Config Server fails to pull HTTPS Git repo via a proxy

[maximilianro]

Describe the bug

The Spring Cloud Config Server fails to pull a HTTPS Git backend via a proxy. I came across the issue when upgrading from Spring Boot 2.5.7 to 2.6.3 (and Spring Cloud 2020.0.4 to 2021.0.0).
The issue occurs only with Spring Boot 2.6.x and Spring Cloud 2021.x.x. The underlying jgit-module throws a SSLException (full stacktrace see below). When reverting to Spring Boot 2.5.7 and Spring Cloud 2020.0.4, the config server can retrieve the HTTPS repo via the proxy with the same configuration. Was there some change regarding the proxy configuration? I checked the documentation but did not see any changes.

Sample

How to reproduce locally:

1. Run a simple HTTPS proxy server locally (e.g. squid using docker): docker run --name proxy -d -e TZ=UTC -p 3128:3128 ubuntu/squid. I verified that a SSL handshake is possible via the proxy with openssl s_client -proxy 127.0.0.1:3128 -connect github.com -prexit and tested the request to https://github.com/spring-cloud-samples/config-repo.git via the proxy.
2. Create a Spring 2.6.3-application using the Spring Initializr including the Config Server.
3. Add the @EnableConfigServer-Annotation to the application.
4. Add the following application.yml

spring:
  cloud:
    config:
      server:
        git:
        composite:
          - type: git
            uri: https://github.com/spring-cloud-samples/config-repo.git
            default-label: main
            searchPaths: /*
            clone-on-start: true
            refreshRate: 60
            proxy:
              https:
                host: localhost
                port: 3128

5. Run the application with the composite-profile
6. The application fails to start.
7. Change Spring Boot version to 2.5.7 and Spring Cloud version 2020.0.4
8. The application will start and pull the repo via the proxy.

Logs

The full logs of the application run:

  .   ____          _            __ _ _
 /\\ / ___'_ __ _ _(_)_ __  __ _ \ \ \ \
( ( )\___ | '_ | '_| | '_ \/ _` | \ \ \ \
 \\/  ___)| |_)| | | | | || (_| |  ) ) ) )
  '  |____| .__|_| |_|_| |_\__, | / / / /
 =========|_|==============|___/=/_/_/_/
 :: Spring Boot ::                (v2.6.3)

2022-02-14 11:53:22.502  INFO 2132 --- [           main] com.example.demo.DemoApplication         : Starting DemoApplication using Java 17.0.1 on with PID xxx
2022-02-14 11:53:22.503  INFO 2132 --- [           main] com.example.demo.DemoApplication         : The following profiles are active: composite
2022-02-14 11:53:22.923  INFO 2132 --- [           main] o.s.cloud.context.scope.GenericScope     : BeanFactory id=xxx
2022-02-14 11:53:23.091  INFO 2132 --- [           main] o.s.b.w.embedded.tomcat.TomcatWebServer  : Tomcat initialized with port(s): 8080 (http)
2022-02-14 11:53:23.096  INFO 2132 --- [           main] o.apache.catalina.core.StandardService   : Starting service [Tomcat]
2022-02-14 11:53:23.096  INFO 2132 --- [           main] org.apache.catalina.core.StandardEngine  : Starting Servlet engine: [Apache Tomcat/9.0.56]
2022-02-14 11:53:23.171  INFO 2132 --- [           main] o.a.c.c.C.[Tomcat].[localhost].[/]       : Initializing Spring embedded WebApplicationContext
2022-02-14 11:53:23.171  INFO 2132 --- [           main] w.s.c.ServletWebServerApplicationContext : Root WebApplicationContext: initialization completed in 644 ms
2022-02-14 11:53:23.647  WARN 2132 --- [           main] .c.s.e.MultipleJGitEnvironmentRepository : Error occured cloning to base directory.

