jdk8u ssl connection issue
Prasadrao Koppula
prasadarao.koppula at oracle.com
Tue Sep 21 13:58:45 UTC 2021
>javax.net.ssl|FINE|01|main|2021-09-21 09:21:53.933
>EDT|SSLConfiguration.java:450|System property jdk.tls.client.SignatureSchemes
>is set to
>'TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_
>128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RS
>A_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_128_GCM_SHA256,TLS_RSA
>_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_
>WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA256'
These are Ciphersuites not signature schemes.
Thanks,
Prasad.K
>-----Original Message-----
>From: jdk8u-dev [mailto:jdk8u-dev-retn at openjdk.java.net] On Behalf Of Wan,
>Thomas
>Sent: Tuesday, September 21, 2021 6:53 PM
>To: Bernd Eckenfels <ecki at zusammenkunft.net>; jdk8u-dev at openjdk.java.net
>Subject: RE: jdk8u ssl connection issue
>
>One step further, I added all SignatureSchemes Supported in the server by
>running nmap, here is the error I got
>
>javax.net.ssl|FINE|01|main|2021-09-21 09:21:53.933
>EDT|SSLConfiguration.java:450|System property jdk.tls.client.SignatureSchemes
>is set to
>'TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_
>128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RS
>A_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_128_GCM_SHA256,TLS_RSA
>_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_
>WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA256'
>javax.net.ssl|WARNING|01|main|2021-09-21 09:21:53.965
>EDT|SignatureScheme.java:297|Signature algorithm, ed25519, is not supported
>by the underlying providers
>javax.net.ssl|WARNING|01|main|2021-09-21 09:21:53.965
>EDT|SignatureScheme.java:297|Signature algorithm, ed448, is not supported by
>the underlying providers
>javax.net.ssl|FINE|01|main|2021-09-21 09:21:53.980
>EDT|SSLConfiguration.java:478|The current installed providers do not support
>signature scheme: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
>javax.net.ssl|FINE|01|main|2021-09-21 09:21:53.980
>EDT|SSLConfiguration.java:478|The current installed providers do not support
>signature scheme: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
>javax.net.ssl|FINE|01|main|2021-09-21 09:21:53.980
>EDT|SSLConfiguration.java:478|The current installed providers do not support
>signature scheme: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
>javax.net.ssl|FINE|01|main|2021-09-21 09:21:53.980
>EDT|SSLConfiguration.java:478|The current installed providers do not support
>signature scheme: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
>javax.net.ssl|FINE|01|main|2021-09-21 09:21:53.980
>EDT|SSLConfiguration.java:478|The current installed providers do not support
>signature scheme: TLS_RSA_WITH_AES_128_GCM_SHA256
>javax.net.ssl|FINE|01|main|2021-09-21 09:21:53.980
>EDT|SSLConfiguration.java:478|The current installed providers do not support
>signature scheme: TLS_RSA_WITH_AES_128_CBC_SHA
>javax.net.ssl|FINE|01|main|2021-09-21 09:21:53.980
>EDT|SSLConfiguration.java:478|The current installed providers do not support
>signature scheme: TLS_RSA_WITH_AES_128_CBC_SHA256
>javax.net.ssl|FINE|01|main|2021-09-21 09:21:53.980
>EDT|SSLConfiguration.java:478|The current installed providers do not support
>signature scheme: TLS_RSA_WITH_AES_256_CBC_SHA
>javax.net.ssl|FINE|01|main|2021-09-21 09:21:53.980
>EDT|SSLConfiguration.java:478|The current installed providers do not support
>signature scheme: TLS_RSA_WITH_AES_256_CBC_SHA256
>
>From: Bernd Eckenfels <ecki at zusammenkunft.net>
>Sent: Tuesday, September 21, 2021 7:52 AM
>To: Wan, Thomas <xwan at mtb.com>; jdk8u-dev at openjdk.java.net
>Subject: Re: jdk8u ssl connection issue
>
>External Email: Use caution & trust the source before clicking links or opening
>attachments.
