Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

javax.net.ssl.SSLProtocolException with openjdk11 on Travis #85

Open
Horcrux7 opened this issue Sep 29, 2018 · 11 comments
Open

javax.net.ssl.SSLProtocolException with openjdk11 on Travis #85

Horcrux7 opened this issue Sep 29, 2018 · 11 comments
Labels
hacktoberfest

Comments

@Horcrux7
Copy link

I receive a javax.net.ssl.SSLProtocolException: Connection reset by peer (Write failed) with Java 11 and also with Java 12-ea. It look like that Java 11 and newer can not communicate with your server. Here is the output from Gradle

> Task :coveralls FAILED
service name: travis-ci
service job id: 435042066
repo token: null
FAILURE: Build failed with an exception.
* What went wrong:
Execution failed for task ':coveralls'.
> javax.net.ssl.SSLProtocolException: Connection reset by peer (Write failed)

see at https://travis-ci.org/i-net-software/jlessc/jobs/435042066

Any Idea how can solve this?
@Horcrux7
Copy link
Author

Disabling the TLS 1.3 protocol with:

-Djdk.tls.client.protocols="TLSv1,TLSv1.1,TLSv1.2"

solved the problem.

@lkrnac
Copy link

lkrnac commented Nov 29, 2018

No luck with ./gradlew -Djdk.tls.client.protocols="TLSv1,TLSv1.1,TLSv1.2".

Also adding systemProp.jdk.tls.client.protocols="TLSv1,TLSv1.1,TLSv1.2" to gradle.properties didn't help.

Versions:

------------------------------------------------------------
Gradle 5.0
------------------------------------------------------------

Build time:   2018-11-26 11:48:43 UTC
Revision:     7fc6e5abf2fc5fe0824aec8a0f5462664dbcd987

Kotlin DSL:   1.0.4
Kotlin:       1.3.10
Groovy:       2.5.4
Ant:          Apache Ant(TM) version 1.9.13 compiled on July 10 2018
JVM:          11 (Oracle Corporation 11+24-Ubuntu-118.04)
OS:           Linux 4.15.0-39-lowlatency amd64

@Horcrux7
Copy link
Author

Horcrux7 commented Nov 29, 2018
edited

Yes, the hack does not work anymore. Today it is failing with Java 11 and Java 12.

@apulbere
Copy link

apulbere commented Jan 13, 2019
edited

I had a similar issue
javax.net.ssl.SSLException: Received fatal alert: record_overflow
but after adding systemProp.jdk.tls.client.protocols="TLSv1,TLSv1.1,TLSv1.2" to gradle.properties as @lkrnac said, the issue disappeared

I'm using OpenJDK-11, gradle 5, junit 5

@manastalukdar manastalukdar mentioned this issue Jan 21, 2019
Closed
@fzdy1914 fzdy1914 mentioned this issue Jan 29, 2019
Closed
fzdy1914 added a commit to fzdy1914/NUS-CS2103-Inventory-Manager that referenced this issue Feb 20, 2019
@fzdy1914
disable TLS v1.3 protocol
64df61b 
We use Gradle coverall plugin to send the data generated by coverage
plugin to coverall.io, so our user can view the coverage report online.

However, the TLSv1.3 protocol used by JDK 11 is not supported by the
coverall.io, actually it gives the error bellow:

javax.net.ssl.SSLProtocolException: Connection reset by peer (Write failed)

Let’s disable TLSv1.3 protocol by restricting the scope of protocols in
gradle.properties.[1]

[1]kt3k/coveralls-gradle-plugin#85
fzdy1914 added a commit to fzdy1914/NUS-CS2103-Inventory-Manager that referenced this issue Feb 28, 2019
@fzdy1914
disable TLS v1.3 protocol
9a89629 
We use Gradle coverall plugin to send the data generated by coverage
plugin to coverall.io, so our user can view the coverage report online.

