Aftermath of TLS 1.3 in Java 11 with wrapped IOExceptions
Michael Osipov
1983-01-06 at gmx.net
Sun Dec 1 13:37:20 UTC 2019
Hi folks,
I am one of the Apache HttpComponents committers and we get these nags
once in a while:
-
https://github.com/apache/httpcomponents-client/pull/178#discussion_r351492056
- https://issues.apache.org/jira/browse/HTTPCLIENT-2032
- https://stackoverflow.com/q/56306216/696632
It all boils down to that IOExceptions are not thrown as-is after the
introduction of TLS 1.3 in Java 11, but now wrapped in SSLExceptions
(partially fixed by JDK-8214339). This is counterproductive.
Questions:
* Why has this change been made?
* Why has the incompatible change not properly communicated to the
users/community?
* Can this be restored back to Java 8 behavior for 15 (14 not likely?!)
and 11u?
Looking into [1] the following requirements have been broken:
> - Verify that the implementation does not break backward compatibility in unexpected ways.
> - Verify that the implementation does not introduce any unexpected interoperability issues.
@Rory, can you engage also with Apache HttpComponents? We are not happy
with the situation.
I see your mails on other MLs like Maven and Tomcat where I commit too.
Regards,
Michael
[1] https://bugs.java.com/bugdatabase/view_bug.do?bug_id=8145252
More information about the security-dev
mailing list