>
>Hello,
>
>I don't see any other changes in 212 besides a PKCS11 change for Tls1.2 which
>should not be the case, also it looks like this version re-enabled the Renegotiation
>signaling cipher, that should not be a problem but you never know.
>
>Can you compare the client Hello of a working 1.2 and a failed 1.2 handshake to
>see which ciphers and extensions differ?
>
>Gruss
>Bernd
>--
>http://bernd.eckenfels.net<https://urldefense.com/v3/__http:/bernd.eckenfels.
>net__;!!BqwCqLE!bf7MeZ9guvMDJw7EyXt8rMZQl3k3j6Usxq5vpoEbcwAOZWq
>wP6XhG5TqVg$>
>________________________________
>Von: Wan, Thomas <xwan at mtb.com<mailto:xwan at mtb.com>>
>Gesendet: Dienstag, September 21, 2021 1:40 PM
>An: Bernd Eckenfels; jdk8u-dev at openjdk.java.net<mailto:jdk8u-
>dev at openjdk.java.net>
>Betreff: jdk8u ssl connection issue
>
>Hi Bernd,
>
>It does work with TLS1.1.
>
>But in jdk8u202, it works with 1.2 as well.
>
>All newer jdk8s or jdk 11, it seems I can make it work with TLS 1.1, but that is not
>as secure as TLS1.2 any more.
>
>
>From: Bernd Eckenfels
><ecki at zusammenkunft.net<mailto:ecki at zusammenkunft.net>>
>Sent: Tuesday, September 21, 2021 7:32 AM
>To: Wan, Thomas <xwan at mtb.com<mailto:xwan at mtb.com>>; jdk8u-
>dev at openjdk.java.net<mailto:jdk8u-dev at openjdk.java.net>
>Subject: Re: Welcome to the "jdk8u-dev" mailing list (Digest mode)
>
>External Email: Use caution & trust the source before clicking links or opening
>attachments.
>
>Hello,
>
>You cannot see the reason on your side. You need to check the other side.
>
>However seeing that your client only propose TLSv1.2 that's a likely candidate,
>maybe you need to re-enable TLS 1.1. that,,happened with 8u291 in Oracle
>according to this: https://java.com/en/jre-jdk-
>cryptoroadmap.html<https://urldefense.com/v3/__https:/java.com/en/jre-jdk-
>cryptoroadmap.html__;!!BqwCqLE!d-
>dTl_HcI0nyzMPCZv64BZsMVyqJ2KoLDnij_FJM_sh3iXEJB_wuZCetGA$>
>
>https://java.com/en/configure_crypto.html#DisableTLS<https://urldefense.com/
>v3/__https:/java.com/en/configure_crypto.html*DisableTLS__;Iw!!BqwCqLE!d-
>dTl_HcI0nyzMPCZv64BZsMVyqJ2KoLDnij_FJM_sh3iXEJB_wqm3xAAQ$>
>
>Gruss
>Bernd
>
>
>--
>http://bernd.eckenfels.net<https://urldefense.com/v3/__http:/bernd.eckenfels.