However, the TLSv1.3 protocol used by JDK 11 is not supported by the
coverall.io, actually it gives the error bellow:

javax.net.ssl.SSLProtocolException: Connection reset by peer (Write failed)

Let’s disable TLSv1.3 protocol by restricting the scope of protocols in
gradle.properties.[1]

[1]kt3k/coveralls-gradle-plugin#85
fzdy1914 added a commit to fzdy1914/NUS-CS2103-Inventory-Manager that referenced this issue Mar 1, 2019
@fzdy1914
disable TLS v1.3 protocol
ffe9194 
We use Gradle coverall plugin to send the data generated by coverage
plugin to coverall.io, so our user can view the coverage report online.

However, the TLSv1.3 protocol used by JDK 11 is not supported by the
coverall.io, actually it gives the error bellow:

javax.net.ssl.SSLProtocolException: Connection reset by peer (Write failed)

Let’s disable TLSv1.3 protocol by restricting the scope of protocols in
gradle.properties.[1]

[1]kt3k/coveralls-gradle-plugin#85
fzdy1914 added a commit to fzdy1914/NUS-CS2103-Inventory-Manager that referenced this issue Mar 4, 2019
@fzdy1914
disable TLS v1.3 protocol
7a190cb 
We use Gradle coverall plugin to send the data generated by coverage
plugin to coverall.io, so our user can view the coverage report online.

However, the TLSv1.3 protocol used by JDK 11 is not supported by the
coverall.io, actually it gives the error bellow:

javax.net.ssl.SSLProtocolException: Connection reset by peer (Write failed)

Let’s disable TLSv1.3 protocol by restricting the scope of protocols in
gradle.properties.[1]

[1]kt3k/coveralls-gradle-plugin#85
fzdy1914 added a commit to fzdy1914/NUS-CS2103-Inventory-Manager that referenced this issue Mar 5, 2019
@fzdy1914
disable TLS v1.3 protocol
21c761e 
We use Gradle coverall plugin to send the data generated by coverage
plugin to coverall.io, so our user can view the coverage report online.

However, the TLSv1.3 protocol used by JDK 11 is not supported by the
coverall.io, actually it gives the error bellow:

javax.net.ssl.SSLProtocolException: Connection reset by peer (Write failed)

Let’s disable TLSv1.3 protocol by restricting the scope of protocols in
gradle.properties.[1]

[1]kt3k/coveralls-gradle-plugin#85
fzdy1914 added a commit to fzdy1914/NUS-CS2103-Inventory-Manager that referenced this issue Mar 12, 2019
@fzdy1914
disable TLS v1.3 protocol
faadd3b 
We use Gradle coverall plugin to send the data generated by coverage
plugin to coverall.io, so our user can view the coverage report online.

However, the TLSv1.3 protocol used by JDK 11 is not supported by the
coverall.io, actually it gives the error bellow:

javax.net.ssl.SSLProtocolException: Connection reset by peer (Write failed)

Let’s disable TLSv1.3 protocol by restricting the scope of protocols in
gradle.properties.[1]

[1]kt3k/coveralls-gradle-plugin#85
fzdy1914 added a commit to fzdy1914/NUS-CS2103-Inventory-Manager that referenced this issue Mar 14, 2019
@fzdy1914
disable TLS v1.3 protocol
469aa31 
We use Gradle coverall plugin to send the data generated by coverage
plugin to coverall.io, so our user can view the coverage report online.

However, the TLSv1.3 protocol used by JDK 11 is not supported by the
coverall.io, actually it gives the error bellow:

javax.net.ssl.SSLProtocolException: Connection reset by peer (Write failed)

Let’s disable TLSv1.3 protocol by restricting the scope of protocols in
gradle.properties.[1]

[1]kt3k/coveralls-gradle-plugin#85
fzdy1914 added a commit to fzdy1914/NUS-CS2103-Inventory-Manager that referenced this issue Mar 14, 2019
@fzdy1914
disable TLS v1.3 protocol
227330a 
We use Gradle coverall plugin to send the data generated by coverage
plugin to coverall.io, so our user can view the coverage report online.

