[External] : Re: Http3 Client times out for an untrusted certificate

Daniel Fuchs daniel.fuchs at oracle.com
Thu Nov 6 18:41:04 UTC 2025 

Hi Josiah,

When trying the same (I modified H3SimpleTest to not pass
the SSLContext to the client, and tried various configuration
with setting HTTP/3 on either the HttpRequest or client or both),
I always get an exception of the form shown below.

What result did you get? Didn't you get any exception, or maybe
a different exception?

javax.net.ssl.SSLHandshakeException: QUIC connection establishment failed
	at 
java.net.http/jdk.internal.net.http.HttpClientImpl.send(HttpClientImpl.java:1008)
	at 
java.net.http/jdk.internal.net.http.HttpClientFacade.send(HttpClientFacade.java:133)
	at H3SimpleTest.testBasicRequests(H3SimpleTest.java:116)
         ...
Caused by: javax.net.ssl.SSLHandshakeException: QUIC connection 
establishment failed
	at 
java.net.http/jdk.internal.net.http.quic.QuicConnectionImpl$HandshakeFlow.sslHandshakeException(QuicConnectionImpl.java:608)
	at 
java.net.http/jdk.internal.net.http.quic.QuicConnectionImpl$HandshakeFlow.failHandshakeCFs(QuicConnectionImpl.java:593)
	at 
java.net.http/jdk.internal.net.http.quic.ConnectionTerminatorImpl.failHandshakeCFs(ConnectionTerminatorImpl.java:368)
	at 
java.net.http/jdk.internal.net.http.quic.ConnectionTerminatorImpl.failHandshakeCFs(ConnectionTerminatorImpl.java:363)
	at 
java.net.http/jdk.internal.net.http.quic.ConnectionTerminatorImpl.immediateClose(ConnectionTerminatorImpl.java:257)
	at 
java.net.http/jdk.internal.net.http.quic.ConnectionTerminatorImpl.doTerminate(ConnectionTerminatorImpl.java:128)
	at 
java.net.http/jdk.internal.net.http.quic.ConnectionTerminatorImpl.terminate(ConnectionTerminatorImpl.java:86)
	at 
java.net.http/jdk.internal.net.http.quic.QuicConnectionImpl.processHandshakePacket(QuicConnectionImpl.java:2403)
	at 
java.net.http/jdk.internal.net.http.quic.QuicConnectionImpl.processDecrypted(QuicConnectionImpl.java:1965)
	at 
java.net.http/jdk.internal.net.http.quic.QuicConnectionImpl.decrypt(QuicConnectionImpl.java:741)
	at 
java.net.http/jdk.internal.net.http.quic.QuicConnectionImpl.internalProcessIncoming(QuicConnectionImpl.java:1899)
	at 
java.net.http/jdk.internal.net.http.quic.QuicConnectionImpl.incoming(QuicConnectionImpl.java:701)
	at 
java.net.http/jdk.internal.net.http.common.SequentialScheduler$LockingRestartableTask.run(SequentialScheduler.java:182)
	at 
java.net.http/jdk.internal.net.http.common.SequentialScheduler$CompleteRestartableTask.run(SequentialScheduler.java:149)
	at 
java.net.http/jdk.internal.net.http.common.SequentialScheduler$SchedulableTask.run(SequentialScheduler.java:207)
	at 
java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1090)
	at 
java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:614)
	... 1 more
Caused by: java.io.IOException: certificate_unknown
	at 
java.net.http/jdk.internal.net.http.quic.TerminationCause.toReportedCause(TerminationCause.java:131)
	at 
java.net.http/jdk.internal.net.http.quic.TerminationCause.<init>(TerminationCause.java:49)
	at 
java.net.http/jdk.internal.net.http.quic.TerminationCause$TransportError.<init>(TerminationCause.java:151)
	at 
java.net.http/jdk.internal.net.http.quic.TerminationCause.forException(TerminationCause.java:102)
	... 11 more


On 06/11/2025 16:52, Josiah Noel wrote:
> Indeed I'm using a self signed cert created by mkcert for the server. I 
> created a keystore out of it, and used the same sslcontext for both the 
> server and the client. Attached are my logs.

More information about the net-dev mailing list