>net__;!!BqwCqLE!d-
>dTl_HcI0nyzMPCZv64BZsMVyqJ2KoLDnij_FJM_sh3iXEJB_zOzicwQw$>
>________________________________
>Von: Wan, Thomas <xwan at mtb.com<mailto:xwan at mtb.com>>
>Gesendet: Tuesday, September 21, 2021 1:14:35 PM
>An: Bernd Eckenfels
><ecki at zusammenkunft.net<mailto:ecki at zusammenkunft.net>>; jdk8u-
>dev at openjdk.java.net<mailto:jdk8u-dev at openjdk.java.net> <jdk8u-
>dev at openjdk.java.net<mailto:jdk8u-dev at openjdk.java.net>>
>Betreff: RE: Welcome to the "jdk8u-dev" mailing list (Digest mode)
>
>
>Here is my debug log
>
>javax.net.ssl|DEBUG|01|main|2021-09-21 07:12:50.960
>EDT|ClientHello.java:633|Produced ClientHello handshake message (
>
>"ClientHello": {
>
> "client version" : "TLSv1.2",
>
> "random" : "B5 DF 63 90 04 66 83 D7 28 D2 8E 01 2B BB 91 26 EA EF DB
>B0 AC CF AE D8 3E 4E DF 1C 82 DB 01 D0",
>
> "session id" : "",
>
> "cipher suites" :
>"[TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384(0xC02C),
>TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256(0xC02B),
>TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384(0xC030),
>TLS_RSA_WITH_AES_256_GCM_SHA384(0x009D),
>TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384(0xC02E),
>TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384(0xC032),
>TLS_DHE_RSA_WITH_AES_256_GCM_SHA384(0x009F),
>TLS_DHE_DSS_WITH_AES_256_GCM_SHA384(0x00A3),
>TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256(0xC02F),
>TLS_RSA_WITH_AES_128_GCM_SHA256(0x009C),
>TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256(0xC02D),
>TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256(0xC031),
>TLS_DHE_RSA_WITH_AES_128_GCM_SHA256(0x009E),
>TLS_DHE_DSS_WITH_AES_128_GCM_SHA256(0x00A2),
>TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384(0xC024),
>TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384(0xC028),
>TLS_RSA_WITH_AES_256_CBC_SHA256(0x003D),
>TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384(0xC026),
>TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384(0xC02A),
>TLS_DHE_RSA_WITH_AES_256_CBC_SHA256(0x006B),
>TLS_DHE_DSS_WITH_AES_256_CBC_SHA256(0x006A),
>TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA(0xC00A),
>TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA(0xC014),
>TLS_RSA_WITH_AES_256_CBC_SHA(0x0035),
>TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA(0xC005),
>TLS_ECDH_RSA_WITH_AES_256_CBC_SHA(0xC00F),
>TLS_DHE_RSA_WITH_AES_256_CBC_SHA(0x0039),
>TLS_DHE_DSS_WITH_AES_256_CBC_SHA(0x0038),
>TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256(0xC023),
>TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256(0xC027),
>TLS_RSA_WITH_AES_128_CBC_SHA256(0x003C),
>TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256(0xC025),
>TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256(0xC029),
>TLS_DHE_RSA_WITH_AES_128_CBC_SHA256(0x0067),
>TLS_DHE_DSS_WITH_AES_128_CBC_SHA256(0x0040),
>TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA(0xC009),
>TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA(0xC013),
>TLS_RSA_WITH_AES_128_CBC_SHA(0x002F),
>TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA(0xC004),
