SSL Handshake problem when running as jar but not in ide

959 views Asked by At

I have a Java 16 program that tries to connect to an email server. It works fine when run through the Eclipse IDE. Here is the debugging log for the successful connection request and response (sorry it's so long - I wasn't sure which bits are the most relevant, so I put a lot in):

javax.net.ssl|DEBUG|14|AWT-EventQueue-0|2021-07-02 12:18:41.444 BST|SSLContextImpl.java:993|keyStore is : 
javax.net.ssl|DEBUG|14|AWT-EventQueue-0|2021-07-02 12:18:41.444 BST|SSLContextImpl.java:994|keyStore type is : pkcs12
javax.net.ssl|DEBUG|14|AWT-EventQueue-0|2021-07-02 12:18:41.444 BST|SSLContextImpl.java:996|keyStore provider is : 
javax.net.ssl|ALL|14|AWT-EventQueue-0|2021-07-02 12:18:41.444 BST|SSLContextImpl.java:1031|init keystore
javax.net.ssl|DEBUG|14|AWT-EventQueue-0|2021-07-02 12:18:41.444 BST|SSLContextImpl.java:1054|init keymanager of type SunX509
javax.net.ssl|ALL|14|AWT-EventQueue-0|2021-07-02 12:18:41.445 BST|SSLContextImpl.java:115|trigger seeding of SecureRandom
javax.net.ssl|ALL|14|AWT-EventQueue-0|2021-07-02 12:18:41.446 BST|SSLContextImpl.java:119|done seeding of SecureRandom
javax.net.ssl|DEBUG|14|AWT-EventQueue-0|2021-07-02 12:18:41.459 BST|SSLConfiguration.java:458|System property jdk.tls.client.SignatureSchemes is set to 'null'
javax.net.ssl|DEBUG|14|AWT-EventQueue-0|2021-07-02 12:18:41.498 BST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_AES_256_GCM_SHA384 for TLS12
javax.net.ssl|DEBUG|14|AWT-EventQueue-0|2021-07-02 12:18:41.498 BST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_AES_128_GCM_SHA256 for TLS12
javax.net.ssl|DEBUG|14|AWT-EventQueue-0|2021-07-02 12:18:41.499 BST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_CHACHA20_POLY1305_SHA256 for TLS12
javax.net.ssl|ALL|14|AWT-EventQueue-0|2021-07-02 12:18:41.523 BST|SignatureScheme.java:384|Ignore unsupported signature scheme: ecdsa_sha224
javax.net.ssl|ALL|14|AWT-EventQueue-0|2021-07-02 12:18:41.523 BST|SignatureScheme.java:384|Ignore unsupported signature scheme: rsa_sha224
javax.net.ssl|ALL|14|AWT-EventQueue-0|2021-07-02 12:18:41.524 BST|SignatureScheme.java:384|Ignore unsupported signature scheme: dsa_sha224
javax.net.ssl|ALL|14|AWT-EventQueue-0|2021-07-02 12:18:41.524 BST|SignatureScheme.java:403|Ignore disabled signature scheme: rsa_md5
javax.net.ssl|INFO|14|AWT-EventQueue-0|2021-07-02 12:18:41.525 BST|AlpnExtension.java:182|No available application protocols
javax.net.ssl|DEBUG|14|AWT-EventQueue-0|2021-07-02 12:18:41.525 BST|SSLExtensions.java:260|Ignore, context unavailable extension: application_layer_protocol_negotiation
javax.net.ssl|DEBUG|14|AWT-EventQueue-0|2021-07-02 12:18:41.525 BST|SessionTicketExtension.java:408|Stateless resumption supported
javax.net.ssl|DEBUG|14|AWT-EventQueue-0|2021-07-02 12:18:41.526 BST|SSLExtensions.java:260|Ignore, context unavailable extension: cookie
javax.net.ssl|DEBUG|14|AWT-EventQueue-0|2021-07-02 12:18:41.553 BST|SSLExtensions.java:260|Ignore, context unavailable extension: renegotiation_info
javax.net.ssl|DEBUG|14|AWT-EventQueue-0|2021-07-02 12:18:41.553 BST|PreSharedKeyExtension.java:660|No session to resume.
javax.net.ssl|DEBUG|14|AWT-EventQueue-0|2021-07-02 12:18:41.553 BST|SSLExtensions.java:260|Ignore, context unavailable extension: pre_shared_key
javax.net.ssl|DEBUG|14|AWT-EventQueue-0|2021-07-02 12:18:41.556 BST|ClientHello.java:652|Produced ClientHello handshake message (
"ClientHello": {
  "client version"      : "TLSv1.2",
  "random"              : "BC A3 A0 8E BC F8 48 BC BF C2 7A D2 2F 8E E4 C4 DC 4C FD B5 3F 3B 40 28 7B B3 31 4D C7 BB 8A 02",
  "session id"          : "09 49 2A 76 C5 48 AC FA 60 C1 D9 3F C8 BB C3 84 AD C1 6E EA 0A B9 AC C9 B2 E7 81 BF CD 7E C3 A8",
