I also failed to run the example, until I realized that the code does not validate that the keystore is loaded correctly (passing 'null' into KeyStore.load apparently works without error).Are you sure you are actually loading the keystore correctly (maybe add a null check into the loading code)?StuartOn Sun, Dec 11, 2016 at 3:05 AM, Bill O'Neil <bill@dartalley.com> wrote:Here is the trace occurs with Http2 true and false. Issue seems to be javax.net.ssl.SSLException: Inbound closed before receiving peer's close_notify: possible truncation attack?2016-12-10 11:03:03.669 [XNIO-1 Accept] TRACE org.xnio.nio.selector - Selected on sun.nio.ch.KQueueSelectorImpl@342f8479 2016-12-10 11:03:03.670 [XNIO-1 Accept] TRACE org.xnio.nio.selector - Selected key sun.nio.ch.SelectionKeyImpl@611889f4 for sun.nio.ch.ServerSocketChannel Impl[/127.0.0.1:8443] 2016-12-10 11:03:03.670 [XNIO-1 I/O-4] TRACE org.xnio.nio.selector - Selected on sun.nio.ch.KQueueSelectorImpl@5c0faa95 2016-12-10 11:03:03.670 [XNIO-1 Accept] TRACE org.xnio.nio.selector - Beginning select on sun.nio.ch.KQueueSelectorImpl@342f8479 2016-12-10 11:03:03.670 [XNIO-1 I/O-4] TRACE org.xnio.nio - Running task org.xnio.nio.QueuedNioTcpServer$1@52c85f64 2016-12-10 11:03:03.670 [XNIO-1 Accept] TRACE org.xnio.nio.selector - Selected on sun.nio.ch.KQueueSelectorImpl@342f8479 2016-12-10 11:03:03.671 [XNIO-1 I/O-4] TRACE org.xnio.listener - Invoking listener Delegating channel listener -> Accepting listener for io.undertow.server.protocol.http.HttpOpenListener@56f7c1e5 on channel TCP server (NIO) <13f5555f> 2016-12-10 11:03:03.671 [XNIO-1 Accept] TRACE org.xnio.nio.selector - Selected key sun.nio.ch.SelectionKeyImpl@611889f4 for sun.nio.ch.ServerSocketChannel Impl[/127.0.0.1:8443] 2016-12-10 11:03:03.671 [XNIO-1 I/O-4] TRACE org.xnio.listener - Invoking listener Accepting listener for io.undertow.server.protocol.http.HttpOpenListener@56f7c1e5 on channel io.undertow.protocols.ssl.Unde rtowAcceptingSslChannel@328f1e b6 2016-12-10 11:03:03.671 [XNIO-1 Accept] TRACE org.xnio.nio.selector - Beginning select on sun.nio.ch.KQueueSelectorImpl@342f8479 2016-12-10 11:03:03.674 [XNIO-1 I/O-4] TRACE org.xnio.listener - Invoking listener io.undertow.server.protocol.http.HttpOpenListener@56f7c1e5 on channel io.undertow.protocols.ssl.Unde rtowSslConnection@53f69e92 2016-12-10 11:03:03.675 [XNIO-1 I/O-2] TRACE org.xnio.nio.selector - Selected on sun.nio.ch.KQueueSelectorImpl@49c6180b 2016-12-10 11:03:03.675 [XNIO-1 I/O-4] TRACE io.undertow.request - Opened connection with /127.0.0.1:568542016-12-10 11:03:03.676 [XNIO-1 I/O-2] TRACE org.xnio.nio - Running task org.xnio.nio.QueuedNioTcpServer$1@52c85f64 2016-12-10 11:03:03.681 [XNIO-1 I/O-4] TRACE org.xnio.nio.selector - Beginning select on sun.nio.ch.KQueueSelectorImpl@5c0faa95 (with timeout) 2016-12-10 11:03:03.681 [XNIO-1 I/O-2] TRACE org.xnio.listener - Invoking listener Delegating channel listener -> Accepting listener for io.undertow.server.protocol.http.HttpOpenListener@56f7c1e5 on channel TCP server (NIO) <13f5555f> 2016-12-10 11:03:03.683 [XNIO-1 I/O-2] TRACE org.xnio.listener - Invoking listener Accepting listener for