>TLS_ECDH_RSA_WITH_AES_128_CBC_SHA(0xC00E),
>TLS_DHE_RSA_WITH_AES_128_CBC_SHA(0x0033),
>TLS_DHE_DSS_WITH_AES_128_CBC_SHA(0x0032),
>TLS_EMPTY_RENEGOTIATION_INFO_SCSV(0x00FF)]",
>
> "compression methods" : "00",
>
> "extensions" : [
>
> "server_name (0)": {
>
> type=host_name (0), value=unbale.mandtbank.com
>
> },
>
> "status_request (5)": {
>
> "certificate status type": ocsp
>
> "OCSP status request": {
>
> "responder_id": <empty>
>
> "request extensions": {
>
> <empty>
>
> }
>
> }
>
> },
>
> "supported_groups (10)": {
>
> "versions": [secp256r1, secp384r1, secp521r1, sect283k1, sect283r1,
>sect409k1, sect409r1, sect571k1, sect571r1, secp256k1, ffdhe2048, ffdhe3072,
>ffdhe4096, ffdhe6144, ffdhe8192]
>
> },
>
> "ec_point_formats (11)": {
>
> "formats": [uncompressed]
>
> },
>
> "signature_algorithms (13)": {
>
> "signature schemes": [ecdsa_secp256r1_sha256, ecdsa_secp384r1_sha384,
>ecdsa_secp512r1_sha512, rsa_pss_rsae_sha256, rsa_pss_rsae_sha384,
>rsa_pss_rsae_sha512, rsa_pss_pss_sha256, rsa_pss_pss_sha384,
>rsa_pss_pss_sha512, rsa_pkcs1_sha256, rsa_pkcs1_sha384, rsa_pkcs1_sha512,
>dsa_sha256, ecdsa_sha1, rsa_pkcs1_sha1, dsa_sha1]
>
> },
>
> "signature_algorithms_cert (50)": {
>
> "signature schemes": [ecdsa_secp256r1_sha256, ecdsa_secp384r1_sha384,
>ecdsa_secp512r1_sha512, rsa_pss_rsae_sha256, rsa_pss_rsae_sha384,
>rsa_pss_rsae_sha512, rsa_pss_pss_sha256, rsa_pss_pss_sha384,
>rsa_pss_pss_sha512, rsa_pkcs1_sha256, rsa_pkcs1_sha384, rsa_pkcs1_sha512,
>dsa_sha256, ecdsa_sha1, rsa_pkcs1_sha1, dsa_sha1]
>
> },
>
> "status_request_v2 (17)": {
>
> "cert status request": {
>
> "certificate status type": ocsp_multi
>
> "OCSP status request": {
>
> "responder_id": <empty>
>
> "request extensions": {
>
> <empty>
>
> }
>
> }
>
> }
>
> },
>
> "extended_master_secret (23)": {
>
> <empty>
>
> },
>
> "supported_versions (43)": {
>
> "versions": [TLSv1.2]
>
> }
>
> ]
>
>}
>
>)
>
>javax.net.ssl|DEBUG|01|main|2021-09-21 07:12:50.960
>EDT|SSLSocketOutputRecord.java:241|WRITE: TLS12 handshake, length = 311
>
>javax.net.ssl|DEBUG|01|main|2021-09-21 07:12:50.960
>EDT|SSLSocketOutputRecord.java:255|Raw write (
>
> 0000: 16 03 03 01 37 01 00 01 33 03 03 B5 DF 63 90 04 ....7...3....c..
>
> 0010: 66 83 D7 28 D2 8E 01 2B BB 91 26 EA EF DB B0 AC f..(...+..&.....
>
> 0020: CF AE D8 3E 4E DF 1C 82 DB 01 D0 00 00 56 C0 2C ...>N........V.,
>
> 0030: C0 2B C0 30 00 9D C0 2E C0 32 00 9F 00 A3 C0 2F .+.0.....2...../
>
> 0040: 00 9C C0 2D C0 31 00 9E 00 A2 C0 24 C0 28 00 3D ...-.1.....$.(.=
>
> 0050: C0 26 C0 2A 00 6B 00 6A C0 0A C0 14 00 35 C0 05 .&.*.k.j.....5..
>
> 0060: C0 0F 00 39 00 38 C0 23 C0 27 00 3C C0 25 C0 29 ...9.8.#.'.<.%.)
>
> 0070: 00 67 00 40 C0 09 C0 13 00 2F C0 04 C0 0E 00 33
>.g. at ...../.....3<mailto:.g. at ...../.....3>
>
> 0080: 00 32 00 FF 01 00 00 B4 00 00 00 19 00 17 00 00 .2..............
>
> 0090: 14 75 6E 62 61 6C 65 2E 6D 61 6E 64 74 62 61 6E .unbale.mandtban
>
> 00A0: 6B 2E 63 6F 6D 00 05 00 05 01 00 00 00 00 00 0A k.com...........
>
> 00B0: 00 20 00 1E 00 17 00 18 00 19 00 09 00 0A 00 0B . ..............