  "cipher suites"       : "[TLS_AES_256_GCM_SHA384(0x1302), TLS_AES_128_GCM_SHA256(0x1301), TLS_CHACHA20_POLY1305_SHA256(0x1303), TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384(0xC02C), TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256(0xC02B), TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256(0xCCA9), TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384(0xC030), TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256(0xCCA8), TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256(0xC02F), TLS_DHE_RSA_WITH_AES_256_GCM_SHA384(0x009F), TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256(0xCCAA), TLS_DHE_DSS_WITH_AES_256_GCM_SHA384(0x00A3), TLS_DHE_RSA_WITH_AES_128_GCM_SHA256(0x009E), TLS_DHE_DSS_WITH_AES_128_GCM_SHA256(0x00A2), TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384(0xC024), TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384(0xC028), TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256(0xC023), TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256(0xC027), TLS_DHE_RSA_WITH_AES_256_CBC_SHA256(0x006B), TLS_DHE_DSS_WITH_AES_256_CBC_SHA256(0x006A), TLS_DHE_RSA_WITH_AES_128_CBC_SHA256(0x0067), TLS_DHE_DSS_WITH_AES_128_CBC_SHA256(0x0040), TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384(0xC02E), TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384(0xC032), TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256(0xC02D), TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256(0xC031), TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384(0xC026), TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384(0xC02A), TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256(0xC025), TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256(0xC029), TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA(0xC00A), TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA(0xC014), TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA(0xC009), TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA(0xC013), TLS_DHE_RSA_WITH_AES_256_CBC_SHA(0x0039), TLS_DHE_DSS_WITH_AES_256_CBC_SHA(0x0038), TLS_DHE_RSA_WITH_AES_128_CBC_SHA(0x0033), TLS_DHE_DSS_WITH_AES_128_CBC_SHA(0x0032), TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA(0xC005), TLS_ECDH_RSA_WITH_AES_256_CBC_SHA(0xC00F), TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA(0xC004), TLS_ECDH_RSA_WITH_AES_128_CBC_SHA(0xC00E), TLS_RSA_WITH_AES_256_GCM_SHA384(0x009D), TLS_RSA_WITH_AES_128_GCM_SHA256(0x009C), TLS_RSA_WITH_AES_256_CBC_SHA256(0x003D), TLS_RSA_WITH_AES_128_CBC_SHA256(0x003C), TLS_RSA_WITH_AES_256_CBC_SHA(0x0035), TLS_RSA_WITH_AES_128_CBC_SHA(0x002F), TLS_EMPTY_RENEGOTIATION_INFO_SCSV(0x00FF)]",
  "compression methods" : "00",
  "extensions"          : [
    "server_name (0)": {
      type=host_name (0), value=smtp.gmail.com
    },
    "status_request (5)": {
      "certificate status type": ocsp
      "OCSP status request": {
        "responder_id": <empty>
        "request extensions": {
          <empty>
        }
      }
    },
    "supported_groups (10)": {
      "versions": [x25519, secp256r1, secp384r1, secp521r1, x448, ffdhe2048, ffdhe3072, ffdhe4096, ffdhe6144, ffdhe8192]
    },
    "ec_point_formats (11)": {
      "formats": [uncompressed]
    },
    "signature_algorithms (13)": {
      "signature schemes": [ecdsa_secp256r1_sha256, ecdsa_secp384r1_sha384, ecdsa_secp521r1_sha512, ed25519, ed448, rsa_pss_rsae_sha256, rsa_pss_rsae_sha384, rsa_pss_rsae_sha512, rsa_pss_pss_sha256, rsa_pss_pss_sha384, rsa_pss_pss_sha512, rsa_pkcs1_sha256, rsa_pkcs1_sha384, rsa_pkcs1_sha512, dsa_sha256, ecdsa_sha1, rsa_pkcs1_sha1, dsa_sha1]
    },
    "signature_algorithms_cert (50)": {
      "signature schemes": [ecdsa_secp256r1_sha256, ecdsa_secp384r1_sha384, ecdsa_secp521r1_sha512, ed25519, ed448, rsa_pss_rsae_sha256, rsa_pss_rsae_sha384, rsa_pss_rsae_sha512, rsa_pss_pss_sha256, rsa_pss_pss_sha384, rsa_pss_pss_sha512, rsa_pkcs1_sha256, rsa_pkcs1_sha384, rsa_pkcs1_sha512, dsa_sha256, ecdsa_sha1, rsa_pkcs1_sha1, dsa_sha1]
    },
    "status_request_v2 (17)": {
      "cert status request": {
        "certificate status type": ocsp_multi
        "OCSP status request": {
          "responder_id": <empty>
          "request extensions": {
            <empty>
          }
        }
      }
    },
    "extended_master_secret (23)": {
      <empty>
    },
    "session_ticket (35)": {
      <empty>
    },
    "supported_versions (43)": {
      "versions": [TLSv1.3, TLSv1.2]
    },
    "psk_key_exchange_modes (45)": {
      "ke_modes": [psk_dhe_ke]
    },
    "key_share (51)": {
      "client_shares": [  
        {
          "named group": x25519
          "key_exchange": {
            0000: 7A 3C 93 18 7C ED 2A FC   90 37 1A 2A D0 0A 6F 8A  z<....*..7.*..o.

