Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

javax.net.ssl.SSLException: No PSK available. Unable to resume

I am using Jetty client to send outgoing requests. Code that runs perfectly under Java 10 suddenly gets the following exception under Java 11:

javax.net.ssl.SSLException: No PSK available. Unable to resume.
    at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:129)
    at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:117)
    at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:308)
    at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:264)
    at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:255)
    at java.base/sun.security.ssl.ServerHello$T13ServerHelloConsumer.consume(ServerHello.java:1224)
    at java.base/sun.security.ssl.ServerHello$ServerHelloConsumer.onServerHello(ServerHello.java:984)
    at java.base/sun.security.ssl.ServerHello$ServerHelloConsumer.consume(ServerHello.java:872)
    at java.base/sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:392)
    at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:444)
    at java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1065)
    at java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1052)
    at java.base/java.security.AccessController.doPrivileged(Native Method)
    at java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:999)
    at org.eclipse.jetty.io.ssl.SslConnection$DecryptedEndPoint.fill(SslConnection.java:511)
    at org.eclipse.jetty.client.http.HttpReceiverOverHTTP.process(HttpReceiverOverHTTP.java:128)
    at org.eclipse.jetty.client.http.HttpReceiverOverHTTP.receive(HttpReceiverOverHTTP.java:73)
    at org.eclipse.jetty.client.http.HttpChannelOverHTTP.receive(HttpChannelOverHTTP.java:133)
    at org.eclipse.jetty.client.http.HttpConnectionOverHTTP.onFillable(HttpConnectionOverHTTP.java:155)
    at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:305)
    at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:103)
    at org.eclipse.jetty.io.ssl.SslConnection$DecryptedEndPoint.onFillable(SslConnection.java:411)
    at org.eclipse.jetty.io.ssl.SslConnection.onFillable(SslConnection.java:305)
    at org.eclipse.jetty.io.ssl.SslConnection$2.succeeded(SslConnection.java:159)
    at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:103)
    at org.eclipse.jetty.io.ChannelEndPoint$2.run(ChannelEndPoint.java:118)

I filed a bug report with Jetty here but I'm wondering: what does the error message actually mean? Is something wrong in my environment or does the error mean that Jetty is not configuring the connection correctly?

like image 480
Gili Avatar asked Sep 30 '18 02:09

Gili


3 Answers

there is a bug in JDK 11: https://bugs.openjdk.java.net/browse/JDK-8213202

you have to either:

  • wait for the release of JDK 12
  • update to JDK 11.0.3+ that includes backport
  • or use this command line parameter as a workaround: -Dhttps.protocols=TLSv1,TLSv1.1,TLSv1.2
like image 192
Adam from WALCZAK.IT Avatar answered Nov 04 '22 07:11

Adam from WALCZAK.IT


As Adam from WALCZAK.IT's answer didn't work for me, I found out that the final solution is to add TLSv1.3 to the jdk.tls.disabledAlgorithms in java.security file under conf in your java directory.

So, open java.security under %JAVA_HOME%\conf, find jdk.tls.disabledAlgorithms and append , TLSv1.3.

like image 38
balsick Avatar answered Nov 04 '22 07:11

balsick


I found a solution that worked for me that add this into your gradle.properties.

Dhttps.protocols=TLSv1,TLSv1.1,TLSv1.2
JAVA_TOOL_OPTIONS=-Dhttps.protocols=TLSv1.2
systemProp.http.proxyHost=fodev.org
systemProp.http.proxyPort=8118
systemProp.http.nonProxyHosts=*.jitpack.io, *.maven.org
systemProp.https.proxyHost=fodev.org
systemProp.https.proxyPort=8118
systemProp.https.nonProxyHosts=*.jitpack.io, *.maven.org
like image 2
Timbo Avatar answered Nov 04 '22 07:11

Timbo