io.undertow.server.protocol.http.HttpOpenListener@56f7c1e5 on channel io.undertow.protocols.ssl.Unde rtowAcceptingSslChannel@328f1e b6 2016-12-10 11:03:03.685 [XNIO-1 I/O-4] TRACE org.xnio.nio.selector - Selected on sun.nio.ch.KQueueSelectorImpl@5c0faa95 2016-12-10 11:03:03.688 [XNIO-1 I/O-2] TRACE org.xnio.listener - Invoking listener io.undertow.server.protocol.http.HttpOpenListener@56f7c1e5 on channel io.undertow.protocols.ssl.Unde rtowSslConnection@3ac7f450 2016-12-10 11:03:03.688 [XNIO-1 I/O-2] TRACE io.undertow.request - Opened connection with /127.0.0.1:568562016-12-10 11:03:03.690 [XNIO-1 I/O-4] TRACE org.xnio.nio.selector - Selected key sun.nio.ch.SelectionKeyImpl@673b2384 for java.nio.channels.SocketChanne l[connected local=/127.0.0.1:8443 remote=/127.0.0.1:56854] 2016-12-10 11:03:03.691 [XNIO-1 I/O-2] TRACE org.xnio.nio.selector - Beginning select on sun.nio.ch.KQueueSelectorImpl@49c6180b (with timeout) 2016-12-10 11:03:03.692 [XNIO-1 I/O-4] TRACE org.xnio.listener - Invoking listener io.undertow.server.protocol.http.HttpReadListener@255c6481 on channel org.xnio.conduits.ConduitStrea mSourceChannel@1b4554ad 2016-12-10 11:03:03.692 [XNIO-1 I/O-4] TRACE org.xnio.nio.selector - Beginning select on sun.nio.ch.KQueueSelectorImpl@5c0faa95 (with timeout) 2016-12-10 11:03:03.696 [XNIO-1 I/O-2] TRACE org.xnio.nio.selector - Selected on sun.nio.ch.KQueueSelectorImpl@49c6180b 2016-12-10 11:03:03.696 [XNIO-1 I/O-4] TRACE org.xnio.nio.selector - Selected on sun.nio.ch.KQueueSelectorImpl@5c0faa95 2016-12-10 11:03:03.696 [XNIO-1 I/O-2] TRACE org.xnio.nio - Running task io.undertow.protocols.ssl.SslConduit$5$1@32b59207 2016-12-10 11:03:03.696 [XNIO-1 I/O-4] TRACE org.xnio.nio - Running task io.undertow.protocols.ssl.SslConduit$5$1@7c204b59 2016-12-10 11:03:03.696 [XNIO-1 I/O-2] TRACE io.undertow.request.io - Exception closing read side of SSL channeljavax.net.ssl.SSLException: Inbound closed before receiving peer's close_notify: possible truncation attack?at sun.security.ssl.Alerts.getSSLException(Alerts.java:208) at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java: 1666) at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java: 1634) at sun.security.ssl.SSLEngineImpl.closeInbound(SSLEngineImpl. java:1561) at io.undertow.protocols.ssl.SslConduit.notifyReadClosed(SslCon duit.java:612) at io.undertow.protocols.ssl.SslConduit.closed(SslConduit.java: 983) at io.undertow.protocols.ssl.SslConduit.close(SslConduit.java: 1078) at io.undertow.protocols.ssl.SslConduit.doUnwrap(SslConduit. java:799) at io.undertow.protocols.ssl.SslConduit.doHandshake(SslConduit. java:645) at io.undertow.protocols.ssl.SslConduit.access$900(SslConduit. java:63) at io.undertow.protocols.ssl.SslConduit$5$1.run(SslConduit.java :1045) at org.xnio.nio.WorkerThread.safeRun(WorkerThread.java:580) at org.xnio.nio.WorkerThread.run(WorkerThread.java:464) 2016-12-10 11:03:03.697 [XNIO-1 I/O-4] TRACE io.undertow.request.io - Exception closing read side of SSL channeljavax.net.ssl.SSLException: Inbound closed before receiving peer's close_notify: possible truncation attack?at sun.security.ssl.Alerts.getSSLException(Alerts.java:208) at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java: 