>
> 00C0: 00 0C 00 0D 00 0E 00 16 01 00 01 01 01 02 01 03 ................
>
> 00D0: 01 04 00 0B 00 02 01 00 00 0D 00 22 00 20 04 03 ...........". ..
>
> 00E0: 05 03 06 03 08 04 08 05 08 06 08 09 08 0A 08 0B ................
>
> 00F0: 04 01 05 01 06 01 04 02 02 03 02 01 02 02 00 32 ...............2
>
> 0100: 00 22 00 20 04 03 05 03 06 03 08 04 08 05 08 06 .". ............
>
> 0110: 08 09 08 0A 08 0B 04 01 05 01 06 01 04 02 02 03 ................
>
> 0120: 02 01 02 02 00 11 00 09 00 07 02 00 04 00 00 00 ................
>
> 0130: 00 00 17 00 00 00 2B 00 03 02 03 03 ......+.....
>
>)
>
>javax.net.ssl|DEBUG|01|main|2021-09-21 07:12:50.960
>EDT|SSLSocketInputRecord.java:451|Raw read: EOF
>
>javax.net.ssl|ERROR|01|main|2021-09-21 07:12:50.960
>EDT|TransportContext.java:313|Fatal (HANDSHAKE_FAILURE): Couldn't
>kickstart handshaking (
>
>"throwable" : {
>
> javax.net.ssl.SSLHandshakeException: Remote host terminated the handshake
>
> at
>java.base/sun.security.ssl.SSLSocketImpl.handleEOF(SSLSocketImpl.java:1321)
>
> at
>java.base/sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1160)
>
> at
>java.base/sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.j
>ava:1063)
>
> at
>java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:40
>2)
>
> at
>java.base/sun.security.ssl.SSLSocketImpl.ensureNegotiated(SSLSocketImpl.java:7
>16)
>
> at
>java.base/sun.security.ssl.SSLSocketImpl$AppOutputStream.write(SSLSocketImp
>l.java:970)
>
> at
>java.base/sun.security.ssl.SSLSocketImpl$AppOutputStream.write(SSLSocketImp
>l.java:942)
>
> at xxxx.main(SSLPoke.java:53)
>
> Caused by: java.io.EOFException: SSL peer shut down incorrectly
>
> at
>java.base/sun.security.ssl.SSLSocketInputRecord.decode(SSLSocketInputRecord.j
>ava:167)
>
> at
>java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:108)
>
> at
>java.base/sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1152)
>
> ... 6 more}
>
>
>
>)
>
>javax.net.ssl|DEBUG|01|main|2021-09-21 07:12:50.960
>EDT|SSLSocketOutputRecord.java:71|WRITE: TLS12 alert(handshake_failure),
>length = 2
>
>javax.net.ssl|DEBUG|01|main|2021-09-21 07:12:50.960
>EDT|SSLSocketOutputRecord.java:85|Raw write (
>
> 0000: 15 03 03 00 02 02 28 ......(
>
>)
>
>javax.net.ssl|DEBUG|01|main|2021-09-21 07:12:50.960
>EDT|SSLSocketImpl.java:1361|close the underlying socket
>
>javax.net.ssl|DEBUG|01|main|2021-09-21 07:12:50.960
>EDT|SSLSocketImpl.java:1380|close the SSL connection (initiative)
>
>javax.net.ssl.SSLHandshakeException: Remote host terminated the handshake
>
> at
>java.base/sun.security.ssl.SSLSocketImpl.handleEOF(SSLSocketImpl.java:1321)
>
> at
>java.base/sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1160)
>
> at
>java.base/sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.j
>ava:1063)
>
> at
>java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:40
>2)
>
> at
>java.base/sun.security.ssl.SSLSocketImpl.ensureNegotiated(SSLSocketImpl.java:7
>16)
>
> at
>java.base/sun.security.ssl.SSLSocketImpl$AppOutputStream.write(SSLSocketImp
>l.java:970)
>
> at
>java.base/sun.security.ssl.SSLSocketImpl$AppOutputStream.write(SSLSocketImp
>l.java:942)
>
> at xxx.main(SSLPoke.java:53)
>
>Caused by: java.io.EOFException: SSL peer shut down incorrectly
>
> at
>java.base/sun.security.ssl.SSLSocketInputRecord.decode(SSLSocketInputRecord.j
>ava:167)
>
> at
>java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:108)
>
> at
>java.base/sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1152)
>
> ... 6 more
>
>
>
>From: Bernd Eckenfels
><ecki at zusammenkunft.net<mailto:ecki at zusammenkunft.net>>
>Sent: Tuesday, September 21, 2021 7:07 AM
>To: Wan, Thomas <xwan at mtb.com<mailto:xwan at mtb.com>>; jdk8u-
>dev at openjdk.java.net<mailto:jdk8u-dev at openjdk.java.net>
>Subject: Re: Welcome to the "jdk8u-dev" mailing list (Digest mode)
>
>
>
>External Email: Use caution & trust the source before clicking links or opening
>attachments.