However, the TLSv1.3 protocol used by JDK 11 is not supported by the
coverall.io, actually it gives the error bellow:

javax.net.ssl.SSLProtocolException: Connection reset by peer (Write failed)

Let’s disable TLSv1.3 protocol by restricting the scope of protocols in
gradle.properties.[1]

[1]kt3k/coveralls-gradle-plugin#85
fzdy1914 added a commit to fzdy1914/NUS-CS2103-Inventory-Manager that referenced this issue Mar 16, 2019
@fzdy1914
disable TLS v1.3 protocol
ff7d20e 
We use Gradle coverall plugin to send the data generated by coverage
plugin to coverall.io, so our user can view the coverage report online.

However, the TLSv1.3 protocol used by JDK 11 is not supported by the
coverall.io, actually it gives the error bellow:

javax.net.ssl.SSLProtocolException: Connection reset by peer (Write failed)

Let’s disable TLSv1.3 protocol by restricting the scope of protocols in
gradle.properties.[1]

[1]kt3k/coveralls-gradle-plugin#85
fzdy1914 added a commit to fzdy1914/NUS-CS2103-Inventory-Manager that referenced this issue Mar 16, 2019
@fzdy1914
disable TLS v1.3 protocol
0675280 
We use Gradle coverall plugin to send the data generated by coverage
plugin to coverall.io, so our user can view the coverage report online.

However, the TLSv1.3 protocol used by JDK 11 is not supported by the
coverall.io, actually it gives the error bellow:

javax.net.ssl.SSLProtocolException: Connection reset by peer (Write failed)

Let’s disable TLSv1.3 protocol by restricting the scope of protocols in
gradle.properties.[1]

[1]kt3k/coveralls-gradle-plugin#85
fzdy1914 added a commit to fzdy1914/NUS-CS2103-Inventory-Manager that referenced this issue Mar 16, 2019
@fzdy1914
disable TLS v1.3 protocol
18d0cab 
We use Gradle coverall plugin to send the data generated by coverage
plugin to coverall.io, so our user can view the coverage report online.

However, the TLSv1.3 protocol used by JDK 11 is not supported by the
coverall.io, actually it gives the error bellow:

javax.net.ssl.SSLProtocolException: Connection reset by peer (Write failed)

Let’s disable TLSv1.3 protocol by restricting the scope of protocols in
gradle.properties.[1]

[1]kt3k/coveralls-gradle-plugin#85
fzdy1914 added a commit to fzdy1914/NUS-CS2103-Inventory-Manager that referenced this issue Mar 18, 2019
@fzdy1914
Upgrade to JDK 11
d47a1b7 
We currently advertise that we support "JDK 8". However, the public
updates of Java SE 8 for personal users will end soon [1].

JDK 11 is the next Long-Term-Support (LTS) release after JDK 8 [1].
It is better for us to keep updated with the latest release of JDK.

Let's update our target JDK to version 11, with the following steps:

  * We use openjfx-monocle version jdk-11+26 since that is the latest
      version of openjfx-monocle that supports JDK 11 [2].

  * We bump the target and source compatibility of Gradle to JDK11.

  * We update Travis and AppVoyer configs to use JDK11 as runtime
      environment.

  * We remove the add-on in Travis config because it is redundant for
      JDK 11 [3].

  * We make it clear in the User Guide / Developer Guide that we only
      support JDK 11 (not JDK 8, 9, 10).

[1]  https://www.oracle.com/technetwork/java/java-se-support-roadmap.html
[2]  https://github.com/TestFX/Monocle
[3]  https://www.deps.co/guides/travis-ci-latest-java/ (+6 squashed commit)

Squashed commit:

[b47edc6] build.gradle: remove 'prism.order' property for headless task.

For headless test task, 'prism.order' property is used to choose the
graph renderer to use. Currently, we specify this property to be 'sw'.

However, this property seems to trigger some unknown bug with
JDK11. This property will cause Java Runtime Error for Windows OS
including AppVoyer:

    # A fatal error has been detected by the Java Runtime Environment:
    #
    #  EXCEPTION_ACCESS_VIOLATION (0xc0000005) at pc=0x00007ffd95b64879, pid=1476, tid=2640
    #
    # JRE version: OpenJDK Runtime Environment (11.0.1+13) (build 11.0.1+13)
    # Java VM: OpenJDK 64-Bit Server VM (11.0.1+13, mixed mode, tiered, compressed oops, g1 gc, windows-amd64)
    # Problematic frame:
    # C  [javafx_font.dll+0x4879]

It is more like a JDK 11 bug with 'sw' renderer. Meanwhile, it is not so
necessary to set this property. It is acceptable to use
platform-specified graph renderer to do the test. Let’s remove this
property to solve the problem.

