On Wed, Feb 20, 2019 at 11:59 PM Thomas Lußnig <[hidden email]> wrote:
> is there an more detailed information about the problem:
> Java 11 has a problematic TLS implementation. Currently, the Jetty
> team recommends using JDK 12 until such time that the fixes in JDK 12 are
> backported to Java 11 TLS.
It does not happen all the times, so it's a random bug to find and figure out.
We have not investigated deeply what it is, but we have other
confirmation as well: running the CometD benchmarks fails with 11.0.2,
but passes cleanly with 12RC.
We will investigate and eventually send out the details, but it may
take some time.
On Thu, Feb 21, 2019 at 1:03 AM Cantor, Scott <[hidden email]> wrote:
> On 2/20/19, 6:53 PM, "[hidden email] on behalf of Simone Bordet" <[hidden email] on behalf of [hidden email]> wrote:
> > We have not investigated deeply what it is, but we have other
> > confirmation as well: running the CometD benchmarks fails with 11.0.2,
> > but passes cleanly with 12RC.
> Has somebody filed a bug with Oracle or Red Hat yet?
We will, but we need to have exact details first.
> The problem is that for a lot of us, the non-LTS releases may as well not exist, so "use 12" is not practical advice, even if 12 were out, which it isn't.
> So this is really "use 8" as a piece of advice right now.
However, we have people surprised by this - for them evidently 11 is
It could well just be a problem when using TLS 1.3, so using TLS 1.2
on JDK 11 is fine.
> We will, but we need to have exact details first.
Ok. I know that's one take, another is "A/B tests prove this is your bug, we'll get more details to you when we can...". Often a stack trace is enough to find a bug. And this is a big deal, a "your only LTS Java is about to be untrustworthy" kind of deal, so the sooner they know...
If it's really just TLS 1.3 that certainly will help but from the bugs there it's probably not really certain yet.