[SOLVED] Protoclol_version Error launching from TLS 1.3 server
Posted: 10 Mar 2021, 18:29
Hi Guys
I'm not sure If I have a server side configuration issue or I've found a bug.
Summary
I'm updating a test server to match our incoming security standards, this requires exclusive use of TLS 1.3 with all other protocols disabled.
With the server configured like this OWS can not download resources form the server always with a the message Received fatal alert: protocol_version.
If I re enable TLS 1.2 the application starts correctly.
Policy means I can't have TLS 1.2 enabled in production so any suggestions as to how to resolve this would be most appreciated.
Details
Server side Setup: Tomcat 9 behind Apache 2.4.41 using Mod JK - Apache handles SSL
Client Side setup: Windows 10 x64 & OWS 1.3.3
Client Side JRE versions tried: Zulu 11.0.7 (OWS supplied), Zulu 11.0.10 and AdoptOpenJDK 11.0.10
Apache working correctly in Firefox and Chrome when running TLS 1.3 only, resource URL available.
The Application is a Java 8 application, though as it doesn't get downloaded I don't think this is realivent
Console line this I think highlight the error
I'm not sure If I have a server side configuration issue or I've found a bug.
Summary
I'm updating a test server to match our incoming security standards, this requires exclusive use of TLS 1.3 with all other protocols disabled.
With the server configured like this OWS can not download resources form the server always with a the message Received fatal alert: protocol_version.
If I re enable TLS 1.2 the application starts correctly.
Policy means I can't have TLS 1.2 enabled in production so any suggestions as to how to resolve this would be most appreciated.
Details
Server side Setup: Tomcat 9 behind Apache 2.4.41 using Mod JK - Apache handles SSL
Client Side setup: Windows 10 x64 & OWS 1.3.3
Client Side JRE versions tried: Zulu 11.0.7 (OWS supplied), Zulu 11.0.10 and AdoptOpenJDK 11.0.10
Apache working correctly in Firefox and Chrome when running TLS 1.3 only, resource URL available.
The Application is a Java 8 application, though as it doesn't get downloaded I don't think this is realivent
Console line this I think highlight the error
Full console LogException while downloading resource location=https://xxxxxxxx.net/launch.jnlp version=null state=INCOMPLETE from https://xxxxxxxx.net/launch.jnlp - Received fatal alert: protocol_version
Log FileConsole Log
===========
Waiting for exception dialog to be closed
Exiting Boot.mainWithReturnCode() with 1
failed to launch
netx: Read Error: Could not read or parse the JNLP file at 'file:/C:/Users/rchurchill/Downloads/launch_newLive.jnlp'. (java.lang.NullPointerException ())
Error flag set for resource 'https://[Redacted URL]/foundry/webstart/launch.jnlp'. Can not return a local file for the resource
Download done. Shutting down executor
could not download resource location=https://[Redacted URL]/foundry/webstart/launch.jnlp version=null state=INCOMPLETE from any of theses urls [https://[Redacted URL]/foundry/webstart/launch.jnlp]
Exception while downloading resource location=https://[Redacted URL]/foundry/webstart/launch.jnlp version=null state=INCOMPLETE from https://[Redacted URL]/foundry/webstart/launch.jnlp - Received fatal alert: protocol_version
Using NO_PROXY
Using NO_PROXY
Will download in background: https://[Redacted URL]/foundry/webstart/launch.jnlp
Failed to determine best URL for location=https://[Redacted URL]/foundry/webstart/launch.jnlp version=null state=INCOMPLETE will try all of [https://[Redacted URL]/foundry/webstart/launch.jnlp]
failed to determine best URL: java.util.concurrent.ExecutionException: javax.net.ssl.SSLException: Received fatal alert: protocol_version
While processing https://[Redacted URL]/foundry/webstart/launch.jnlp by HEAD for resource location=https://[Redacted URL]/foundry/webstart/launch.jnlp version=null state=INCOMPLETE got Received fatal alert: protocol_version
URL connection 'https://[Redacted URL]/foundry/webstart/launch.jnlp' header fields: {}
Following exception should be harmless, but may help in finding root cause.
Using NO_PROXY
Using NO_PROXY
Candidate URLs for location=https://[Redacted URL]/foundry/webstart/launch.jnlp version=null state=INCOMPLETE: [https://[Redacted URL]/foundry/webstart/launch.jnlp]
needsUpdateCheck: https://[Redacted URL]/foundry/webstart/launch.jnlp -> true
isCached: https://[Redacted URL]/foundry/webstart/launch.jnlp - (v: null) = true
isCached: remote size:6758 cached size:6758 -> true
Download of resource launch.jnlp will start now!