org.eclipse.jgit.api.errors.TransportException: https://github.com/spring-cloud-samples/config-repo.git: cannot open git-upload-pack
	at org.eclipse.jgit.api.FetchCommand.call(FetchCommand.java:224) ~[org.eclipse.jgit-5.12.0.202106070339-r.jar:5.12.0.202106070339-r]
	at org.eclipse.jgit.api.CloneCommand.fetch(CloneCommand.java:303) ~[org.eclipse.jgit-5.12.0.202106070339-r.jar:5.12.0.202106070339-r]
	at org.eclipse.jgit.api.CloneCommand.call(CloneCommand.java:178) ~[org.eclipse.jgit-5.12.0.202106070339-r.jar:5.12.0.202106070339-r]
	at org.springframework.cloud.config.server.environment.JGitEnvironmentRepository.cloneToBasedir(JGitEnvironmentRepository.java:658) ~[spring-cloud-config-server-3.1.0.jar:3.1.0]
	at org.springframework.cloud.config.server.environment.JGitEnvironmentRepository.initClonedRepository(JGitEnvironmentRepository.java:363) ~[spring-cloud-config-server-3.1.0.jar:3.1.0]
	at org.springframework.cloud.config.server.environment.JGitEnvironmentRepository.afterPropertiesSet(JGitEnvironmentRepository.java:284) ~[spring-cloud-config-server-3.1.0.jar:3.1.0]
	at org.springframework.cloud.config.server.environment.MultipleJGitEnvironmentRepository.afterPropertiesSet(MultipleJGitEnvironmentRepository.java:66) ~[spring-cloud-config-server-3.1.0.jar:3.1.0]
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.invokeInitMethods(AbstractAutowireCapableBeanFactory.java:1863) ~[spring-beans-5.3.15.jar:5.3.15]
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1800) ~[spring-beans-5.3.15.jar:5.3.15]
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:620) ~[spring-beans-5.3.15.jar:5.3.15]
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:542) ~[spring-beans-5.3.15.jar:5.3.15]
	at org.springframework.beans.factory.support.AbstractBeanFactory.lambda$doGetBean$0(AbstractBeanFactory.java:335) ~[spring-beans-5.3.15.jar:5.3.15]
	at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:234) ~[spring-beans-5.3.15.jar:5.3.15]
	at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:333) ~[spring-beans-5.3.15.jar:5.3.15]
	at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:208) ~[spring-beans-5.3.15.jar:5.3.15]
	at org.springframework.beans.factory.config.DependencyDescriptor.resolveCandidate(DependencyDescriptor.java:276) ~[spring-beans-5.3.15.jar:5.3.15]
	at org.springframework.beans.factory.support.DefaultListableBeanFactory.addCandidateEntry(DefaultListableBeanFactory.java:1607) ~[spring-beans-5.3.15.jar:5.3.15]
	at org.springframework.beans.factory.support.DefaultListableBeanFactory.findAutowireCandidates(DefaultListableBeanFactory.java:1571) ~[spring-beans-5.3.15.jar:5.3.15]
	at org.springframework.beans.factory.support.DefaultListableBeanFactory.resolveMultipleBeans(DefaultListableBeanFactory.java:1460) ~[spring-beans-5.3.15.jar:5.3.15]
	at org.springframework.beans.factory.support.DefaultListableBeanFactory.doResolveDependency(DefaultListableBeanFactory.java:1347) ~[spring-beans-5.3.15.jar:5.3.15]
	at org.springframework.beans.factory.support.DefaultListableBeanFactory.resolveDependency(DefaultListableBeanFactory.java:1309) ~[spring-beans-5.3.15.jar:5.3.15]
	at org.springframework.beans.factory.support.ConstructorResolver.resolveAutowiredArgument(ConstructorResolver.java:887) ~[spring-beans-5.3.15.jar:5.3.15]
	at org.springframework.beans.factory.support.ConstructorResolver.createArgumentArray(ConstructorResolver.java:791) ~[spring-beans-5.3.15.jar:5.3.15]
	at org.springframework.beans.factory.support.ConstructorResolver.instantiateUsingFactoryMethod(ConstructorResolver.java:541) ~[spring-beans-5.3.15.jar:5.3.15]
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.instantiateUsingFactoryMethod(AbstractAutowireCapableBeanFactory.java:1352) ~[spring-beans-5.3.15.jar:5.3.15]
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBeanInstance(AbstractAutowireCapableBeanFactory.java:1195) ~[spring-beans-5.3.15.jar:5.3.15]
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:582) ~[spring-beans-5.3.15.jar:5.3.15]
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:542) ~[spring-beans-5.3.15.jar:5.3.15]
	at org.springframework.beans.factory.support.AbstractBeanFactory.lambda$doGetBean$0(AbstractBeanFactory.java:335) ~[spring-beans-5.3.15.jar:5.3.15]
	at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:234) ~[spring-beans-5.3.15.jar:5.3.15]
	at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:333) ~[spring-beans-5.3.15.jar:5.3.15]
	at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:208) ~[spring-beans-5.3.15.jar:5.3.15]
	at org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:953) ~[spring-beans-5.3.15.jar:5.3.15]
