[External] : Re: Http3 Client times out for an untrusted certificate

Josiah Noel josiahnoel at gmail.com
Fri Nov 7 12:43:31 UTC 2025 

I see, thanks for looking into it.

On Fri, Nov 7, 2025, 6:56 AM Daniel Fuchs <daniel.fuchs at oracle.com> wrote:

> Hi Josiah,
>
> On 07/11/2025 09:46, Daniel Fuchs wrote:
> > Does the server supports https? Because if the server does not
> > support https it might just be trying to read the request line
> > before responding, and the client might be waiting for the server
> > hello. The same would happen with HTTP/1.1 if you tried to use
> > https with a server that only supports http.
>
> So that seems to be the issue.
> I had a look at your script - and I believe that if
> you had used HttpsServer.create() instead of HttpServer.create()
> you would have got the exception as expected.
>
> I am not sure there's much we can do there. If you try to send
> an HTTP/1.1 https:// request to that server youn will observe
> the same behavior.
>
> Specifically try this:
>
> ```
>      // http1 server on tcp 8080
>      // btw what if we made a conveniece method? I'll contribute it
> myself, just say the word
>      var http1 = HttpServer.create(new InetSocketAddress(8080), 0);
>      http1.createContext("/", ctx -> ctx.sendResponseHeaders(101, -1));
>      http1.start();
>
>      var client = HttpClient.newBuilder()
>         .version(HttpClient.Version.HTTP_1_1)
>         .build();
>      var request = HttpRequest.newBuilder()
>         .uri(URI.create("https://localhost:8080/"))
>         .build();
>      System.out.println("req: " + request);
>      var resp = client.send(request, HttpResponse.BodyHandlers.ofString());
>      System.out.println("resp: " + resp);
> ```
>
> This has the same behaviour and does not involve HTTP/3.
> To see the exception, add this to the request in your
> original script:
>
> ```
> import java.net.http.HttpOption;
> import static java.net.http.HttpOption.H3_DISCOVERY;
> import static java.net.http.HttpOption.Http3DiscoveryMode.HTTP_3_URI_ONLY;
>
> ...
>
>       HttpRequest.newBuilder().uri(URI.create("https://localhost:8080"))
>          .setOption(H3_DISCOVERY, HTTP_3_URI_ONLY)   <<<<< HTTP/3 only
>          .GET().build(),
> ```
>
> this will prevent the client from falling back to TCP.
>
> best regards,
>
> -- daniel
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.openjdk.org/pipermail/net-dev/attachments/20251107/07ba50b1/attachment-0001.htm>

More information about the net-dev mailing list