Server chose TLSv1.2, but that protocol version is not enabled
clehene opened this issue · comments
Current behavior
Server chose TLSv1.2, but that protocol version is not enabled or not supported by the client.; <--- javax.net.ssl.SSLHandshakeException: Server chose TLSv1.2, but that protocol version is not enabled or not supported by the client. in jodd.http.HttpException: Server chose TLSv1.2, but that protocol version is not enabled or not supported by the client.; <--- javax.net.ssl.SSLHandshakeException: Server chose TLSv1.2, but that protocol version is not enabled or not supported by the client.
at jodd.http.net.SocketHttpConnectionProvider.createHttpConnection(SocketHttpConnectionProvider.java:127)
at jodd.http.HttpRequest.open(HttpRequest.java:775)
at jodd.http.HttpRequest.open(HttpRequest.java:762)
at jodd.http.HttpRequest._send(HttpRequest.java:887)
at jodd.http.HttpRequest.send(HttpRequest.java:853)
Caused by: javax.net.ssl.SSLHandshakeException: Server chose TLSv1.2, but that protocol version is not enabled or not supported by the client.
at sun.security.ssl.ClientHandshaker.serverHello(ClientHandshaker.java:461)
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:207)
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1039)
at sun.security.ssl.Handshaker.process_record(Handshaker.java:967)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1064)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1367)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1395)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1379)
at jodd.http.net.SocketHttpSecureConnection.init(SocketHttpSecureConnection.java:43)
at jodd.http.net.SocketHttpConnectionProvider.createHttpConnection(SocketHttpConnectionProvider.java:122)
... 8 more
Expected behavior
I'm expecting that this would work or at least have an option to set supported protocols with the underlying socket options.
Steps to Reproduce the Problem
HttpRequest req = new HttpRequest().method("GET")
.timeout((int) Duration.ofSeconds(5).toMillis())
.connectionTimeout((int) Duration.ofSeconds(5).toMillis())
.protocol("https")
.trustAllCerts(true)
.verifyHttpsHost(false)
.host("bnr.ro")
.path("/nbrfxrates.xml");
I'm expecting that this would work or at least have an option to set supported protocols with the underlying socket options.
This seems to be an issue with your JVM's SSL configuration. You should probably enable that globally.
Alternatively, I would assume playing around with SocketHttpConnectionProvider.setSecuredProtocols and HttpRequest.withConnectionProvider might also get you there.
@neroux thank you, I was not able to get it working by changing the JVM so switched to okhttp. It's possible that it's JVM related. I I've replaced both the library and the jvm in the meantime, fixed it and won't have time to revert / test.
What's weird, is that it stopped working and started seeing errors in both the deployed containers and local (different JVMs) at around the same time.
If you believe it's unrelated to the library, please feel free to close the issue!
Thanx @clehene, no problem! Did you specify anything specific for okhttp?
Maybe this helps: You could just add the following property -Dhttps.protocols=TLSv1.1,TLSv1.2 which configures the JVM to specify which TLS protocol version should be used during https connections.
@igr thank you! I think it would be worth adding a note in the docs, regardless of whether this is an issue or not.
Added documentation :)