//...

          }
        },
        {
          "named group": secp256r1
          "key_exchange": {
            0000: 04 B6 13 13 2C 7D 07 94   24 66 36 80 CD 94 6E 38  ....,...$f6...n8

//...

          }
        },
      ]
    }
  ]
}
)
javax.net.ssl|DEBUG|14|AWT-EventQueue-0|2021-07-02 12:18:41.557 BST|SSLSocketOutputRecord.java:258|WRITE: TLS13 handshake, length = 470
javax.net.ssl|DEBUG|14|AWT-EventQueue-0|2021-07-02 12:18:41.558 BST|SSLSocketOutputRecord.java:272|Raw write (
  0000: 16 03 03 01 D6 01 00 01   D2 03 03 BC A3 A0 8E BC  ................
  0010: F8 48 BC BF C2 7A D2 2F   8E E4 C4 DC 4C FD B5 3F  .H...z./....L..?

//...

javax.net.ssl|DEBUG|14|AWT-EventQueue-0|2021-07-02 12:18:41.585 BST|SSLSocketInputRecord.java:488|Raw read (
  0000: 16 03 03 00 7A                                     ....z
)
javax.net.ssl|DEBUG|14|AWT-EventQueue-0|2021-07-02 12:18:41.585 BST|SSLSocketInputRecord.java:214|READ: TLSv1.2 handshake, length = 122
javax.net.ssl|DEBUG|14|AWT-EventQueue-0|2021-07-02 12:18:41.585 BST|SSLSocketInputRecord.java:488|Raw read (
  0000: 02 00 00 76 03 03 BD D0   35 48 00 D7 90 4F 79 14  ...v....5H...Oy.
  0010: C0 7A 59 54 48 03 BD 19   3D A3 39 15 7E 21 FE 89  .zYTH...=.9..!..

