Missing basic authentication header


We are using the latest community version of mendelson: Version 01/2021 mendelson opensource AS2 1.1 b59.

We have a partner that uses Basic Authentication apart from encryption and SSL verification, after debugging the connection using a reverse proxy we found out that the latest version of mendelson introduced a bug and isn´t adding the Basic Authentication header.

Apart from that, the hint is also confusing, if we disable the authentication configuration Mendelson displays the correct error message (error 401) but if we enable the authentication configuration the error is: "[ClientProtocolException]...Hint:This is a mainly a negotiation problem on the protocol level. Your partner rejected your connection.
Either your partner expected a secure connection (HTTPS) and you tried a raw connection (HTTP) or vice versa.
It is also possible that your partner expects an other SSL/TLS protocol version or cipher than you offer." even when the username and password are empty.

By using a reverse proxy we could detect that the problem was in the missing basic authentication header and were receiving an error 401.




For now i downgraded to build 57 that doesn´t have the issue and it is working. It adds the Basic Authentication header.

Profile picture for user service


thank you for the feedback. In fact we used Basic Authentication which makes no sense in AS2 but needed preemtive Basic Authentication. This has been fixed for the next release.