1666) at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java: 1634) at sun.security.ssl.SSLEngineImpl.closeInbound(SSLEngineImpl. java:1561) at io.undertow.protocols.ssl.SslConduit.notifyReadClosed(SslCon duit.java:612) at io.undertow.protocols.ssl.SslConduit.closed(SslConduit.java: 983) at io.undertow.protocols.ssl.SslConduit.close(SslConduit.java: 1078) at io.undertow.protocols.ssl.SslConduit.doUnwrap(SslConduit. java:799) at io.undertow.protocols.ssl.SslConduit.doHandshake(SslConduit. java:645) at io.undertow.protocols.ssl.SslConduit.access$900(SslConduit. java:63) at io.undertow.protocols.ssl.SslConduit$5$1.run(SslConduit.java :1045) at org.xnio.nio.WorkerThread.safeRun(WorkerThread.java:580) at org.xnio.nio.WorkerThread.run(WorkerThread.java:464) 2016-12-10 11:03:03.697 [XNIO-1 I/O-2] TRACE org.xnio.listener - Invoking listener io.undertow.server.AbstractServerConnection$CloseSetter@ 55df2063 on channel io.undertow.protocols.ssl.Unde rtowSslConnection@3ac7f450 2016-12-10 11:03:03.698 [XNIO-1 I/O-4] TRACE org.xnio.listener - Invoking listener io.undertow.server.AbstractServerConnection$CloseSetter@ 42277317 on channel io.undertow.protocols.ssl.Unde rtowSslConnection@53f69e92 2016-12-10 11:03:03.698 [XNIO-1 I/O-2] TRACE org.xnio.safe-close - Closing resource org.xnio.nio.NioSocketStreamConnection@50bf3bfc 2016-12-10 11:03:03.698 [XNIO-1 I/O-4] TRACE org.xnio.safe-close - Closing resource org.xnio.nio.NioSocketStreamConnection@4196fbe 2016-12-10 11:03:03.698 [XNIO-1 I/O-2] TRACE org.xnio.nio - Cancelling key sun.nio.ch.SelectionKeyImpl@4805f11b of java.nio.channels.SocketChanne l[connected local=/127.0.0.1:8443 remote=/127.0.0.1:56856] (same thread) 2016-12-10 11:03:03.698 [XNIO-1 I/O-4] TRACE org.xnio.nio - Cancelling key sun.nio.ch.SelectionKeyImpl@673b2384 of java.nio.channels.SocketChanne l[connected local=/127.0.0.1:8443 remote=/127.0.0.1:56854] (same thread) 2016-12-10 11:03:03.699 [XNIO-1 I/O-2] TRACE org.xnio.safe-close - Closing resource io.undertow.protocols.ssl.UndertowSslConnection@3ac7f450 2016-12-10 11:03:03.699 [XNIO-1 Accept] TRACE org.xnio.nio.selector - Selected on sun.nio.ch.KQueueSelectorImpl@342f8479 2016-12-10 11:03:03.699 [XNIO-1 I/O-4] TRACE org.xnio.safe-close - Closing resource io.undertow.protocols.ssl.UndertowSslConnection@53f69e92 2016-12-10 11:03:03.699 [XNIO-1 Accept] TRACE org.xnio.nio - Running task org.xnio.nio.QueuedNioTcpServer$2@1ce2a083 2016-12-10 11:03:03.699 [XNIO-1 I/O-2] TRACE org.xnio.nio - Running task io.undertow.protocols.ssl.SslConduit$1@77593ca5 2016-12-10 11:03:03.700 [XNIO-1 I/O-4] TRACE org.xnio.nio - Running task io.undertow.protocols.ssl.SslConduit$1@3548b3ac 2016-12-10 11:03:03.700 [XNIO-1 Accept] TRACE org.xnio.nio - Running task org.xnio.nio.QueuedNioTcpServer$2@1ce2a083 2016-12-10 11:03:03.700 [XNIO-1 I/O-2] TRACE org.xnio.listener - Invoking listener io.undertow.server.protocol.http.HttpReadListener@6962bde3 on channel org.xnio.conduits.ConduitStrea mSourceChannel@45125494 2016-12-10 11:03:03.700 [XNIO-1 I/O-4] TRACE org.xnio.listener - Invoking listener