	at org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext.java:918) ~[spring-context-5.3.15.jar:5.3.15]
	at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:583) ~[spring-context-5.3.15.jar:5.3.15]
	at org.springframework.boot.web.servlet.context.ServletWebServerApplicationContext.refresh(ServletWebServerApplicationContext.java:145) ~[spring-boot-2.6.3.jar:2.6.3]
	at org.springframework.boot.SpringApplication.refresh(SpringApplication.java:732) ~[spring-boot-2.6.3.jar:2.6.3]
	at org.springframework.boot.SpringApplication.refreshContext(SpringApplication.java:414) ~[spring-boot-2.6.3.jar:2.6.3]
	at org.springframework.boot.SpringApplication.run(SpringApplication.java:302) ~[spring-boot-2.6.3.jar:2.6.3]
	at org.springframework.boot.SpringApplication.run(SpringApplication.java:1303) ~[spring-boot-2.6.3.jar:2.6.3]
	at org.springframework.boot.SpringApplication.run(SpringApplication.java:1292) ~[spring-boot-2.6.3.jar:2.6.3]
	at com.example.demo.DemoApplication.main(DemoApplication.java:12) ~[main/:na]
Caused by: org.eclipse.jgit.errors.TransportException: https://github.com/spring-cloud-samples/config-repo.git: cannot open git-upload-pack
	at org.eclipse.jgit.transport.TransportHttp.connect(TransportHttp.java:749) ~[org.eclipse.jgit-5.12.0.202106070339-r.jar:5.12.0.202106070339-r]
	at org.eclipse.jgit.transport.TransportHttp.openFetch(TransportHttp.java:465) ~[org.eclipse.jgit-5.12.0.202106070339-r.jar:5.12.0.202106070339-r]
	at org.eclipse.jgit.transport.FetchProcess.executeImp(FetchProcess.java:142) ~[org.eclipse.jgit-5.12.0.202106070339-r.jar:5.12.0.202106070339-r]
	at org.eclipse.jgit.transport.FetchProcess.execute(FetchProcess.java:94) ~[org.eclipse.jgit-5.12.0.202106070339-r.jar:5.12.0.202106070339-r]
	at org.eclipse.jgit.transport.Transport.fetch(Transport.java:1309) ~[org.eclipse.jgit-5.12.0.202106070339-r.jar:5.12.0.202106070339-r]
	at org.eclipse.jgit.api.FetchCommand.call(FetchCommand.java:213) ~[org.eclipse.jgit-5.12.0.202106070339-r.jar:5.12.0.202106070339-r]
	... 41 common frames omitted
Caused by: javax.net.ssl.SSLException: Unsupported or unrecognized SSL message
	at java.base/sun.security.ssl.SSLSocketInputRecord.handleUnknownRecord(SSLSocketInputRecord.java:451) ~[na:na]
	at java.base/sun.security.ssl.SSLSocketInputRecord.decode(SSLSocketInputRecord.java:175) ~[na:na]
	at java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:111) ~[na:na]
	at java.base/sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1500) ~[na:na]
	at java.base/sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1415) ~[na:na]
	at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:450) ~[na:na]
	at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:421) ~[na:na]
	at org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:436) ~[httpclient-4.5.13.jar:4.5.13]
	at org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:384) ~[httpclient-4.5.13.jar:4.5.13]
	at org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:142) ~[httpclient-4.5.13.jar:4.5.13]
	at org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:376) ~[httpclient-4.5.13.jar:4.5.13]
	at org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:401) ~[httpclient-4.5.13.jar:4.5.13]
	at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:236) ~[httpclient-4.5.13.jar:4.5.13]
	at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:186) ~[httpclient-4.5.13.jar:4.5.13]
	at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:89) ~[httpclient-4.5.13.jar:4.5.13]
	at org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:110) ~[httpclient-4.5.13.jar:4.5.13]
	at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:185) ~[httpclient-4.5.13.jar:4.5.13]
	at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:83) ~[httpclient-4.5.13.jar:4.5.13]
	at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:108) ~[httpclient-4.5.13.jar:4.5.13]
	at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:56) ~[httpclient-4.5.13.jar:4.5.13]
	at org.eclipse.jgit.transport.http.apache.HttpClientConnection.execute(HttpClientConnection.java:274) ~[org.eclipse.jgit.http.apache-5.12.0.202106070339-r.jar:5.12.0.202106070339-r]
	at org.eclipse.jgit.transport.http.apache.HttpClientConnection.getResponseCode(HttpClientConnection.java:251) ~[org.eclipse.jgit.http.apache-5.12.0.202106070339-r.jar:5.12.0.202106070339-r]
	at org.eclipse.jgit.util.HttpSupport.response(HttpSupport.java:205) ~[org.eclipse.jgit-5.12.0.202106070339-r.jar:5.12.0.202106070339-r]
	at org.eclipse.jgit.transport.TransportHttp.connect(TransportHttp.java:654) ~[org.eclipse.jgit-5.12.0.202106070339-r.jar:5.12.0.202106070339-r]
	... 46 common frames omitted

