[External] : Re: Http3 Client times out for an untrusted certificate

Josiah Noel josiahnoel at gmail.com
Fri Nov 7 00:55:04 UTC 2025 

It seems that this issue only manifests itself when an httpserver is
running tcp on the same port. Attached is a jbang script that illustrates
this issue.

On Thu, Nov 6, 2025 at 4:04 PM Josiah Noel <josiahnoel at gmail.com> wrote:

> I haven't faced any such exception, give me some time and I'll extract a
> minimal example with steps to reproduce the problem.
>
> On Thu, Nov 6, 2025 at 1:41 PM Daniel Fuchs <daniel.fuchs at oracle.com>
> wrote:
>
>> Hi Josiah,
>>
>> When trying the same (I modified H3SimpleTest to not pass
>> the SSLContext to the client, and tried various configuration
>> with setting HTTP/3 on either the HttpRequest or client or both),
>> I always get an exception of the form shown below.
>>
>> What result did you get? Didn't you get any exception, or maybe
>> a different exception?
>>
>> javax.net.ssl.SSLHandshakeException: QUIC connection establishment failed
>>         at
>>
>> java.net.http/jdk.internal.net.http.HttpClientImpl.send(HttpClientImpl.java:1008)
>>         at
>>
>> java.net.http/jdk.internal.net.http.HttpClientFacade.send(HttpClientFacade.java:133)
>>         at H3SimpleTest.testBasicRequests(H3SimpleTest.java:116)
>>          ...
>> Caused by: javax.net.ssl.SSLHandshakeException: QUIC connection
>> establishment failed
>>         at
>>
>> java.net.http/jdk.internal.net.http.quic.QuicConnectionImpl$HandshakeFlow.sslHandshakeException(QuicConnectionImpl.java:608)
>>         at
>>
>> java.net.http/jdk.internal.net.http.quic.QuicConnectionImpl$HandshakeFlow.failHandshakeCFs(QuicConnectionImpl.java:593)
>>         at
>>
>> java.net.http/jdk.internal.net.http.quic.ConnectionTerminatorImpl.failHandshakeCFs(ConnectionTerminatorImpl.java:368)
>>         at
>>
>> java.net.http/jdk.internal.net.http.quic.ConnectionTerminatorImpl.failHandshakeCFs(ConnectionTerminatorImpl.java:363)
>>         at
>>
>> java.net.http/jdk.internal.net.http.quic.ConnectionTerminatorImpl.immediateClose(ConnectionTerminatorImpl.java:257)
>>         at
>>
>> java.net.http/jdk.internal.net.http.quic.ConnectionTerminatorImpl.doTerminate(ConnectionTerminatorImpl.java:128)
>>         at
>>
>> java.net.http/jdk.internal.net.http.quic.ConnectionTerminatorImpl.terminate(ConnectionTerminatorImpl.java:86)
>>         at
>>
>> java.net.http/jdk.internal.net.http.quic.QuicConnectionImpl.processHandshakePacket(QuicConnectionImpl.java:2403)
>>         at
>>
>> java.net.http/jdk.internal.net.http.quic.QuicConnectionImpl.processDecrypted(QuicConnectionImpl.java:1965)
>>         at
>>
>> java.net.http/jdk.internal.net.http.quic.QuicConnectionImpl.decrypt(QuicConnectionImpl.java:741)
>>         at
>>
>> java.net.http/jdk.internal.net.http.quic.QuicConnectionImpl.internalProcessIncoming(QuicConnectionImpl.java:1899)
>>         at
>>
>> java.net.http/jdk.internal.net.http.quic.QuicConnectionImpl.incoming(QuicConnectionImpl.java:701)
>>         at
>>
>> java.net.http/jdk.internal.net.http.common.SequentialScheduler$LockingRestartableTask.run(SequentialScheduler.java:182)
>>         at
>>
>> java.net.http/jdk.internal.net.http.common.SequentialScheduler$CompleteRestartableTask.run(SequentialScheduler.java:149)
>>         at
>>
>> java.net.http/jdk.internal.net.http.common.SequentialScheduler$SchedulableTask.run(SequentialScheduler.java:207)
>>         at
>>
>> java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1090)
>>         at
>>
>> java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:614)
>>         ... 1 more
>> Caused by: java.io.IOException: certificate_unknown
>>         at
>>
>> java.net.http/jdk.internal.net.http.quic.TerminationCause.toReportedCause(TerminationCause.java:131)
>>         at
>>
>> java.net.http/jdk.internal.net.http.quic.TerminationCause.<init>(TerminationCause.java:49)
>>         at
>>
>> java.net.http/jdk.internal.net.http.quic.TerminationCause$TransportError.<init>(TerminationCause.java:151)
>>         at
>>
>> java.net.http/jdk.internal.net.http.quic.TerminationCause.forException(TerminationCause.java:102)
>>         ... 11 more
>>
>>
>> On 06/11/2025 16:52, Josiah Noel wrote:
>> > Indeed I'm using a self signed cert created by mkcert for the server. I
>> > created a keystore out of it, and used the same sslcontext for both the
>> > server and the client. Attached are my logs.
>>
>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.openjdk.org/pipermail/net-dev/attachments/20251106/0dd4dbff/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: UntrustedHttp3.java
Type: application/octet-stream
Size: 3306 bytes
Desc: not available
URL: <https://mail.openjdk.org/pipermail/net-dev/attachments/20251106/0dd4dbff/UntrustedHttp3.java>

More information about the net-dev mailing list