Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
404 views
in Technique[技术] by (71.8m points)

java - "Received fatal alert: handshake_failure" in jlinked JRE

My Java program sends requests by java.net.http.HttpClient (Java 11).

It works when I am running it in Eclipse on OpenJDK 11's JRE.

On custom jlinked JRE, I get an error:

java.io.IOException: Received fatal alert: handshake_failure

I suppose the problem is with my custom JRE.

See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Reply

0 votes
by (71.8m points)

TL;DR jlink without jdk.crypto.ec cannot talk to a server that has an elliptic curve certificate. You get a handshake_failure error when trying to talk to a server running with this.

When you build a deployable jre, if you do not include the jdk.crypto.ec module, then it will be unable to talk to servers that only have an elliptic curve certificate. I mocked up one using:

out_dom=localhost
subj="/C=IE/CN=localhost"
openssl ecparam -name secp384r1 -genkey 
    -out $out_dom.key
openssl req -new 
    -subj "$subj" 
    -key $out_dom.key 
    -out $out_dom.csr
openssl req -x509 -nodes 
    -days 365 
    -key $out_dom.key 
    -in $out_dom.csr 
    -out $out_dom.crt

When I talk to this server with the standard JRE, I get the error about PKIX path building failed - i.e. the cert isn't in the cacerts file.

When I created a jlink jre using:

jlink --module-path . --add-modules java.base --output jlinked

and ran: jlinked/bin/java with a test TLS app, I got the error: Received fatal alert: handshake_failure, which is the same as the OP's problem.

When I added:

jlink --module-path . 
    --add-modules java.base 
    --add-modules jdk.crypto.ec 
    --output jlinked

and re-ran, I experienced the PKIX path building failed error, which indicates that it's working properly.


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
OGeek|极客中国-欢迎来到极客的世界,一个免费开放的程序员编程交流平台!开放,进步,分享!让技术改变生活,让极客改变未来! Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...