Issue
A google reveals a bug in jdk11.0.2 but I upgraded to jdk11.0.3 and this still exists for me. Steps to reproduce
git clone https://github.com/deanhiller/webpieces.git
- add the line
"org.gradle.java.home=/Library/Java/JavaVirtualMachines/jdk-11.0.3.jdk/Contents/Home"
to~/.gradle/gradle.properties
to set jdk to 11.0.3 - run
./gradlew :core:core-asyncserver:test
from webpieces directory
The test case hangs and in the logs, it shows
Caused by: javax.net.ssl.SSLHandshakeException: No available authentication scheme
at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:128)
at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:117)
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:308)
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:264)
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:255)
at java.base/sun.security.ssl.CertificateMessage$T13CertificateProducer.onProduceCertificate(CertificateMessage.java:945)
at java.base/sun.security.ssl.CertificateMessage$T13CertificateProducer.produce(CertificateMessage.java:934)
at java.base/sun.security.ssl.SSLHandshake.produce(SSLHandshake.java:436)
at java.base/sun.security.ssl.ClientHello$T13ClientHelloConsumer.goServerHello(ClientHello.java:1224)
at java.base/sun.security.ssl.ClientHello$T13ClientHelloConsumer.consume(ClientHello.java:1160)
at java.base/sun.security.ssl.ClientHello$ClientHelloConsumer.onClientHello(ClientHello.java:849)
at java.base/sun.security.ssl.ClientHello$ClientHelloConsumer.consume(ClientHello.java:810)
at java.base/sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:392)
at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:444)
at java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1065)
at java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1052)
at java.base/java.security.AccessController.doPrivileged(Native Method)
at java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:999)
at org.webpieces.ssl.impl.AsyncSSLEngine2Impl.createRunnable(AsyncSSLEngine2Impl.java:94)
... 12 common frames omitted
Should I file another JDK bug, or does anyone have any thought?
JDK bug that is resolved/related: https://bugs.openjdk.java.net/browse/JDK-8211426
Note that this fixes it for some reason:
System.setProperty("jdk.tls.server.protocols", "TLSv1.2");
hmmm, anyone know how to generate a self-signed certificate that works for TLSv1.2 and TLSv1.3?
Solution
Assuming it is the issue that is linked and not another issue around TLS 1.3.
Your certificate is using the DSA
algorithm, which has been deprecated a while ago in favor of RSA
and is not supported at all in TLS1.3. Make sure to create RSA certificates instead.
It seems that not-so-old versions of the java keytool
might have created DSA certificates by default... an unfortunate default. You can use this command to verify a certificate type.
openssl x509 -in certificate.crt -text
Certificate:
...
Signature Algorithm: dsa_with_SHA256
...
Subject Public Key Info:
Public Key Algorithm: dsaEncryption
Answered By - user5994461
Answer Checked By - Pedro (JavaFixing Volunteer)