[c8d0e8c] build.gradle: add javafx runtime dependency for other platforms

We have added the platform specific javafx runtime dependency, so the
addressbook is able to run locally.

However, the jar file generated on one OS cannot run on other OS. The
reason is that, java SE cannot initialize the graph render correctly
without corresponding javafx dependency for the other OS.

Let’s add the javafx runtime dependency for all platforms (MacOS,
Window, Linux) so the jar file generated on one OS is able to run in
other OS [1].

The order of dependency is important because it effects the way Gradle
group dependency tree.

[1]https://stackoverflow.com/questions/52653836/maven-shade-javafx-runtime-components-are-missing/52654791#52654791

[9f7b7be] change the entry point of addressbook

After we add the javafx runtime dependency, addressbook is still unable
to run in a jdk11 environment. It gives an error of below:

    Error: JavaFX runtime components are missing, and are required to run this application

This error comes from sun.launcher.LauncherHelper in the java.base
module. The reason for this is that the Main app extends Application
and has a main method. If that is the case, the LauncherHelper will check
for the javafx.graphics module to be present as a named module. If that
module is not present, the launch is aborted. Hence, having the JavaFX
libraries as jars on the classpath is not allowed in this case. [1]

This is more like a JDK 11 problem which cannot be solved elegantly.
One simple workaround is to have a separate main class that doesn't
extend Application. Hence it doesn't do the check on javafx.graphics
module, and when the required jars are on the classpath, it works fine.

Let’s add another main class to be the new entry point of addressbook
to solve this problem.

[1] http://mail.openjdk.java.net/pipermail/openjfx-dev/2018-June/021977.html

[3cb5cbb] build.gradle: add javafx runtime dependency

JavaFX is not distributed with Oracle JDK any more from JDK11 onwards [1].
Our code uses javafx as our client platform. So it is unable to be compiled
in JDK11 anymore.

As we are moving to JDK11, let’s add javafx runtime dependency to gradle.

Meanwhile, the dependency provided are platform specific. Let’s use the
SystemUtils api provided by Apache [2] to specify the version of javafx
dependency.

[1]https://blogs.oracle.com/java-platform-group/the-future-of-javafx-and-other-java-client-roadmap-updates
[2]http://commons.apache.org/proper/commons-lang/javadocs/api-release/index.html

[18d0cab] disable TLS v1.3 protocol

We use Gradle coverall plugin to send the data generated by coverage
plugin to coverall.io, so our user can view the coverage report online.

However, the TLSv1.3 protocol used by JDK 11 is not supported by the
coverall.io, actually it gives the error bellow:

javax.net.ssl.SSLProtocolException: Connection reset by peer (Write failed)

Let’s disable TLSv1.3 protocol by restricting the scope of protocols in
gradle.properties.[1]

[1]kt3k/coveralls-gradle-plugin#85

[f0ded52] build.gradle: fix checkstyle plugin failure

The `checkstyle` plugin of Gradle fails in JDK11 and gives the error
below:

    Unable to create Root Module: config ...

The main reason is that, in JDK11, the `user.dir` cannot be reset by
Gradle [1]. So, checkstyle plugin is unable to locate the suppressions
file correctly.

Let's add ` config_loc` variable suggested by Gradle to solve the
problem [1].

[1] gradle/gradle#8286
@fzdy1914
Copy link

@kt3k
Hi, are you willing to continue maintaining this project?

@kt3k
Copy link
Owner

kt3k commented Mar 24, 2019

@fzdy1914
Actually I want to give this project to someone who can maintain. If you're willing to take over, you're welcome.

@fzdy1914
Copy link

Actually I want to give this project to someone who can maintain. If you're willing to take over, you're welcome.

I am willing to maintain it, but I am not sure how the grade plugin works and how to test it.