//...

javax.net.ssl|DEBUG|14|AWT-EventQueue-0|2021-07-02 12:18:41.586 BST|SSLSocketInputRecord.java:247|READ: TLSv1.2 handshake, length = 122
javax.net.ssl|DEBUG|14|AWT-EventQueue-0|2021-07-02 12:18:41.587 BST|ServerHello.java:891|Consuming ServerHello handshake message (
"ServerHello": {
  "server version"      : "TLSv1.2",
  "random"              : "BD D0 35 48 00 D7 90 4F 79 14 C0 7A 59 54 48 03 BD 19 3D A3 39 15 7E 21 FE 89 8B 09 BC 8F 3D 69",
  "session id"          : "09 49 2A 76 C5 48 AC FA 60 C1 D9 3F C8 BB C3 84 AD C1 6E EA 0A B9 AC C9 B2 E7 81 BF CD 7E C3 A8",
  "cipher suite"        : "TLS_AES_256_GCM_SHA384(0x1302)",
  "compression methods" : "00",
  "extensions"          : [
    "key_share (51)": {
      "server_share": {
        "named group": x25519
        "key_exchange": {
          0000: 35 B1 83 E8 C8 2C 54 62   73 44 4D 50 5A 78 A4 52  5....,TbsDMPZx.R
          0010: 9F B5 47 B6 C3 86 F8 16   59 1B FA E3 84 BD B7 6E  ..G.....Y......n
        }
      },
    },
    "supported_versions (43)": {
      "selected version": [TLSv1.3]
    }
  ]
}
)

When I bundle it up as an uberjar and try to run it, though, I get a handshake error. Here is the connection requst from the debug log:

javax.net.ssl|WARNING|14|AWT-EventQueue-0|2021-07-02 12:13:29.721 BST|SignatureScheme.java:296|Signature algorithm, Ed25519, is not supported by the underlying providers
javax.net.ssl|WARNING|14|AWT-EventQueue-0|2021-07-02 12:13:29.721 BST|SignatureScheme.java:296|Signature algorithm, Ed448, is not supported by the underlying providers
javax.net.ssl|DEBUG|14|AWT-EventQueue-0|2021-07-02 12:13:29.738 BST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_AES_256_GCM_SHA384 for TLS12
javax.net.ssl|DEBUG|14|AWT-EventQueue-0|2021-07-02 12:13:29.739 BST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_AES_128_GCM_SHA256 for TLS12
javax.net.ssl|DEBUG|14|AWT-EventQueue-0|2021-07-02 12:13:29.739 BST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_CHACHA20_POLY1305_SHA256 for TLS12
javax.net.ssl|ALL|14|AWT-EventQueue-0|2021-07-02 12:13:29.768 BST|SignatureScheme.java:384|Ignore unsupported signature scheme: ecdsa_secp256r1_sha256
javax.net.ssl|ALL|14|AWT-EventQueue-0|2021-07-02 12:13:29.769 BST|SignatureScheme.java:384|Ignore unsupported signature scheme: ecdsa_secp384r1_sha384
javax.net.ssl|ALL|14|AWT-EventQueue-0|2021-07-02 12:13:29.770 BST|SignatureScheme.java:384|Ignore unsupported signature scheme: ecdsa_secp521r1_sha512
javax.net.ssl|ALL|14|AWT-EventQueue-0|2021-07-02 12:13:29.770 BST|SignatureScheme.java:384|Ignore unsupported signature scheme: ed25519
javax.net.ssl|ALL|14|AWT-EventQueue-0|2021-07-02 12:13:29.771 BST|SignatureScheme.java:384|Ignore unsupported signature scheme: ed448
javax.net.ssl|ALL|14|AWT-EventQueue-0|2021-07-02 12:13:29.772 BST|SignatureScheme.java:384|Ignore unsupported signature scheme: ecdsa_sha224
javax.net.ssl|ALL|14|AWT-EventQueue-0|2021-07-02 12:13:29.773 BST|SignatureScheme.java:384|Ignore unsupported signature scheme: ecdsa_sha1
javax.net.ssl|ALL|14|AWT-EventQueue-0|2021-07-02 12:13:29.773 BST|SignatureScheme.java:403|Ignore disabled signature scheme: rsa_md5
javax.net.ssl|INFO|14|AWT-EventQueue-0|2021-07-02 12:13:29.774 BST|AlpnExtension.java:182|No available application protocols
javax.net.ssl|DEBUG|14|AWT-EventQueue-0|2021-07-02 12:13:29.774 BST|SSLExtensions.java:260|Ignore, context unavailable extension: application_layer_protocol_negotiation
javax.net.ssl|DEBUG|14|AWT-EventQueue-0|2021-07-02 12:13:29.775 BST|SessionTicketExtension.java:408|Stateless resumption supported
javax.net.ssl|DEBUG|14|AWT-EventQueue-0|2021-07-02 12:13:29.776 BST|SSLExtensions.java:260|Ignore, context unavailable extension: cookie
javax.net.ssl|DEBUG|14|AWT-EventQueue-0|2021-07-02 12:13:29.809 BST|SSLExtensions.java:260|Ignore, context unavailable extension: renegotiation_info
javax.net.ssl|DEBUG|14|AWT-EventQueue-0|2021-07-02 12:13:29.809 BST|PreSharedKeyExtension.java:660|No session to resume.
javax.net.ssl|DEBUG|14|AWT-EventQueue-0|2021-07-02 12:13:29.810 BST|SSLExtensions.java:260|Ignore, context unavailable extension: pre_shared_key
javax.net.ssl|DEBUG|14|AWT-EventQueue-0|2021-07-02 12:13:29.814 BST|ClientHello.java:652|Produced ClientHello handshake message (
"ClientHello": {
  "client version"      : "TLSv1.2",
  "random"              : "F2 B4 0D 78 73 2A 77 3D 96 F2 D4 E1 AD 46 FD 0C 74 E1 9B 28 64 9F 00 B1 68 D2 F5 2E 61 7E 2C B6",
  "session id"          : "FE AE 2B 03 8E 57 2B D1 7C 2D 91 07 E3 FE D8 32 09 79 6F 1C 3F F0 9C 58 95 F5 6A D0 72 02 68 B5",
  "cipher suites"       : "[TLS_AES_256_GCM_SHA384(0x1302), TLS_AES_128_GCM_SHA256(0x1301), TLS_CHACHA20_POLY1305_SHA256(0x1303), TLS_DHE_RSA_WITH_AES_256_GCM_SHA384(0x009F), TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256(0xCCAA), TLS_DHE_DSS_WITH_AES_256_GCM_SHA384(0x00A3), TLS_DHE_RSA_WITH_AES_128_GCM_SHA256(0x009E), TLS_DHE_DSS_WITH_AES_128_GCM_SHA256(0x00A2), TLS_DHE_RSA_WITH_AES_256_CBC_SHA256(0x006B), TLS_DHE_DSS_WITH_AES_256_CBC_SHA256(0x006A), TLS_DHE_RSA_WITH_AES_128_CBC_SHA256(0x0067), TLS_DHE_DSS_WITH_AES_128_CBC_SHA256(0x0040), TLS_DHE_RSA_WITH_AES_256_CBC_SHA(0x0039), TLS_DHE_DSS_WITH_AES_256_CBC_SHA(0x0038), TLS_DHE_RSA_WITH_AES_128_CBC_SHA(0x0033), TLS_DHE_DSS_WITH_AES_128_CBC_SHA(0x0032), TLS_RSA_WITH_AES_256_GCM_SHA384(0x009D), TLS_RSA_WITH_AES_128_GCM_SHA256(0x009C), TLS_RSA_WITH_AES_256_CBC_SHA256(0x003D), TLS_RSA_WITH_AES_128_CBC_SHA256(0x003C), TLS_RSA_WITH_AES_256_CBC_SHA(0x0035), TLS_RSA_WITH_AES_128_CBC_SHA(0x002F), TLS_EMPTY_RENEGOTIATION_INFO_SCSV(0x00FF)]",
  "compression methods" : "00",
  "extensions"          : [
    "server_name (0)": {
      type=host_name (0), value=smtp.gmail.com
    },
    "status_request (5)": {
      "certificate status type": ocsp
      "OCSP status request": {
        "responder_id": <empty>
        "request extensions": {
          <empty>
        }
      }
    },
    "supported_groups (10)": {
      "versions": [ffdhe2048, ffdhe3072, ffdhe4096, ffdhe6144, ffdhe8192]
    },
    "ec_point_formats (11)": {
      "formats": [uncompressed]
    },
    "signature_algorithms (13)": {
      "signature schemes": [rsa_pss_rsae_sha256, rsa_pss_rsae_sha384, rsa_pss_rsae_sha512, rsa_pss_pss_sha256, rsa_pss_pss_sha384, rsa_pss_pss_sha512, rsa_pkcs1_sha256, rsa_pkcs1_sha384, rsa_pkcs1_sha512, dsa_sha256, rsa_sha224, dsa_sha224, rsa_pkcs1_sha1, dsa_sha1]
    },
    "signature_algorithms_cert (50)": {
      "signature schemes": [rsa_pss_rsae_sha256, rsa_pss_rsae_sha384, rsa_pss_rsae_sha512, rsa_pss_pss_sha256, rsa_pss_pss_sha384, rsa_pss_pss_sha512, rsa_pkcs1_sha256, rsa_pkcs1_sha384, rsa_pkcs1_sha512, dsa_sha256, rsa_sha224, dsa_sha224, rsa_pkcs1_sha1, dsa_sha1]
    },
    "status_request_v2 (17)": {
      "cert status request": {
        "certificate status type": ocsp_multi
        "OCSP status request": {
          "responder_id": <empty>
          "request extensions": {
            <empty>
          }
        }
      }
    },
    "extended_master_secret (23)": {
      <empty>
    },
    "session_ticket (35)": {
      <empty>
    },
    "supported_versions (43)": {
      "versions": [TLSv1.3, TLSv1.2]
    },
    "psk_key_exchange_modes (45)": {
      "ke_modes": [psk_dhe_ke]
    },
    "key_share (51)": {
      "client_shares": [
        {
          "named group": ffdhe2048
          "key_exchange": {
            0000: E3 A6 7D AD 4D 3D A0 B6   4E 6F B1 13 9A 68 CC B5  ....M=..No...h..