>
>
>
>It normally means the peer does not like your cipher or protocol selection or
>maybe the peer has a wrongly configured certificate. The actual reason why the
>peer shuts down the connection so unclear should be logged on the remote site.
>
>
>
>
>
>--
>
>http://bernd.eckenfels.net<https://urldefense.com/v3/__http:/bernd.eckenfels.
>net__;!!BqwCqLE!Y6RvFBCm67VJZMyI3xEFyrnkbVOMiME93Jmn5Uw9t-
>vd7fVNT6ajpBkkdQ$>
>
>________________________________
>
>Von: jdk8u-dev <jdk8u-dev-retn at openjdk.java.net<mailto:jdk8u-dev-
>retn at openjdk.java.net>> im Auftrag von Wan, Thomas
><xwan at mtb.com<mailto:xwan at mtb.com>>
>Gesendet: Tuesday, September 21, 2021 1:02:05 PM
>An: jdk8u-dev at openjdk.java.net<mailto:jdk8u-dev at openjdk.java.net> <jdk8u-
>dev at openjdk.java.net<mailto:jdk8u-dev at openjdk.java.net>>
>Betreff: FW: Welcome to the "jdk8u-dev" mailing list (Digest mode)
>
>
>
>It seems jdk8u202 was working well with ldap ssl.
>
>Since then all other jdk 8 release has the same error as below, any idea what is
>wrong?
>I compared the source code, it seems sun.security package has been changed a
>lot since jdk8u202
>
>javax.net.ssl|FINE|01|main|2021-09-21 07:00:24.874
>EDT|SSLSocketImpl.java:1629|close the SSL connection (initiative)
>javax.net.ssl.SSLHandshakeException: Remote host terminated the handshake
> at sun.security.ssl.SSLSocketImpl.handleEOF(SSLSocketImpl.java:1570)
> at sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1400)
> at
>sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1300)
> at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:435)
> at sun.security.ssl.SSLSocketImpl.ensureNegotiated(SSLSocketImpl.java:813)
> at sun.security.ssl.SSLSocketImpl.access$200(SSLSocketImpl.java:73)
> at
>sun.security.ssl.SSLSocketImpl$AppOutputStream.write(SSLSocketImpl.java:117
>5)
> at
>sun.security.ssl.SSLSocketImpl$AppOutputStream.write(SSLSocketImpl.java:114
>7)
> at com.mtb.cwp.SSLPoke.main(SSLPoke.java:53)
>Caused by: java.io.EOFException: SSL peer shut down incorrectly
> at
>sun.security.ssl.SSLSocketInputRecord.decode(SSLSocketInputRecord.java:167)
> at sun.security.ssl.SSLTransport.decode(SSLTransport.java:109)
> at sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1392)
> ... 7 more
>
>-----Original Message-----
>From: jdk8u-dev <jdk8u-dev-retn at openjdk.java.net<mailto:jdk8u-dev-
>retn at openjdk.java.net>> On Behalf Of jdk8u-dev-
>request at openjdk.java.net<mailto:jdk8u-dev-request at openjdk.java.net>
>Sent: Tuesday, September 21, 2021 6:59 AM
>To: Wan, Thomas <xwan at mtb.com<mailto:xwan at mtb.com>>
>Subject: Welcome to the "jdk8u-dev" mailing list (Digest mode)
>
>External Email: Use caution & trust the source before clicking links or opening
>attachments.