2022-02-14 11:53:23.648  WARN 2132 --- [           main] ConfigServletWebServerApplicationContext : Exception encountered during context initialization - cancelling refresh attempt: org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'searchPathCompositeEnvironmentRepository' defined in class path resource [org/springframework/cloud/config/server/config/CompositeRepositoryConfiguration.class]: Unsatisfied dependency expressed through method 'searchPathCompositeEnvironmentRepository' parameter 0; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'git-env-repo0': Invocation of init method failed; nested exception is org.eclipse.jgit.api.errors.TransportException: https://github.com/spring-cloud-samples/config-repo.git: cannot open git-upload-pack
2022-02-14 11:53:23.650  INFO 2132 --- [           main] o.apache.catalina.core.StandardService   : Stopping service [Tomcat]
2022-02-14 11:53:23.659  INFO 2132 --- [           main] ConditionEvaluationReportLoggingListener : 

Error starting ApplicationContext. To display the conditions report re-run your application with 'debug' enabled.
2022-02-14 11:53:23.676 ERROR 2132 --- [           main] o.s.boot.SpringApplication               : Application run failed

org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'searchPathCompositeEnvironmentRepository' defined in class path resource [org/springframework/cloud/config/server/config/CompositeRepositoryConfiguration.class]: Unsatisfied dependency expressed through method 'searchPathCompositeEnvironmentRepository' parameter 0; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'git-env-repo0': Invocation of init method failed; nested exception is org.eclipse.jgit.api.errors.TransportException: https://github.com/spring-cloud-samples/config-repo.git: cannot open git-upload-pack
	at org.springframework.beans.factory.support.ConstructorResolver.createArgumentArray(ConstructorResolver.java:800) ~[spring-beans-5.3.15.jar:5.3.15]
	at org.springframework.beans.factory.support.ConstructorResolver.instantiateUsingFactoryMethod(ConstructorResolver.java:541) ~[spring-beans-5.3.15.jar:5.3.15]
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.instantiateUsingFactoryMethod(AbstractAutowireCapableBeanFactory.java:1352) ~[spring-beans-5.3.15.jar:5.3.15]
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBeanInstance(AbstractAutowireCapableBeanFactory.java:1195) ~[spring-beans-5.3.15.jar:5.3.15]
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:582) ~[spring-beans-5.3.15.jar:5.3.15]
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:542) ~[spring-beans-5.3.15.jar:5.3.15]
	at org.springframework.beans.factory.support.AbstractBeanFactory.lambda$doGetBean$0(AbstractBeanFactory.java:335) ~[spring-beans-5.3.15.jar:5.3.15]
	at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:234) ~[spring-beans-5.3.15.jar:5.3.15]
	at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:333) ~[spring-beans-5.3.15.jar:5.3.15]
	at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:208) ~[spring-beans-5.3.15.jar:5.3.15]
	at org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:953) ~[spring-beans-5.3.15.jar:5.3.15]
	at org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext.java:918) ~[spring-context-5.3.15.jar:5.3.15]
	at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:583) ~[spring-context-5.3.15.jar:5.3.15]
	at org.springframework.boot.web.servlet.context.ServletWebServerApplicationContext.refresh(ServletWebServerApplicationContext.java:145) ~[spring-boot-2.6.3.jar:2.6.3]
	at org.springframework.boot.SpringApplication.refresh(SpringApplication.java:732) ~[spring-boot-2.6.3.jar:2.6.3]
	at org.springframework.boot.SpringApplication.refreshContext(SpringApplication.java:414) ~[spring-boot-2.6.3.jar:2.6.3]
	at org.springframework.boot.SpringApplication.run(SpringApplication.java:302) ~[spring-boot-2.6.3.jar:2.6.3]
