5

Im using Spring RestTemplate to make rest call to another service (NodeJS service). Intermittently getting connection reset errors. Same code was working fine with JDK 8 and Spring boot 2.0.1, after upgrading to Amazon Corretto JDK 11 and Spring boot 2.1.5, started seeing this issue.

Caused by: javax.net.ssl.SSLException: Connection reset
at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:127)
        at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:321)
        at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:264)
        at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:259)
        at java.base/sun.security.ssl.SSLSocketImpl.handleException(SSLSocketImpl.java:1314)

Suppressed Exception:

org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:735)
        ... 143 common frames omitted
        Suppressed: java.net.SocketException: Broken pipe (Write failed)
                at java.base/java.net.SocketOutputStream.socketWrite0(Native Method)
                at java.base/java.net.SocketOutputStream.socketWrite(SocketOutputStream.java:110)
                at java.base/java.net.SocketOutputStream.write(SocketOutputStream.java:150)

Some blogs mentioned that JDK 11 had issue with TLS1.3

  1. Tried setting up with -Dhttps.protocols=TLSv1,TLSv1.1,TLSv1.2
  2. Tried setting SocketFactory with these protocols to RestTemplate.
  3. Tried increasing socketTimeout for reset client.

Still no luck.

#Code:#

HttpHeaders headers = new HttpHeaders();
headers.set(AUTHORIZATION, getHeader());
headers.set(OAuth2AccessToken.ACCESS_TOKEN, token);
HttpEntity<String> entity = new HttpEntity<String>(headers);
ResponseEntity<Object> resEntity = null;
resEntity = this.restTemplate.exchange(checkTokenEndpointUrl, 
HttpMethod.GET, entity, Object.class);

It should not throw intermittent connection reset error

M. Deinum
  • 115,695
  • 22
  • 220
  • 224
Nagendran Alagesan
  • 51
  • 1
  • 4
  • Possible duplicate of [JDK 11 SSL Error on valid certificate (working in previous versions)](https://stackoverflow.com/questions/52016415/jdk-11-ssl-error-on-valid-certificate-working-in-previous-versions) – soorapadman Aug 23 '19 at 04:48
  • 1
    I am not getting ssl handshake exception. My issue is different here. It is occurring intermittently. – Nagendran Alagesan Aug 23 '19 at 18:20

2 Answers2

7

We got similar issue after adding org.apache.httpcomponents:httpclient in the classpath. This changed implicitly the RestTemplate request factory from SimpleClientHttpRequestFactory to HttpComponentsClientHttpRequestFactory.

Specifying explicilty SimpleClientHttpRequestFactory as request factory solved the problem :

restTemplate.setRequestFactory(new SimpleClientHttpRequestFactory());
Bhargav Rao
  • 50,140
  • 28
  • 121
  • 140
Miroof
  • 79
  • 1
  • 2
1

We saw a similar issue using fluent and its connection pool.

Our easiest work-around was to limit the keep-alive strategy in the connection pool to 90 seconds and the problem disappeared. This leads me to believe that a connection that is no longer open appears open, is handed off to be used, but upon usage it no longer is open and blows up.

Obviously this cost a bit more as you increase how often you're dealing with handshake's etc, but you also decrease your connection reset issues.

Kingpin2k
  • 47,277
  • 10
  • 78
  • 96