3

I have created a Java application that connects to (various public) remote servers via SSL. Everything works fine on my development machine. However, a user has reported the SSL connection can't be established on his machine, he gets this error:

C:\Program Files (x86)\Test>JRE\bin\java.exe --version
java 11.0.2 2019-01-15 LTS
Java(TM) SE Runtime Environment 18.9 (build 11.0.2+9-LTS)
Java HotSpot(TM) 64-Bit Server VM 18.9 (build 11.0.2+9-LTS, mixed mode)

C:\Program Files (x86)\Test>JRE\bin\java.exe -jar Test.jar
javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure

I ship my application with a modularized/stirpped-down JRE11. So since I don't get this error on my machine but this user does, I assume I am missing to include a necessary Java module with the shipped JRE.

How can I find out if that is really the issue and which module is missing?

Update:
I managed to reproduce the error on my machine. Turns out that with the modularized JRE I get the following exception when trying to connect via SSL:

javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
java.base/sun.security.ssl.Alert.createSSLException(Unknown Source)
java.base/sun.security.ssl.Alert.createSSLException(Unknown Source)
java.base/sun.security.ssl.TransportContext.fatal(Unknown Source)
java.base/sun.security.ssl.Alert$AlertConsumer.consume(Unknown Source)
java.base/sun.security.ssl.TransportContext.dispatch(Unknown Source)
java.base/sun.security.ssl.SSLTransport.decode(Unknown Source)
java.base/sun.security.ssl.SSLEngineImpl.decode(Unknown Source)
java.base/sun.security.ssl.SSLEngineImpl.readRecord(Unknown Source)
java.base/sun.security.ssl.SSLEngineImpl.unwrap(Unknown Source)
java.base/sun.security.ssl.SSLEngineImpl.unwrap(Unknown Source)
java.base/javax.net.ssl.SSLEngine.unwrap(Unknown Source)
org.jboss.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1225)
org.jboss.netty.handler.ssl.SslHandler.decode(SslHandler.java:913)
org.jboss.netty.handler.codec.frame.FrameDecoder.callDecode(FrameDecoder.java:425)
org.jboss.netty.handler.codec.frame.FrameDecoder.messageReceived(FrameDecoder.java:303)
org.jboss.netty.handler.traffic.AbstractTrafficShapingHandler.messageReceived(AbstractTrafficShapingHandler.java:408)
org.jboss.netty.channel.Channels.fireMessageReceived(Channels.java:268)
org.jboss.netty.channel.Channels.fireMessageReceived(Channels.java:255)
org.jboss.netty.channel.socket.nio.NioWorker.read(NioWorker.java:88)
org.jboss.netty.channel.socket.nio.AbstractNioWorker.process(AbstractNioWorker.java:109)
org.jboss.netty.channel.socket.nio.AbstractNioSelector.run(AbstractNioSelector.java:328)
org.jboss.netty.channel.socket.nio.AbstractNioWorker.run(AbstractNioWorker.java:90)
org.jboss.netty.channel.socket.nio.NioWorker.run(NioWorker.java:178)
java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
java.base/java.lang.Thread.run(Unknown Source)

But there is no class missing from this error message. Which module do I need to add to my stripped-down JRE11?

Matthias
  • 9,817
  • 14
  • 66
  • 125

1 Answers1

3

Ok, found the missing module, it was jdk.crypto.ec.

Provides the implementation of the SunEC security provider.

Basil Bourque
  • 303,325
  • 100
  • 852
  • 1,154
Matthias
  • 9,817
  • 14
  • 66
  • 125