>
>Welcome to the jdk8u-dev at openjdk.java.net<mailto:jdk8u-
>dev at openjdk.java.net> mailing list!
>
>To post to this list, send your message to:
>
> jdk8u-dev at openjdk.java.net<mailto:jdk8u-dev at openjdk.java.net>
>
>General information about the mailing list is at:
>
>
>https://urldefense.com/v3/__https://mail.openjdk.java.net/mailman/listinfo/jdk
>8u-
>dev__;!!BqwCqLE!ZIO_EEHQrFS7E_OnoJLCXeaPg3yGs34eHn1NDQe90P94kowG
>3GLURaDcAw$<https://urldefense.com/v3/__https:/mail.openjdk.java.net/mail
>man/listinfo/jdk8u-
>dev__;!!BqwCqLE!ZIO_EEHQrFS7E_OnoJLCXeaPg3yGs34eHn1NDQe90P94kowG
>3GLURaDcAw$>
>
>If you ever want to unsubscribe or change your options (eg, switch to or from
>digest mode, change your password, etc.), visit your subscription page at:
>
>
>https://urldefense.com/v3/__https://mail.openjdk.java.net/mailman/options/jd
>k8u-
>dev/xwan*40mtb.com__;JQ!!BqwCqLE!ZIO_EEHQrFS7E_OnoJLCXeaPg3yGs34e
>Hn1NDQe90P94kowG3GLAPC2SIg$<https://urldefense.com/v3/__https:/mail.o
>penjdk.java.net/mailman/options/jdk8u-
>dev/xwan*40mtb.com__;JQ!!BqwCqLE!ZIO_EEHQrFS7E_OnoJLCXeaPg3yGs34e
>Hn1NDQe90P94kowG3GLAPC2SIg$>
>
>
>You can also make such adjustments via email by sending a message to:
>
> jdk8u-dev-request at openjdk.java.net<mailto:jdk8u-dev-
>request at openjdk.java.net>
>
>with the word `help' in the subject or body (don't include the quotes), and you
>will get back a message with instructions.
>
>You must know your password to change your options (including changing the
>password, itself) or to unsubscribe without confirmation. It is:
>
> Grace0208
>
>Normally, Mailman will remind you of your openjdk.java.net mailing list
>passwords once every month, although you can disable this if you prefer. This
>reminder will also include instructions on how to unsubscribe or change your
>account options. There is also a button on your options page that will email your
>current password to you.
>
>**************************************************************
>********
>This email may contain privileged and/or confidential information that is intended
>solely for the use of the addressee. If you are not the intended recipient or
>entity, you are strictly prohibited from disclosing, copying, distributing or using
>any of the information contained in the transmission. If you received this
>communication in error, please contact the sender immediately and destroy the
>material in its entirety, whether electronic or hard copy. This communication
>may contain nonpublic personal information about consumers subject to the
>restrictions of the Gramm-Leach-Bliley Act and the Sarbanes-Oxley Act. You may
>not directly or indirectly reuse or disclose such information for any purpose other
>than to provide the services for which you are receiving the information. There
>are risks associated with the use of electronic transmission. The sender of this
>information does not control the method of transmittal or service providers and
>assumes no duty or obligation for the security, receipt, or third party interception
>of this transmission.
More information about the jdk8u-dev
mailing list