io.undertow.server.protocol.http.HttpReadListener@255c6481 on channel org.xnio.conduits.ConduitStrea mSourceChannel@1b4554ad 2016-12-10 11:03:03.700 [XNIO-1 Accept] TRACE org.xnio.nio.selector - Beginning select on sun.nio.ch.KQueueSelectorImpl@342f8479 2016-12-10 11:03:03.701 [XNIO-1 I/O-2] TRACE org.xnio.safe-close - Closing resource io.undertow.server.protocol.http.HttpServerConnection@6cdbf7 11 2016-12-10 11:03:03.701 [XNIO-1 I/O-4] TRACE org.xnio.safe-close - Closing resource io.undertow.server.protocol.http.HttpServerConnection@4bcc5c df 2016-12-10 11:03:03.701 [XNIO-1 I/O-2] TRACE org.xnio.nio - Running task io.undertow.protocols.ssl.SslConduit$2@52d9523b 2016-12-10 11:03:03.702 [XNIO-1 I/O-4] TRACE org.xnio.nio - Running task io.undertow.protocols.ssl.SslConduit$2@320a217a 2016-12-10 11:03:03.702 [XNIO-1 I/O-2] TRACE org.xnio.nio.selector - Beginning select on sun.nio.ch.KQueueSelectorImpl@49c6180b 2016-12-10 11:03:03.702 [XNIO-1 I/O-4] TRACE org.xnio.nio.selector - Beginning select on sun.nio.ch.KQueueSelectorImpl@5c0faa95 2016-12-10 11:03:03.714 [XNIO-1 Accept] TRACE org.xnio.nio.selector - Selected on sun.nio.ch.KQueueSelectorImpl@342f8479 2016-12-10 11:03:03.715 [XNIO-1 Accept] TRACE org.xnio.nio.selector - Selected key sun.nio.ch.SelectionKeyImpl@611889f4 for sun.nio.ch.ServerSocketChannel Impl[/127.0.0.1:8443] 2016-12-10 11:03:03.716 [XNIO-1 Accept] TRACE org.xnio.nio.selector - Beginning select on sun.nio.ch.KQueueSelectorImpl@342f8479 2016-12-10 11:03:03.717 [XNIO-1 I/O-4] TRACE org.xnio.nio.selector - Selected on sun.nio.ch.KQueueSelectorImpl@5c0faa95 2016-12-10 11:03:03.718 [XNIO-1 I/O-4] TRACE org.xnio.nio - Running task org.xnio.nio.QueuedNioTcpServer$1@52c85f64 2016-12-10 11:03:03.719 [XNIO-1 I/O-4] TRACE org.xnio.listener - Invoking listener Delegating channel listener -> Accepting listener for io.undertow.server.protocol.http.HttpOpenListener@56f7c1e5 on channel TCP server (NIO) <13f5555f> 2016-12-10 11:03:03.719 [XNIO-1 I/O-4] TRACE org.xnio.listener - Invoking listener Accepting listener for io.undertow.server.protocol.http.HttpOpenListener@56f7c1e5 on channel io.undertow.protocols.ssl.Unde rtowAcceptingSslChannel@328f1e b6 2016-12-10 11:03:03.721 [XNIO-1 I/O-4] TRACE org.xnio.listener - Invoking listener io.undertow.server.protocol.http.HttpOpenListener@56f7c1e5 on channel io.undertow.protocols.ssl.Unde rtowSslConnection@d84c5d1 2016-12-10 11:03:03.721 [XNIO-1 I/O-4] TRACE io.undertow.request - Opened connection with /127.0.0.1:568582016-12-10 11:03:03.724 [XNIO-1 I/O-4] TRACE org.xnio.nio.selector - Beginning select on sun.nio.ch.KQueueSelectorImpl@5c0faa95 (with timeout) 2016-12-10 11:03:03.728 [XNIO-1 I/O-4] TRACE org.xnio.nio.selector - Selected on sun.nio.ch.KQueueSelectorImpl@5c0faa95 2016-12-10 11:03:03.728 [XNIO-1 I/O-4] TRACE org.xnio.nio - Running task io.undertow.protocols.ssl.SslConduit$5$1@47e5be01 2016-12-10 11:03:03.729 [XNIO-1 I/O-4] TRACE io.undertow.request.io - Exception closing read side of SSL channeljavax.net.ssl.SSLException: Inbound closed before receiving peer's close_notify: possible truncation attack?at sun.security.ssl.Alerts.getSSLException(Alerts.java:208) at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java: 