Aftermath of TLS 1.3 in Java 11 with wrapped IOExceptions

Michael Osipov 1983-01-06 at
Sun Dec 1 13:37:20 UTC 2019

Hi folks,

I am one of the Apache HttpComponents committers and we get these nags
once in a while:


It all boils down to that IOExceptions are not thrown as-is after the
introduction of TLS 1.3 in Java 11, but now wrapped in SSLExceptions
(partially fixed by JDK-8214339). This is counterproductive.


* Why has this change been made?
* Why has the incompatible change not properly communicated to the
* Can this be restored back to Java 8 behavior for 15 (14 not likely?!)
and 11u?

Looking into [1] the following requirements have been broken:
>   - Verify that the implementation does not break backward compatibility in unexpected ways.
>   - Verify that the implementation does not introduce any unexpected interoperability issues.

@Rory, can you engage also with Apache HttpComponents? We are not happy
with the situation.
I see your mails on other MLs like Maven and Tomcat where I commit too.




More information about the security-dev mailing list