	at org.springframework.boot.SpringApplication.run(SpringApplication.java:1303) ~[spring-boot-2.6.3.jar:2.6.3]
	at org.springframework.boot.SpringApplication.run(SpringApplication.java:1292) ~[spring-boot-2.6.3.jar:2.6.3]
	at com.example.demo.DemoApplication.main(DemoApplication.java:12) ~[main/:na]
Caused by: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'git-env-repo0': Invocation of init method failed; nested exception is org.eclipse.jgit.api.errors.TransportException: https://github.com/spring-cloud-samples/config-repo.git: cannot open git-upload-pack
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1804) ~[spring-beans-5.3.15.jar:5.3.15]
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:620) ~[spring-beans-5.3.15.jar:5.3.15]
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:542) ~[spring-beans-5.3.15.jar:5.3.15]
	at org.springframework.beans.factory.support.AbstractBeanFactory.lambda$doGetBean$0(AbstractBeanFactory.java:335) ~[spring-beans-5.3.15.jar:5.3.15]
	at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:234) ~[spring-beans-5.3.15.jar:5.3.15]
	at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:333) ~[spring-beans-5.3.15.jar:5.3.15]
	at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:208) ~[spring-beans-5.3.15.jar:5.3.15]
	at org.springframework.beans.factory.config.DependencyDescriptor.resolveCandidate(DependencyDescriptor.java:276) ~[spring-beans-5.3.15.jar:5.3.15]
	at org.springframework.beans.factory.support.DefaultListableBeanFactory.addCandidateEntry(DefaultListableBeanFactory.java:1607) ~[spring-beans-5.3.15.jar:5.3.15]
	at org.springframework.beans.factory.support.DefaultListableBeanFactory.findAutowireCandidates(DefaultListableBeanFactory.java:1571) ~[spring-beans-5.3.15.jar:5.3.15]
	at org.springframework.beans.factory.support.DefaultListableBeanFactory.resolveMultipleBeans(DefaultListableBeanFactory.java:1460) ~[spring-beans-5.3.15.jar:5.3.15]
	at org.springframework.beans.factory.support.DefaultListableBeanFactory.doResolveDependency(DefaultListableBeanFactory.java:1347) ~[spring-beans-5.3.15.jar:5.3.15]
	at org.springframework.beans.factory.support.DefaultListableBeanFactory.resolveDependency(DefaultListableBeanFactory.java:1309) ~[spring-beans-5.3.15.jar:5.3.15]
	at org.springframework.beans.factory.support.ConstructorResolver.resolveAutowiredArgument(ConstructorResolver.java:887) ~[spring-beans-5.3.15.jar:5.3.15]
	at org.springframework.beans.factory.support.ConstructorResolver.createArgumentArray(ConstructorResolver.java:791) ~[spring-beans-5.3.15.jar:5.3.15]
	... 19 common frames omitted
Caused by: org.eclipse.jgit.api.errors.TransportException: https://github.com/spring-cloud-samples/config-repo.git: cannot open git-upload-pack
	at org.eclipse.jgit.api.FetchCommand.call(FetchCommand.java:224) ~[org.eclipse.jgit-5.12.0.202106070339-r.jar:5.12.0.202106070339-r]
	at org.eclipse.jgit.api.CloneCommand.fetch(CloneCommand.java:303) ~[org.eclipse.jgit-5.12.0.202106070339-r.jar:5.12.0.202106070339-r]
	at org.eclipse.jgit.api.CloneCommand.call(CloneCommand.java:178) ~[org.eclipse.jgit-5.12.0.202106070339-r.jar:5.12.0.202106070339-r]
	at org.springframework.cloud.config.server.environment.JGitEnvironmentRepository.cloneToBasedir(JGitEnvironmentRepository.java:658) ~[spring-cloud-config-server-3.1.0.jar:3.1.0]
	at org.springframework.cloud.config.server.environment.JGitEnvironmentRepository.initClonedRepository(JGitEnvironmentRepository.java:363) ~[spring-cloud-config-server-3.1.0.jar:3.1.0]
	at org.springframework.cloud.config.server.environment.JGitEnvironmentRepository.afterPropertiesSet(JGitEnvironmentRepository.java:284) ~[spring-cloud-config-server-3.1.0.jar:3.1.0]
	at org.springframework.cloud.config.server.environment.MultipleJGitEnvironmentRepository.afterPropertiesSet(MultipleJGitEnvironmentRepository.java:66) ~[spring-cloud-config-server-3.1.0.jar:3.1.0]