1666) at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java: 1634) at sun.security.ssl.SSLEngineImpl.closeInbound(SSLEngineImpl. java:1561) at io.undertow.protocols.ssl.SslConduit.notifyReadClosed(SslCon duit.java:612) at io.undertow.protocols.ssl.SslConduit.closed(SslConduit.java: 983) at io.undertow.protocols.ssl.SslConduit.close(SslConduit.java: 1078) at io.undertow.protocols.ssl.SslConduit.doUnwrap(SslConduit. java:799) at io.undertow.protocols.ssl.SslConduit.doHandshake(SslConduit. java:645) at io.undertow.protocols.ssl.SslConduit.access$900(SslConduit. java:63) at io.undertow.protocols.ssl.SslConduit$5$1.run(SslConduit.java :1045) at org.xnio.nio.WorkerThread.safeRun(WorkerThread.java:580) at org.xnio.nio.WorkerThread.run(WorkerThread.java:464) 2016-12-10 11:03:03.729 [XNIO-1 I/O-4] TRACE org.xnio.listener - Invoking listener io.undertow.server.AbstractServerConnection$CloseSetter@ 3457fbeb on channel io.undertow.protocols.ssl.Unde rtowSslConnection@d84c5d1 2016-12-10 11:03:03.729 [XNIO-1 I/O-4] TRACE org.xnio.safe-close - Closing resource org.xnio.nio.NioSocketStreamConnection@1fd60afd 2016-12-10 11:03:03.729 [XNIO-1 I/O-4] TRACE org.xnio.nio - Cancelling key sun.nio.ch.SelectionKeyImpl@7da1dc1a of java.nio.channels.SocketChanne l[connected local=/127.0.0.1:8443 remote=/127.0.0.1:56858] (same thread) 2016-12-10 11:03:03.730 [XNIO-1 I/O-4] TRACE org.xnio.safe-close - Closing resource io.undertow.protocols.ssl.UndertowSslConnection@d84c5d1 2016-12-10 11:03:03.730 [XNIO-1 Accept] TRACE org.xnio.nio.selector - Selected on sun.nio.ch.KQueueSelectorImpl@342f8479 2016-12-10 11:03:03.730 [XNIO-1 I/O-4] TRACE org.xnio.nio - Running task io.undertow.protocols.ssl.SslConduit$1@11f5487 2016-12-10 11:03:03.730 [XNIO-1 Accept] TRACE org.xnio.nio - Running task org.xnio.nio.QueuedNioTcpServer$2@1ce2a083 2016-12-10 11:03:03.730 [XNIO-1 I/O-4] TRACE org.xnio.listener - Invoking listener io.undertow.server.protocol.http.HttpReadListener@6b60e713 on channel org.xnio.conduits.ConduitStrea mSourceChannel@60e3d137 2016-12-10 11:03:03.731 [XNIO-1 Accept] TRACE org.xnio.nio.selector - Beginning select on sun.nio.ch.KQueueSelectorImpl@342f8479 2016-12-10 11:03:03.731 [XNIO-1 I/O-4] TRACE org.xnio.safe-close - Closing resource io.undertow.server.protocol.http.HttpServerConnection@4f4dae 34 2016-12-10 11:03:03.732 [XNIO-1 I/O-4] TRACE org.xnio.nio - Running task io.undertow.protocols.ssl.SslConduit$2@348d6036 2016-12-10 11:03:03.732 [XNIO-1 I/O-4] TRACE org.xnio.nio.selector - Beginning select on sun.nio.ch.KQueueSelectorImpl@5c0faa95 On Sat, Dec 10, 2016 at 10:58 AM, Hicks, Matt <matt@matthicks.com> wrote:Thanks Bill....I don't feel as crazy now. ;)On Sat, Dec 10, 2016 at 9:51 AM Bill O'Neil <bill@dartalley.com> wrote:Oops I forgot https://localhost:8443. Now it is giving me localhost unexpectedly closed the connection. With no errors. I also don't have a cert set up but I would think that should throw an error?The on startup JDK9 issue is still there.On Sat, Dec 10, 2016 at 10:45 AM, Bill O'Neil <bill@dartalley.com> wrote:Matt did you try turning on logging? Here are