@fzdy1914
Copy link

fzdy1914 commented Mar 24, 2019
edited

The underline problem of this issue is that the HTTPBuilder dependency used in the project is outdated and will throw an Exception when using TSL v1.3. a bug in JDK11's TLS v1.3 implementation causes it to send invalid data to coveralls.io [See here].

One workaround is to set the property of this plugin as below:

saveAsFile = true
sendToCoveralls = false

and add

after_success:
  - curl -F 'json_file=@build/coveralls/report.json' 'https://coveralls.io/api/v1/jobs'

to .travis.yml

@fzdy1914 fzdy1914 mentioned this issue Apr 24, 2019
Merged
Ondkloss added a commit to Ondkloss/java-netsgiro that referenced this issue May 15, 2019
@Ondkloss
Attempted fix for openjdk11 and coveralls-gradle-plugin shortcoming w…
83731d2 
…ith TLS 1.3.

For details see: kt3k/coveralls-gradle-plugin#85
@Ondkloss
Copy link

Any version with a fix in sight for this issue? Had success with the gradle.properties workaround, but seems less than ideal.

@kt3k kt3k mentioned this issue May 26, 2019
Closed
@Usha3012
Copy link

Usha3012 commented Aug 1, 2019

Always try to use openJDK with any of the jdk-stretch versions . It adjusts the compatibility accordingly .

thomasvolk pushed a commit to thomasvolk/worm that referenced this issue Aug 6, 2019
disabling TSL 1.3 kt3k/coveralls-gradle-plugin#85
efca494
tscz added a commit to tscz/jalp-springboot that referenced this issue Aug 19, 2019
@tscz
Workaround for Coveralls issue
606ed9a 
kt3k/coveralls-gradle-plugin#85
tscz added a commit to tscz/jalp-springboot that referenced this issue Aug 19, 2019
@tscz
Workaround for Coveralls issue
5a29629 
kt3k/coveralls-gradle-plugin#85
tscz added a commit to tscz/jalp-springboot that referenced this issue Aug 19, 2019
@tscz
Workaround for Coveralls issue
2eaad18 
kt3k/coveralls-gradle-plugin#85
tscz added a commit to tscz/jalp-springboot that referenced this issue Aug 19, 2019
@tscz
Workaround for Coveralls issue
e0bd3eb 
kt3k/coveralls-gradle-plugin#85
tscz added a commit to tscz/jalp-springboot that referenced this issue Aug 19, 2019
@tscz
Workaround for Coveralls issue
7519d3c 
kt3k/coveralls-gradle-plugin#85
tibagni added a commit to tibagni/LogViewer that referenced this issue Sep 2, 2019
@tibagni
Workaround for coveralls plugin - For details see: kt3k/coveralls-gra…
1a2c018 
…dle-plugin#85
cjstehno added a commit to cjstehno/ersatz that referenced this issue Dec 7, 2019
@cjstehno
trying to get coveralls to work with issue - kt3k/coveralls-gradle-pl…
1a09b7b 
…ugin#85
fieldju added a commit to Nike-Inc/cerberus that referenced this issue Dec 18, 2019
@fieldju
chore: tweak coveralls set up as per: kt3k/coveralls-gradle-plugin#85
12ffc82
fieldju added a commit to Nike-Inc/cerberus that referenced this issue Dec 19, 2019
@fieldju
Phoenix/configure travis (#224)
a6640bf 
* chore(build): Configure Travis

