Java 11 outbound calls fail with "java.io.IOException: DerInputStream.getLength(): lengthTag=109, too big."

Solution Unverified - Updated -

Issue

  • We migrated our application to JBoss EAP 7.2.3 and OpenJDK 11 on RHEL7. Application outbound calls fail with the exception below.

  • We assumed application is failing due to the first provider being SunJSSE in JDK11 so we replaced SunJSSE with com.sun.net.ssl.internal.ssl.Provider.

    ERROR ApplicationController:111 - Exception thrown in applicationMethod() application.exception.ApplicationServiceException: ApplicationException
at application.service
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:?]
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[?:?]
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:?]
at java.base/java.lang.reflect.Method.invoke(Method.java:566) ~[?:?]
at application.war//org.springframework.web.method.support.InvocableHandlerMethod.doInvoke(InvocableHandlerMethod.java:221) ~[spring-web-4.2.5.RELEASE.jar:4.2.5.RELEASE]
...
... 65 more
Caused by: com.sun.jersey.api.client.ClientHandlerException: java.net.SocketException: java.security.NoSuchAlgorithmException: Error constructing implementation (algorithm: Default, provider: SunJSSE, class: sun.security.ssl.SSLContextImpl$DefaultSSLContext)
at application.war//com.sun.jersey.client.urlconnection.URLConnectionClientHandler.handle(URLConnectionClientHandler.java:155) ~[jersey-client-1.19.1.jar:1.19.1]
...
... 65 more
Caused by: java.net.SocketException: java.security.NoSuchAlgorithmException: Error constructing implementation (algorithm: Default, provider: SunJSSE, class: sun.security.ssl.SSLContextImpl$DefaultSSLContext)
at java.base/javax.net.ssl.DefaultSSLSocketFactory.throwException(SSLSocketFactory.java:263) ~[?:?]
at java.base/javax.net.ssl.DefaultSSLSocketFactory.createSocket(SSLSocketFactory.java:270) ~[?:?]
at java.base/sun.net.www.protocol.https.HttpsClient.createSocket(HttpsClient.java:413) ~[?:?]
at java.base/sun.net.NetworkClient.doConnect(NetworkClient.java:162) ~[?:?]
at java.base/sun.net.www.http.HttpClient.openServer(HttpClient.java:474) ~[?:?]
... 65 more
...
Caused by: java.security.NoSuchAlgorithmException: Error constructing implementation (algorithm: Default, provider: SunJSSE, class: sun.security.ssl.SSLContextImpl$DefaultSSLContext)
at java.base/java.security.Provider$Service.newInstance(Provider.java:1831) ~[?:?]
at java.base/sun.security.jca.GetInstance.getInstance(GetInstance.java:236) ~[?:?]
at java.base/sun.security.jca.GetInstance.getInstance(GetInstance.java:164) ~[?:?]
at java.base/javax.net.ssl.SSLContext.getInstance(SSLContext.java:168) ~[?:?]
at java.base/javax.net.ssl.SSLContext.getDefault(SSLContext.java:99) ~[?:?]
at java.base/javax.net.ssl.SSLSocketFactory.getDefault(SSLSocketFactory.java:123) ~[?:?]
at java.base/javax.net.ssl.HttpsURLConnection.getDefaultSSLSocketFactory(HttpsURLConnection.java:335) ~[?:?]
...
... 64 more
Caused by: java.security.KeyStoreException: problem accessing trust store
at java.base/sun.security.ssl.TrustManagerFactoryImpl.engineInit(TrustManagerFactoryImpl.java:73) ~[?:?]
at java.base/javax.net.ssl.TrustManagerFactory.init(TrustManagerFactory.java:278) ~[?:?]
at java.base/sun.security.ssl.SSLContextImpl$DefaultManagersHolder.getTrustManagers(SSLContextImpl.java:1052) ~[?:?]
at java.base/sun.security.ssl.SSLContextImpl$DefaultManagersHolder.<clinit>(SSLContextImpl.java:1022) ~[?:?]
at java.base/sun.security.ssl.SSLContextImpl$DefaultSSLContext.<init>(SSLContextImpl.java:1197) ~[?:?]
at java.base/jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) ~[?:?]
...
Caused by: java.io.IOException: DerInputStream.getLength(): lengthTag=109, too big.
at java.base/sun.security.util.DerInputStream.getLength(DerInputStream.java:606) ~[?:?]
at java.base/sun.security.util.DerValue.init(DerValue.java:390) ~[?:?]
at java.base/sun.security.util.DerValue.<init>(DerValue.java:331) ~[?:?]
at java.base/sun.security.util.DerValue.<init>(DerValue.java:344) ~[?:?]
at java.base/sun.security.pkcs12.PKCS12KeyStore.engineLoad(PKCS12KeyStore.java:1993) ~[?:?]
at java.base/java.security.KeyStore.load(KeyStore.java:1479) ~[?:?]
...

Environment

  • Red Hat JBoss Enterprise Application Platform (JBoss EAP)
    • 7.2.3
  • OpenJDK
    • 11
  • RHEL
    • 7

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content