the two errors I get. Stuart maybe you can help from this I don't know much about SSL.This error is on server start. I'm running JDK 8.java.lang.NoSuchMethodException: javax.net.ssl.SSLParameters.se tApplicationProtocols([Ljava.l ang.String;) at java.lang.Class.getMethod(Class.java:1786) at io.undertow.protocols.alpn.JDK9AlpnProvider$1.run(JDK9AlpnPr ovider.java:47) at io.undertow.protocols.alpn.JDK9AlpnProvider$1.run(JDK9AlpnPr ovider.java:43) at java.security.AccessController.doPrivileged(Native Method) at io.undertow.protocols.alpn.JDK9AlpnProvider.<clinit>(JDK9Alp nProvider.java:43) at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Nativ e Method) at sun.reflect.NativeConstructorAccessorImpl.newInstance(Native ConstructorAccessorImpl.java:6 2) at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(De legatingConstructorAccessorImp l.java:45) at java.lang.reflect.Constructor.newInstance(Constructor.java:4 22) at java.lang.Class.newInstance(Class.java:442) at java.util.ServiceLoader$LazyIterator.nextService(ServiceLoad er.java:380) at java.util.ServiceLoader$LazyIterator.next(ServiceLoader.java :404) at java.util.ServiceLoader$1.next(ServiceLoader.java:480) at io.undertow.protocols.alpn.ALPNManager.<init>(ALPNManager.ja va:40) at io.undertow.protocols.alpn.ALPNManager.<clinit>(ALPNManager. java:35) at io.undertow.Undertow.start(Undertow.java:177) at com.dartalley.function.Http2Server.main(Http2Server.java:70) The following errors happen on request to the localhost:8443 from Matt's code which leads to an empty response.10:42:29.083 [XNIO-1 I/O-2] DEBUG io.undertow.request.io - UT005013: An IOException occurredjavax.net.ssl.SSLHandshakeException: UT000140: Initial SSL/TLS data is not a handshake record at io.undertow.protocols.ssl.ALPNHackClientHelloExplorer.explor eClientHello(ALPNHackClientHel loExplorer.java:84) at io.undertow.protocols.ssl.ALPNHackSSLEngine.unwrap(ALPNHackS SLEngine.java:205) at io.undertow.protocols.ssl.SslConduit.doUnwrap(SslConduit.jav a:729) at io.undertow.protocols.ssl.SslConduit.read(SslConduit.java:56 7) at org.xnio.conduits.ConduitStreamSourceChannel.read(ConduitStr eamSourceChannel.java:127) at io.undertow.server.protocol.http.AlpnOpenListener$AlpnConnec tionListener.handleEvent(AlpnO penListener.java:280) at org.xnio.ChannelListeners.invokeChannelListener(ChannelListe ners.java:92) at org.xnio.ChannelListeners$10.handleEvent(ChannelListeners.ja va:291) at org.xnio.ChannelListeners$10.handleEvent(ChannelListeners.ja va:286) at org.xnio.ChannelListeners.invokeChannelListener(ChannelListe ners.java:92) at org.xnio.ChannelListeners$DelegatingChannelListener.handleEv ent(ChannelListeners.java:1092 ) at org.xnio.ChannelListeners.invokeChannelListener(ChannelListe ners.java:92) at org.xnio.nio.QueuedNioTcpServer$1.run(QueuedNioTcpServer.jav a:128) at org.xnio.nio.WorkerThread.safeRun(WorkerThread.java:580) at org.xnio.nio.WorkerThread.run(WorkerThread.java:464) 10:42:29.091 [XNIO-1 I/O-4] DEBUG io.undertow.request - UT005013: An IOException occurredjavax.net.ssl.SSLHandshakeException: UT000140: Initial SSL/TLS data is not a handshake record at