1

This might be a bug for corretto 11. But before i file one of those i'm hoping someone can peer review my findings. Downloading the most recent corretto 11 jdk for windows: https://corretto.aws/downloads/latest/amazon-corretto-11-x64-windows-jdk.zip And then running a simple single file program that uses a HttpUrlConnection:

import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.net.HttpURLConnection;
import java.net.URL;
import java.nio.charset.StandardCharsets;

public class Main {

    public static void main(String[] args) throws IOException {
        HttpURLConnection conn = null;

        final URL url = new URL("https://www.google.com");

        conn = (HttpURLConnection) url.openConnection();
        conn.setRequestMethod("GET");
        conn.setRequestProperty("content-type", "application/json");

        conn.setDoInput(true);
        conn.setDoOutput(true);

        final int statusCode = conn.getResponseCode();
        final boolean goodResponseCode = statusCode < HttpURLConnection.HTTP_BAD_REQUEST;
        final InputStream inputStream;
        if (goodResponseCode) {
            inputStream = conn.getInputStream();
        } else {
            inputStream = conn.getErrorStream();
        }

        final String responseString = inputStreamToString(inputStream);
        System.out.println(responseString);
    }

    public static String inputStreamToString(final InputStream inputStream) {
        final StringBuilder sb = new StringBuilder();
        try (InputStreamReader reader = new InputStreamReader(inputStream, StandardCharsets.UTF_8);
             BufferedReader rd = new BufferedReader(reader)) {
            String line;
            while ((line = rd.readLine()) != null) {
                sb.append(line);
            }
        }
        catch (IOException e) {
            throw new RuntimeException(e);
        }
        return sb.toString();
    }
}

this works fine. And i see my response. (yes i know its not json)

However, when i run jlink to create a jre with this command, then target the java inside the smaller jre to run my program:

jlink --no-header-files --no-man-pages --module-path jdk/jmods --add-modules java.base,java.compiler,java.management.rmi,java.net.http,java.prefs,java.scripting,java.security.jgss,java.security.sasl,java.sql.rowset,jdk.httpserver,jdk.jfr,jdk.jsobject,jdk.unsupported,jdk.unsupported.desktop,jdk.xml.dom --output jre

I get this error:

Exception in thread "main" javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
        at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:131)
        at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:117)
        at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:340)
        at java.base/sun.security.ssl.Alert$AlertConsumer.consume(Alert.java:293)
        at java.base/sun.security.ssl.TransportContext.dispatch(TransportContext.java:186)
        at java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:172)
        at java.base/sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1506)
        at java.base/sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1416)
        at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:456)
        at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:427)
        at java.base/sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:572)
        at java.base/sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:201)
        at java.base/sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1592)
        at java.base/sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1520)
        at java.base/java.net.HttpURLConnection.getResponseCode(HttpURLConnection.java:527)
        at java.base/sun.net.www.pr

I realize I don't need that many modules from the jdk to do this simple program, but i've tried to create a minimal working example of the bug while still using the same jlink command i use for my business purpose.

I learned a lot of history from this related SO post: Since OpenJDk Java 11 getting javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure However it being 2 years old gives me the impression this would no longer be an issue. Did any of the java 11 vendors backport a fix? Is hope for a fix in java 11 unrealistic now?

janst
  • 102
  • 10
  • Possible duplicate of https://stackoverflow.com/q/72415805/6395627 – Slaw Aug 05 '22 at 06:22
  • thanks that pointed me in the right direction. But seeing as my post has a minimal reproducible example i'll leave it here to see if its helpful. – janst Aug 05 '22 at 06:36
  • If you agree that it's a duplicate then I can close it as such. If you used a different solution then feel free to post an answer, even if your solution is inspired by the not-quite-a-duplicate. – Slaw Aug 05 '22 at 06:38
  • My only worry is the title on the other one isn't very indicative of the issue. I didn't find it when creating this one. Or by searching for most of a day for an answer on SO. – janst Aug 05 '22 at 15:41
  • One of the purposes of marking a question as a duplicate is to help people find the answer even if they word their question differently. Was your solution exactly the same as the other Q&A (i.e., add `jdk.crypto.cryptoki` and/or `jdk.crypto.ec` to `--add-modules`)? Or did you do something different? If the former, I'll close as a duplicate; if the latter, I suggest you post an answer detailing your own solution. – Slaw Aug 06 '22 at 07:33
  • Yes, i just added those modules and that resolved my issue. – janst Aug 08 '22 at 15:37

0 Answers0