There is a bug JDK-8209965 in the JDK 11 GA (build 28) release related to SSL/TLS (JSSE module) handshake (server_hello part):
Quotation from the JDK-8209965:
<...> it appears that the server is sending a "supported_groups" extension in its ServerHello message (TLSv1.2). Reading about it, this seems to be a common issue with certain servers and certain SSL implementations have added support to be lenient with such servers https://github.com/openssl/openssl/pull/4463/files
This is a PoC for a client-side workaround for Stack Overflow question >>. It contains two classes:
Fetch.java
- reproduces the issue, example (a little bit adjusted) is from the Java Mailing Lists here >>FetchWorkaround.java
- workaround, which uses different from JSSE implementation of SSL/TLS (in our case it is BouncyCastle
To test simply run run.sh
and runWorkaround.sh
scripts (run.bat
and runWorkaround.bat
for Windows OS).