io.undertow.protocols.ssl.ALPNHackClientHelloExplorer.explor eClientHello(ALPNHackClientHel loExplorer.java:84) at io.undertow.protocols.ssl.ALPNHackSSLEngine.unwrap(ALPNHackS SLEngine.java:205) at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:624) at io.undertow.protocols.ssl.SslConduit.doUnwrap(SslConduit.jav a:748) at io.undertow.protocols.ssl.SslConduit.doHandshake(SslConduit. java:645) at io.undertow.protocols.ssl.SslConduit.access$900(SslConduit.j ava:63) at io.undertow.protocols.ssl.SslConduit$SslReadReadyHandler.rea dReady(SslConduit.java:1097) at org.xnio.nio.NioSocketConduit.handleReady(NioSocketConduit.j ava:88) at org.xnio.nio.WorkerThread.run(WorkerThread.java:559) 10:42:29.100 [XNIO-1 I/O-2] DEBUG io.undertow.request - UT005013: An IOException occurredjavax.net.ssl.SSLHandshakeException: UT000140: Initial SSL/TLS data is not a handshake record at io.undertow.protocols.ssl.ALPNHackClientHelloExplorer.explor eClientHello(ALPNHackClientHel loExplorer.java:84) at io.undertow.protocols.ssl.ALPNHackSSLEngine.unwrap(ALPNHackS SLEngine.java:205) at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:624) at io.undertow.protocols.ssl.SslConduit.doUnwrap(SslConduit.jav a:748) at io.undertow.protocols.ssl.SslConduit.doHandshake(SslConduit. java:645) at io.undertow.protocols.ssl.SslConduit.access$900(SslConduit.j ava:63) at io.undertow.protocols.ssl.SslConduit$SslReadReadyHandler.rea dReady(SslConduit.java:1097) at org.xnio.nio.NioSocketConduit.handleReady(NioSocketConduit.j ava:88) at org.xnio.nio.WorkerThread.run(WorkerThread.java:559) On Sat, Dec 10, 2016 at 10:15 AM, Hicks, Matt <matt@matthicks.com> wrote:I've updated to 1.4.7.Final, I switched to passing an Array of keyManagers and an Array of trustManagers, I've tried commenting out ENABLE_HTTP2, I've installed the JCE Unlimited Strength (and verified it's being used) and I'm consistently getting ERR_CONNECTION_CLOSED when I try to connect to https://localhost:8443If I connect to http://localhost:8080 then I get the expected "Hello, World!". If someone could just test that snippet and tell me if they can repeat the problem it would be greatly appreciated.On Fri, Dec 9, 2016 at 5:30 PM Hicks, Matt <matt@matthicks.com> wrote:Stuart, I don't think I have the JCE Unlimited Strength policy files installed. I'll look into seeing if that's the problem. I am currently using 1.4.6.Final. I commented out enabling of HTTP2 but I'm still getting the same problem. It will probably be tomorrow before I can get the JCE Unlimited Strength installed, but either way I should be seeing an error but I am not.Can you check that code snippet I posted? It's a simplified version of the example you sent me previously that just outputs "Hello, World!". If you're able to run it and it works then perhaps there's something wrong in my machine configuration, but I'd like some confirmation.On Fri, Dec 9, 2016 at 4:30 PM Stuart Douglas <sdouglas@redhat.com> wrote:I just released 1.4.7.Final that should fix the ClassCastException that you were seeing.Your example code should work. What version of Undertow are you using, and do you have the JCE unlimited strength ciphers installed?Some versions