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.invokeInitMethods(AbstractAutowireCapableBeanFactory.java:1863) ~[spring-beans-5.3.15.jar:5.3.15]
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1800) ~[spring-beans-5.3.15.jar:5.3.15]
	... 33 common frames omitted
Caused by: org.eclipse.jgit.errors.TransportException: https://github.com/spring-cloud-samples/config-repo.git: cannot open git-upload-pack
	at org.eclipse.jgit.transport.TransportHttp.connect(TransportHttp.java:749) ~[org.eclipse.jgit-5.12.0.202106070339-r.jar:5.12.0.202106070339-r]
	at org.eclipse.jgit.transport.TransportHttp.openFetch(TransportHttp.java:465) ~[org.eclipse.jgit-5.12.0.202106070339-r.jar:5.12.0.202106070339-r]
	at org.eclipse.jgit.transport.FetchProcess.executeImp(FetchProcess.java:142) ~[org.eclipse.jgit-5.12.0.202106070339-r.jar:5.12.0.202106070339-r]
	at org.eclipse.jgit.transport.FetchProcess.execute(FetchProcess.java:94) ~[org.eclipse.jgit-5.12.0.202106070339-r.jar:5.12.0.202106070339-r]
	at org.eclipse.jgit.transport.Transport.fetch(Transport.java:1309) ~[org.eclipse.jgit-5.12.0.202106070339-r.jar:5.12.0.202106070339-r]
	at org.eclipse.jgit.api.FetchCommand.call(FetchCommand.java:213) ~[org.eclipse.jgit-5.12.0.202106070339-r.jar:5.12.0.202106070339-r]
	... 41 common frames omitted
Caused by: javax.net.ssl.SSLException: Unsupported or unrecognized SSL message
	at java.base/sun.security.ssl.SSLSocketInputRecord.handleUnknownRecord(SSLSocketInputRecord.java:451) ~[na:na]
	at java.base/sun.security.ssl.SSLSocketInputRecord.decode(SSLSocketInputRecord.java:175) ~[na:na]
	at java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:111) ~[na:na]
	at java.base/sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1500) ~[na:na]
	at java.base/sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1415) ~[na:na]
	at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:450) ~[na:na]
	at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:421) ~[na:na]
	at org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:436) ~[httpclient-4.5.13.jar:4.5.13]
	at org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:384) ~[httpclient-4.5.13.jar:4.5.13]
	at org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:142) ~[httpclient-4.5.13.jar:4.5.13]
	at org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:376) ~[httpclient-4.5.13.jar:4.5.13]
	at org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:401) ~[httpclient-4.5.13.jar:4.5.13]
	at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:236) ~[httpclient-4.5.13.jar:4.5.13]
	at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:186) ~[httpclient-4.5.13.jar:4.5.13]
	at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:89) ~[httpclient-4.5.13.jar:4.5.13]
	at org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:110) ~[httpclient-4.5.13.jar:4.5.13]
	at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:185) ~[httpclient-4.5.13.jar:4.5.13]
	at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:83) ~[httpclient-4.5.13.jar:4.5.13]
	at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:108) ~[httpclient-4.5.13.jar:4.5.13]
	at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:56) ~[httpclient-4.5.13.jar:4.5.13]
	at org.eclipse.jgit.transport.http.apache.HttpClientConnection.execute(HttpClientConnection.java:274) ~[org.eclipse.jgit.http.apache-5.12.0.202106070339-r.jar:5.12.0.202106070339-r]
	at org.eclipse.jgit.transport.http.apache.HttpClientConnection.getResponseCode(HttpClientConnection.java:251) ~[org.eclipse.jgit.http.apache-5.12.0.202106070339-r.jar:5.12.0.202106070339-r]
	at org.eclipse.jgit.util.HttpSupport.response(HttpSupport.java:205) ~[org.eclipse.jgit-5.12.0.202106070339-r.jar:5.12.0.202106070339-r]
	at org.eclipse.jgit.transport.TransportHttp.connect(TransportHttp.java:654) ~[org.eclipse.jgit-5.12.0.202106070339-r.jar:5.12.0.202106070339-r]
	... 46 common frames omitted