* chore: spotless apply

* chore: fix spotbugs

* chore: tweak coveralls set up as per: kt3k/coveralls-gradle-plugin#85
aaschmid added a commit to TNG/junit-dataprovider that referenced this issue Jan 3, 2020
@aaschmid
disable TLS v1.3 protocol for coveralls upload
b564a4a 
The TLSv1.3 protocol used by JDK 11 is not supported by the coverall.io,
instead it throws and `javax.net.ssl.SSLProtocolException: Connection
reset by peer (Write failed)`, see also
kt3k/coveralls-gradle-plugin#85
aaschmid added a commit to TNG/junit-dataprovider that referenced this issue Jan 3, 2020
@aaschmid
disable TLS v1.3 protocol for coveralls upload
a9c12e4 
The TLSv1.3 protocol used by JDK 11 is not supported by the coverall.io,
instead it throws and `javax.net.ssl.SSLProtocolException: Connection
reset by peer (Write failed)`, see also
kt3k/coveralls-gradle-plugin#85
aaschmid added a commit to TNG/junit-dataprovider that referenced this issue Jan 3, 2020
@aaschmid
disable TLS v1.3 protocol because of coveralls upload
6545945 
The TLSv1.3 protocol used by JDK 11 is not supported by the coverall.io,
instead it throws and `javax.net.ssl.SSLProtocolException: Connection
reset by peer (Write failed)`, see also
kt3k/coveralls-gradle-plugin#85
aaschmid added a commit to TNG/junit-dataprovider that referenced this issue Jan 3, 2020
@aaschmid
disable TLS v1.3 protocol because of coveralls upload
b5f0a99 
The TLSv1.3 protocol used by JDK 11 is not supported by the coverall.io,
instead it throws and `javax.net.ssl.SSLProtocolException: Connection
reset by peer (Write failed)`, see also
kt3k/coveralls-gradle-plugin#85
aaschmid added a commit to TNG/junit-dataprovider that referenced this issue Jan 3, 2020
@aaschmid
disable TLS v1.3 protocol because of coveralls upload
4e11384 
The TLSv1.3 protocol used by JDK 11 is not supported by the coverall.io,
instead it throws and `javax.net.ssl.SSLProtocolException: Connection
reset by peer (Write failed)`, see also
kt3k/coveralls-gradle-plugin#85
tscz added a commit to tscz/spring-boot-platform that referenced this issue Jan 13, 2020
@tscz
Workaround for Coveralls issue
9b24044 
kt3k/coveralls-gradle-plugin#85
tscz added a commit to tscz/spring-boot-platform that referenced this issue Jan 13, 2020
@tscz
Workaround for Coveralls issue
a1da7ee 
kt3k/coveralls-gradle-plugin#85
ancho added a commit to ancho/jbake that referenced this issue Apr 12, 2020
@ancho
fix coveralls job with workaround. see kt3k/coveralls-gradle-plugin#85
7ec8761
ancho added a commit to ancho/jbake that referenced this issue Apr 12, 2020
@ancho
add coveralls job to the quality check stage
6522cad 
- drop oraclejdk 8
- configure test logging
- cleanup travis config
- fix coveralls job with workaround
  see kt3k/coveralls-gradle-plugin#85
hufman added a commit to BimmerGestalt/AAIdrive that referenced this issue Jun 7, 2020
@hufman
Builds with older OpenJDK to workaround Coveralls upload bug with TLS1.3
dbd0825 
See kt3k/coveralls-gradle-plugin#85
hufman added a commit to BimmerGestalt/AAIdrive that referenced this issue Jun 7, 2020
@hufman
Builds with older OpenJDK to workaround Coveralls upload bug with TLS1.3
438231c 
See kt3k/coveralls-gradle-plugin#85
M4eqP pushed a commit to cf-control/cf-control that referenced this issue Jul 1, 2020
Fix coverage reporting...
7910f8b 
Seems the gradle plugin cannot report the coverage on Java 11. Some TLS issue, apparently because TLS 1.3 is not supported by coveralls?!
See kt3k/coveralls-gradle-plugin#85 for more information.

Seriously, this is quite ridiculous...
@hurricup
Copy link
Contributor

hurricup commented Jul 8, 2020

Github Actions + Java 13 solved this

@ber01 ber01 mentioned this issue Oct 7, 2020
Closed
pascalpoizat added a commit to romainvacheret/wadge-backend that referenced this issue Nov 24, 2020
@pascalpoizat
workarounds from kt3k/coveralls-gradle-plugin#85
70ffe70
testinfected added a commit to testinfected/molecule that referenced this issue Dec 15, 2020
@testinfected
Workaround issue with coveralls gradle plugin
32b2ac1 
See kt3k/coveralls-gradle-plugin#85.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
hacktoberfest
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
8 participants
@Horcrux7 @Ondkloss @kt3k @hurricup @lkrnac @apulbere @Usha3012 @fzdy1914