3

I have this class which just sends a http post request:

import java.net.*; import java.io.*;
public class JarRuntimeTest{
    public void start() throws Exception{
        HttpURLConnection connection = (HttpURLConnection) (new URL("https://google.com").openConnection());
        connection.setRequestMethod("POST");
        System.out.println(
        getResult((connection.getResponseCode() == HttpURLConnection.HTTP_OK)?
        connection.getInputStream():connection.getErrorStream()));
    }
    public String getResult(InputStream in) throws Exception{
        StringBuilder builder = new StringBuilder("");
        BufferedReader reader = new BufferedReader(new InputStreamReader(in));
        String line = null;
        while ((line = reader.readLine()) != null) builder.append(line);
        reader.close();
        return builder.toString();
    }
    public static void main(String[] args){try{new JarRuntimeTest().start();}catch(Exception e){e.printStackTrace();}}
}

I have this .bat file which builds my jar and java runtime image for it, and uses this custom runtime image to run my jar:

@echo off
javac JarRuntimeTest.java
jar --create --file thisismyjar.jar  --main-class JarRuntimeTest JarRuntimeTest.class
jdeps --list-deps thisismyjar.jar
jlink --add-modules java.base --output myruntime
myruntime\bin\java.exe -jar thisismyjar.jar
pause

If I run the application with the custom jre, i get an error:

javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure

However, if i run the application the normal way without a custom jre, I don't get this error. Is this problem caused because the custom jre wasn't built properly, are some modules missing in my custom jre? Or is this an entirely different issue? If some modules are missing, what should i do to include them? Which one is it? How do i know? I only added the modules that were outputted from jdeps

this is the entire stack-trace that i get:

javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
        at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:131)
        at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:117)
        at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:356)
        at java.base/sun.security.ssl.Alert$AlertConsumer.consume(Alert.java:293)
        at java.base/sun.security.ssl.TransportContext.dispatch(TransportContext.java:202)
        at java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:171)
        at java.base/sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1498)
        at java.base/sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1404)
        at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:441)
        at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:412)
        at java.base/sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:574)
        at java.base/sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:183)
        at java.base/sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1653)
        at java.base/sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1577)
        at java.base/java.net.HttpURLConnection.getResponseCode(HttpURLConnection.java:527)
        at java.base/sun.net.www.protocol.https.HttpsURLConnectionImpl.getResponseCode(HttpsURLConnectionImpl.java:308)
        at JarRuntimeTest.start(JarRuntimeTest.java:7)
        at JarRuntimeTest.main(JarRuntimeTest.java:18)

and this is the module that i added to make the runtime : java.base , because this was what was outputted from jdeps.

Improve this question
2
  • When you connect successfully, does it use an ECDSA cert (anywhere in the chain) or a ciphersuite with ECDHE keyexchange in 1.2 or below or an ECDHE group for keyexchange in 1.3? If so the server may require use of elliptic-curve crypto and you didn't include jdk.crypto.ec. If the server is publicly available (on 443) https://ssllabs.com/ssltest could check this. Commented Aug 23, 2021 at 22:39
  • @dave_thompson_085 you were right, adding that module made the application work. Commented Aug 24, 2021 at 5:54

1 Answer 1

Reset to default
5

As said by @dave_thompson_085 , the jdk.crypto.ec has to be included. I'm not sure why this wasn't shown by jdeps. Anyway, including it in my jlink command did the trick, and it worked:

jlink --add-modules java.base,jdk.crypto.ec --output myruntime
myruntime\bin\java.exe -jar thisismyjar.jar
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.