredentials.UserName.UserName = username;
client.ClientCredentials.UserName.Password = password;
But it doesn't seem to send the Auth Header correctly.
I've also tried adding the header manually as outlined by http://social.msdn.microsoft.com/Forums/en-US/wcf/thread/4f8ab001-dafa-4347-bc41-95255ecc9230. but I am not satisfied that this being the best solution.
Can any WCF expert outline a way of creating a binding programmatically that supports SSL + Soap 1.1 + Basic Auth?
Following is the header sent with WCF
System.Net Information: 0 : [13620] ConnectStream#64929093 - Sending headers
{
Content-Type: text/xml; charset=utf-8
SOAPAction: "http://api.test.com/services/GetThings"
Host: api.test.com
Content-Length: 552
Expect: 100-continue
Accept-Encoding: gzip, deflate
}
While this is the proper header sent by SoapUI
Mon May 13 15:33:08 EDT 2013:DEBUG:>> "Accept-Encoding: gzip,deflate[\r][\n]"
Mon May 13 15:33:08 EDT 2013:DEBUG:>> "Content-Type: text/xml;charset=UTF-8[\r][\n]"
Mon May 13 15:33:08 EDT 2013:DEBUG:>> "SOAPAction: "http://api.test.com/services/GetThings"[\r][\n]"
Mon May 13 15:33:08 EDT 2013:DEBUG:>> "Authorization: Basic bXliVlcHJpbQbWwOTkxMjg=[\r][\n]"
Mon May 13 15:33:08 EDT 2013:DEBUG:>> "Content-Length: 317[\r][\n]"
Mon May 13 15:33:08 EDT 2013:DEBUG:>> "Host: api.test.com[\r][\n]"
Mon May 13 15:33:08 EDT 2013:DEBUG:>> "Connection: Keep-Alive[\r][\n]"
Mon May 13 15:33:08 EDT 2013:DEBUG:>> "User-Agent: Apache-HttpClient/4.1.1 (java 1.5)[\r][\n]"

SSLSocket blocks mostly over 3G but works over wifi

I have a very strange problem regarding networking. I created an andorid app which connects securely to a server running on a PC. Note that though the PC is behind NAT, the respective port has been forwarded. Also PC was placed into DMZ to avoid any port forwarding issue.
The problem is that when I use the code over WIFI, it works perfectly, however, over 3G it almost always (29 out of 30) blocks in the SSLSocket's getOutputStream method (on server side the accept happens).
Can you please assist me what the issue can be?
Thank you
Client code:
E.log("establishing connection: trying to create context");
SSLContext context = SSLContext.getInstance("TLS");
context.init(null, new X509TrustManager[]{new X509TrustManager(){
public void checkClientTrusted(X509Certificate[] chain,
String authType) throws CertificateException {}
public void checkServerTrusted(X509Certificate[] chain,
String authType) throws CertificateException {}
public X509Certificate[] getAcceptedIssuers() {
return new X509Certificate[0];
}}}, new SecureRandom());
E.log("establishing connection: trying to create socket factory");
SSLSocketFactory factory = (SSLSocketFactory) context.getSocketFactory ();
E.log("establishing connection: trying to create socket");
kkSocket = (SSLSocket)
factory.createSocket(host, Integer.parseInt(port));
E.log("establishing connection: trying to create out writer");
out = new PrintWriter(kkSocket.getOutputStream(), true);
E.log("establishing connection: trying to create in reader");
in = new BufferedReader(new InputStreamReader
(kkSocket.getInputStream()));
Failing log:
04-15 00:07:59.066: E/Bubu(17340): starting thread
04-15 00:07:59.076: I/System.out(17340): Mon Apr 15 00:07:59 CEST 2013 - establishing connection: trying to create context
04-15 00:07:59.076: I/System.out(17340): Mon Apr 15 00:07:59 CEST 2013 - establishing connection: trying to create socket factory
04-15 00:07:59.076: I/System.out(17340): Mon Apr 15 00:07:59 CEST 2013 - establishing connection: trying to create socket
04-15 00:07:59.146: D/dalvikvm(17340): GC_CONCURRENT freed 190K, 5% free 7530K/7880K, paused 4ms+2ms, total 23ms
04-15 00:08:01.056: I/System.out(17340): Mon Apr 15 00:08:01 CEST 2013 - establishing connection: trying to create out writer
Success:
04-15 00:13:15.506: E/Bubu(17750): starting thread
04-15 00:13:15.526: I/System.out(17750): Mon Apr 15 00:13:15 CEST 2013 - establishing connection: trying to create context
04-15 00:13:15.536: I/System.out(17750): Mon Apr 15 00:13:15 CEST 2013 - establishing connection: trying to create socket factory
04-15 00:13:15.536: I/System.out(17750): Mon Apr 15 00:13:15 CEST 2013 - establishing connection: trying to create socket
04-15 00:13:15.556: I/System.out(17750): Mon Apr 15 00:13:15 CEST 2013 - establishing connection: trying to create out writer
04-15 00:13:15.746: I/System.out(17750): Mon Apr 15 00:13:15 CEST 2013 - establishing connection: trying to create in reader
04-15 00:13:15.746: I/System.out(17750): Mon Apr 15 00:13:15 CEST 2013 - from server:bubu