TechQA.

BouncyCastle ALPN broken when running with JDK 11 code compiled with JDK 8

355 views Asked by At

I setup my jdk provider by Security.addProvider(new BouncyCastleFipsProvider()).

Set it in the Grpc client by:

SslContextBuilder sslContextBuilder = SslContextBuilder.forClient()
                    .sslProvider(SslProvider.JDK)
                    .applicationProtocolConfig(new ApplicationProtocolConfig(
                            ApplicationProtocolConfig.Protocol.ALPN, 
                            ApplicationProtocolConfig.SelectorFailureBehavior.NO_ADVERTISE,
                            ApplicationProtocolConfig.SelectedListenerFailureBehavior.ACCEPT,
                            Collections.singletonList("h2")));

When trying to establish the connection, After successful ssl handshake I get:

UNAVAILABLE: Failed ALPN negotiation: Unable to find compatible protocol Channel Pipeline: [SslHandler#0, ProtocolNegotiators$ClientTlsHandler#0, WriteBufferingAndExceptionHandler#0, DefaultChannelPipeline$TailContext#0]

I'm using grpc 1.44 version + bc-fips.jar 1.0.2 version.

Running my app by java 11.0.15 compiled by jdk1.8.0_291.jdk. It looks like BouncyCastleFipsProvider, by its SSLParamertesUtil class, somehow remove the "h2" from the suggested application protocols list. increasing grpc version to 1.46 didn't help.

Any suggestions please? Thanks.

reflection bouncycastle grpc-java fips alpn
Original Q&A
0

There are 0 answers

Related Questions in REFLECTION

Related Questions in BOUNCYCASTLE

Related Questions in GRPC-JAVA

Related Questions in FIPS

Related Questions in ALPN

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Trending Questions