Process finished with exit code 1

[ryanjbaxter]

Can you try using Spring Cloud 2020.0.6-SNAPSHOT and see if you can reproduce the problem?

I think this change might be the cause
https://github.com/spring-cloud/spring-cloud-config/pull/1986/files

[maximilianro]

The issue also occurs with 2020.0.5 and 2020.0.5-SNAPSHOT. I could not find 2020.0.6-SNAPSHOT here (https://repo.spring.io), where can I get it?

[ryanjbaxter]

Sorry, I meant 2020.0.5-SNAPSHOT.

I think the reason you see this is because now we are actually using HTTPS with the proxy where before we had a bug where we weren't
https://github.com/spring-cloud/spring-cloud-config/pull/1986/files#diff-39b5cf1aeed9f1c44471802d4db02997b27c71475eda4071b5d65113385df427L49

Maybe it has to do with the ssl certificate of the proxy?

[maximilianro]

Thank you for your response, I think I understand the issue now. The proxy I am using can handle HTTP and HTTPS on the outgoing side, but only accepts HTTP on the incoming side.

Until now, it was working like this: Config-Server <--HTTP--> Proxy <--HTTPS--> Backend.

Is it possible to configure the config server to resolve HTTPS-backends with a HTTP proxy ? I tried to specify a http:-proxy config instead of a https:-config, but then all HTTPS-backends are not routed via the proxy.

For example with env variables, curl is able to do this:

1. Use an HTTP proxy to retrieve HTTP and HTTPS backends:

http_proxy=http://proxy:port
https_proxy=http://proxy:port

2. Use an HTTPS proxy to retrieve HTTP and HTTPS backends:

http_proxy=https://proxy:port
https_proxy=https://proxy:port

Something similar was asked here https://serverfault.com/questions/817680/https-through-an-http-only-proxy/817684

[ryanjbaxter]

From what I remember we determine the proxy configuration based on the scheme of the target. So if the git repo is using https we will use https proxy settings (after the above fix). I believe you are asking if we could say to use the http proxy instead, right?

[maximilianro]

Yes, that's right.

So that with this configuration, the Config Server contacts the proxy via HTTP to resolve the HTTPS backend
(Config-Server <--HTTP--> Proxy <--HTTPS--> Backend.).

spring:
  cloud:
    config:
      server:
        git:
        composite:
          - type: git
            uri: https://github.com/spring-cloud-samples/config-repo.git
            default-label: main
            proxy:
              http:
                host: localhost
                port: 3128