Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Updating from 6.0.1 -> 7.0.0: javax.net.ssl.SSLHandshakeException: extension (5) should not be presented in certificate_request

See original GitHub issue

On updating from 6.0.1 to 7.0.0, calls to the API appear to trigger exceptions at the OkHTTP layer.

Versions: Java 12, Kubernetes 1.17.1

This was working fine in 6.0.1.

Is there some different or additional configuration/security handling needed in 7.0.0 compared to 6.01?

ApiClient client = ClientBuilder.cluster().build();
BatchV1Api api = new BatchV1Api(apiClient);

api.deleteNamespacedJobAsync(
                        name,
                        namespace,
                        "true",
                        null,
                        null,
                        null,
                        null,
                        null,
                        new Callback<>(...));

Gives the following exception:

Caused by: io.kubernetes.client.openapi.ApiException: javax.net.ssl.SSLHandshakeException: extension (5) should not be presented in certificate_request
	at io.kubernetes.client.openapi.ApiClient$1.onFailure(ApiClient.java:927)
	at okhttp3.RealCall$AsyncCall.execute(RealCall.java:180)
	at okhttp3.internal.NamedRunnable.run(NamedRunnable.java:32)
	at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
	at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
	at java.base/java.lang.Thread.run(Thread.java:835)
Caused by: javax.net.ssl.SSLHandshakeException: extension (5) should not be presented in certificate_request
	at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:131)
	at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:117)
	at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:307)
	at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:263)
	at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:254)
	at java.base/sun.security.ssl.SSLExtensions.<init>(SSLExtensions.java:90)
	at java.base/sun.security.ssl.CertificateRequest$T13CertificateRequestMessage.<init>(CertificateRequest.java:800)
	at java.base/sun.security.ssl.CertificateRequest$T13CertificateRequestConsumer.consume(CertificateRequest.java:904)
	at java.base/sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:392)
	at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:441)
	at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:419)
	at java.base/sun.security.ssl.TransportContext.dispatch(TransportContext.java:177)
	at java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:164)
	at java.base/sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1180)
	at java.base/sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1091)
	at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:402)
	at okhttp3.internal.connection.RealConnection.connectTls(RealConnection.java:336)
	at okhttp3.internal.connection.RealConnection.establishProtocol(RealConnection.java:300)
	at okhttp3.internal.connection.RealConnection.connect(RealConnection.java:185)
	at okhttp3.internal.connection.ExchangeFinder.findConnection(ExchangeFinder.java:224)
	at okhttp3.internal.connection.ExchangeFinder.findHealthyConnection(ExchangeFinder.java:108)
	at okhttp3.internal.connection.ExchangeFinder.find(ExchangeFinder.java:88)
	at okhttp3.internal.connection.Transmitter.newExchange(Transmitter.java:169)
	at okhttp3.internal.connection.ConnectInterceptor.intercept(ConnectInterceptor.java:41)
	at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:142)
	at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:117)
	at okhttp3.internal.cache.CacheInterceptor.intercept(CacheInterceptor.java:94)
	at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:142)
	at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:117)
	at okhttp3.internal.http.BridgeInterceptor.intercept(BridgeInterceptor.java:93)
	at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:142)
	at okhttp3.internal.http.RetryAndFollowUpInterceptor.intercept(RetryAndFollowUpInterceptor.java:88)
	at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:142)
	at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:117)
	at okhttp3.RealCall.getResponseWithInterceptorChain(RealCall.java:229)
	at okhttp3.RealCall$AsyncCall.execute(RealCall.java:172)

Issue Analytics

  • State:closed
  • Created 4 years ago
  • Comments:5 (2 by maintainers)

github_iconTop GitHub Comments

1reaction
bmarcjcommented, Jan 21, 2020

As a workaround, I’ve launched with “-Djdk.tls.client.protocols=TLSv1.2”. This appears to be okay, but I’m not sure of the knock on consequences.

It does look like it relates to this bug in the openJDK:

https://bugs.openjdk.java.net/browse/JDK-8236039

0reactions
zvmzaretskycommented, Feb 21, 2021

use this when building your app -Djdk.tls.client.protocols=TLSv1.2

Read more comments on GitHub >

github_iconTop Results From Across the Web

How to Fix javax.net.ssl.SSLHandshakeException - Java67
Hello guys, this is one of the common errors in a client-server application. The big problem in solving this error is not the...
Read more >
SSLHandshakeException: Handshake failed on Android N/7.0
ssl.SSLHandshakeException: Handshake failed" error and working fine for Android 7.0 and others version too. put this in onCreate() method of application ...
Read more >
Solved: upgrade 6.7u3 to 7.0 cert issues - VMware Communities
Solved: attempting to upgrade my lab from 6.7u3.latest to 7.0.latest new VCSA VM deploys ok, but during pre-check get the following error: Error...
Read more >
javax.net.ssl.SSLHandshakeException: extension (5) should ...
SSLHandshakeException : extension (5) should not be presented in ... to your java / maven command line or update your java to the...
Read more >
Check and update your Android version - Google Support
You can find your device's Android version number, security update level and Google Play system level in your Settings app. You'll get notifications...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

javax.net.ssl.SSLHandshakeException

Next page

Failed to execute goal org.apache.maven.plugins:maven-compiler-plugin:3.8.1:compile on project client-java-api