of Undertow would attempt to enable HTTP/2 even if the required ciphers were not installed, which would result in a connection error as HTTP/2 would be negotiated with an incorrect cipher, and the browser will kill the connection as a result. This could be fixed by either installing the JCE unlimited strength policy files, or by disabling HTTP/2.StuartOn Sat, Dec 10, 2016 at 9:00 AM, Hicks, Matt <matt@matthicks.com> wrote:Michael, where are you getting SSLContextFactory from? I assumed it was something built-in or available in Undertow.On Fri, Dec 9, 2016 at 1:08 PM Hicks, Matt <matt@matthicks.com> wrote:Thanks guys. Michael, I'll try your code here in a bit to see if it makes any difference.On Fri, Dec 9, 2016 at 12:49 PM Michael Grove <mike@stardog.com> wrote:Prematurely hit send!On Fri, Dec 9, 2016 at 1:43 PM, Michael Grove <mike@stardog.com> wrote:On Fri, Dec 9, 2016 at 1:11 PM, Hicks, Matt <matt@matthicks.com> wrote:Hi Michael, thanks for the response. What version of Undertow are you using?I'm using 1.3.20, so I'm a bit behind.Are you overriding the SSL certificate storage or using the example's?I'm just creating the SSLContext that's passed to the builder via addHttpsListener directly from the standard JVM properties, eg javax.net.ssl.keyStoreThis is the basic code for that:
public static SSLContext createSSLContext(final Options theOptions) throws SSLException { return SSLContextFactory.createSSLCon text(theOptions.get(ServerOpti ons .KEY_STORE_TYPE),theOptions.get(ServerOptions.K EY_STORE ),theOptions.get(ServerOptions.K EY_STORE_PASSWD ),theOptions.get(ServerOptions.T RUST_STORE_TYPE ),theOptions.get(ServerOptions.T RUST_STORE ),theOptions.get(ServerOptions.T RUST_STORE_PASSWD ));} I tweak the XNIO properties for SSL in the event the user needs client auth:aBuilder.setWorkerOption(org.xnio.Options .SSL_CLIENT_AUTH_MODE , SslClientAuthMode.REQUIRED);
At that point, it works nicely.Would you mind terribly trying the exact code snippet and see if it works for you? This is very confusing if it's a problem on my end...especially since HTTP works fine.I can try to run it over the weekend, I'm a bit swamped with day to day stuff atm.Cheers,MikeOn Fri, Dec 9, 2016 at 11:59 AM Michael Grove <mike@stardog.com> wrote:On Fri, Dec 9, 2016 at 10:24 AM, Hicks, Matt <matt@matthicks.com> wrote:Yeah, I'm pretty sure Undertow's support for SSL is broken!It's working fine for me, and I'm using a setup almost exactly like what's shown in the examples.I copied and pasted the example into my project and am getting the same results. I modified it to not do any proxying, but the server isn't responding properly and my anonymous HttpHandler is never invoked:This is incredibly frustrating. Stuart, tell me if I shouldn't be using Undertow for SSL support and I'll start migrating to wrap with nginx.On Thu, Dec 8, 2016 at 8:00 PM Stuart Douglas <sdouglas@redhat.com> wrote:Here is an example:
https://github.com/undertow-io/undertow/blob/master/examples /src/main/java/io/undertow/exa mples/http2/Http2Server.java
Looks like you have run into a bug, with regard to the
ClassCastException, you need to use the version that take