//...

          }
        },
      ]
    }
  ]
}
)

And this is the error response:

javax.net.ssl|DEBUG|14|AWT-EventQueue-0|2021-07-02 12:13:29.841 BST|SSLSocketInputRecord.java:247|READ: TLSv1.2 alert, length = 2
javax.net.ssl|DEBUG|14|AWT-EventQueue-0|2021-07-02 12:13:29.843 BST|Alert.java:238|Received alert message (
"Alert": {
  "level"      : "fatal",
  "description": "handshake_failure"
}
)
javax.net.ssl|ERROR|14|AWT-EventQueue-0|2021-07-02 12:13:29.844 BST|TransportContext.java:361|Fatal (HANDSHAKE_FAILURE): Received fatal alert: handshake_failure (
"throwable" : {
  javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
        at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:131)
        at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:117)
        at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:356)
        at java.base/sun.security.ssl.Alert$AlertConsumer.consume(Alert.java:293)

I'm not sure how to read the logs (not much experience with SSL) but I can see that when it works in the IDE, the 'named group' that gets returned from the server is x25519. But this one seems to be missing from the supported groups list when I run it as an uberjar. If I go back through the log a ways, I see this error:

javax.net.ssl|WARNING|14|AWT-EventQueue-0|2021-07-02 12:13:29.715 BST|NamedGroup.java:297|No AlgorithmParameters for x25519 (
"throwable" : {
  java.security.NoSuchAlgorithmException: Algorithm x25519 not available
        at java.base/javax.crypto.KeyAgreement.getInstance(KeyAgreement.java:192)
        at java.base/sun.security.ssl.NamedGroup.<init>(NamedGroup.java:286)
        at java.base/sun.security.ssl.NamedGroup.<clinit>(NamedGroup.java:184)
        at java.base/sun.security.ssl.SignatureScheme.<clinit>(SignatureScheme.java:51)
        at java.base/sun.security.ssl.SSLSessionImpl.<clinit>(SSLSessionImpl.java:817)

So is this my problem? If so, how can I include it?

0

There are 0 answers