HTTPS reproducibly fails in JDK11 + 12

[stefan-reich]

Hi, this is weird... I serve HTTPS with NanoHTTPD. When I upgrade to JDK 11 or higher, some pages fail to deliver and there are SSL protocol errors with some clients (Chrome, Firefox, but not wget). Also, the problem only happens with certain content (serving images that are above a certain size). It's all fine with small images.

I hear there are changes in the SSL area with JDK 11.

Anyone have any idea what I can do?

[stefan-reich]

I filed the following as a bug report to Oracle.

---

Please try this program (designed for 64 Bit Linux): http://botcompany.de:8081/ssl-bugreport.tgz

There are 3 scripts (jdk10-ok, jdk11-broken, jdk12-broken) to show the broken/working behavior with the respective JDK versions.

The program always sets up a web server at https://localhost:1443 which is supposed to serve a single image. Then it loads the image itself which always works. Also, some clients are able to connect (e.g. wget).

However, when you open https://localhost:1443 in Chrome or Firefox (accepting the obvious certificate warning), you get various SSL-related errors (ERR_SSL_PROTOCOL_ERROR in Chrome, SSL_ERROR_RX_RECORD_TOO_LONG in Firefox).

This error occurs only with JDK 11 and JDK 12, not with JDK 10.

I hear SSL implementations have changed in JDK 11, but this bug does not logically seem to follow from that. There are no Java exceptions and apparently no cipher mismatches, but instead a different kind of SSL protocol error.

Note: I tried to remove my helper library x30.jar (which doesn't do much here) from the program, but wasn't able to do so in short time and decided to just push out the bug report instead. The basic sources for x30.jar are here: http://code.botcompany.de:8081/tb-int/get-transpiled.php?id=1001638&raw=1

Please advise, this is very important, as I currently cannot use JDK 11+ as a web server because of this bug.

[stefan-reich]

Oracle has confirmed that this is a bug. It is fixed in Java 13.