Download has not been started yet: launch.jnlp
Checking download state of launch.jnlp
Download for launch.jnlp has not been started until now
Will check and maybe put into cache: launch.jnlp
Will add resource 'launch.jnlp'
Will add resource at location 'https://[Redacted URL]/foundry/webstart/launch.jnlp'
good - your JRE - 1.8.0_265 - match requested JRE - 1.6+
Acceptable vendor tag found, contains: First Call Payment Protection
Jars not ready to provide attribute Application-Name
Description: Titanium
Homepage: https://[Redacted URL]/foundry
Using MalformedXMLParser
Download done. Shutting down executor
Resource is not cacheable: launch_newLive.jnlp
Checking download state of launch_newLive.jnlp
Download for launch_newLive.jnlp has not been started until now
Will check and maybe put into cache: launch_newLive.jnlp
Will add resource 'launch_newLive.jnlp'
Will add resource at location 'file:/C:/Users/rchurchill/Downloads/launch_newLive.jnlp'
JNLP file location: C:\Users\rchurchill\Downloads\launch_newLive.jnlp
Proceeding with jnlp
Proxy disabled ( registry value 'ProxyEnable'). Will use direct proxy.
Windows based proxy created
Selected ProxyProvider : OPERATION_SYSTEM
Operating Keystore C:\Users\rchurchill\.config\icedtea-web\security\trusted.clientcerts
Loading Keystore C:\Users\rchurchill\.config\icedtea-web\security\trusted.clientcerts
Keystore file C:\Users\rchurchill\.config\icedtea-web\security\trusted.clientcerts exists.
Operating Keystore Unknown
Loading Keystore Unknown
Keystore file c:\program files\openwebstart\jre\lib\security\trusted.clientcerts does not exists.
Operating Keystore C:\Users\rchurchill\.config\icedtea-web\security\trusted.cacerts
Loading Keystore C:\Users\rchurchill\.config\icedtea-web\security\trusted.cacerts
Keystore file C:\Users\rchurchill\.config\icedtea-web\security\trusted.cacerts exists.
Operating Keystore C:\Users\rchurchill\.config\icedtea-web\security\trusted.jssecacerts
Loading Keystore C:\Users\rchurchill\.config\icedtea-web\security\trusted.jssecacerts
Keystore file C:\Users\rchurchill\.config\icedtea-web\security\trusted.jssecacerts exists.
Operating Keystore c:\program files\openwebstart\jre\lib\security\cacerts
Loading Keystore c:\program files\openwebstart\jre\lib\security\cacerts
Keystore file c:\program files\openwebstart\jre\lib\security\cacerts exists.
Operating Keystore Unknown
Loading Keystore Unknown
Keystore file c:\program files\openwebstart\jre\lib\security\jssecacerts does not exists.
Operating Keystore C:\Users\rchurchill\.config\icedtea-web\security\trusted.certs
Loading Keystore C:\Users\rchurchill\.config\icedtea-web\security\trusted.certs
Keystore file C:\Users\rchurchill\.config\icedtea-web\security\trusted.certs exists.
Operating Keystore C:\Users\rchurchill\.config\icedtea-web\security\trusted.jssecerts
Loading Keystore C:\Users\rchurchill\.config\icedtea-web\security\trusted.jssecerts
Keystore file C:\Users\rchurchill\.config\icedtea-web\security\trusted.jssecerts exists.
Operating Keystore Unknown
Loading Keystore Unknown
Keystore file c:\program files\openwebstart\jre\lib\security\trusted.certs does not exists.
Operating Keystore Unknown
Loading Keystore Unknown
Keystore file c:\program files\openwebstart\jre\lib\security\trusted.jssecerts does not exists.
Operating Keystore Unknown
Operating Keystore C:\Users\rchurchill\.config\icedtea-web\security\trusted.clientcerts
Loading Keystore C:\Users\rchurchill\.config\icedtea-web\security\trusted.clientcerts
Keystore file C:\Users\rchurchill\.config\icedtea-web\security\trusted.clientcerts exists.
Starting security dialog thread
using com.openwebstart.extensionpoint.OwsExtensionPoint extension point
Java Runtime AdoptOpenJDK-1.8.0_265
OS: Windows 10
OpenWebStartLauncher called with args: [C:\Users\rchurchill\Downloads\launch_newLive.jnlp].
Calling ITW Boot with args [C:\Users\rchurchill\Downloads\launch_newLive.jnlp].
RelevantJavawsArgs: '[C:\Users\rchurchill\Downloads\launch_newLive.jnlp]'
Checking if installation time (1615383237524) is after last initial config time (1615383251797)
Setting download indicator to com.openwebstart.download.ApplicationDownloadIndicator@340f438e
Trying to set download indicator
Property 'ows.install4j.propertyUpdate' is unknown.
Loading USER level properties from: file:/C:/Users/rchurchill/.config/icedtea-web/deployment.properties
Start logging into: net.sourceforge.jnlp.util.logging.filelogs.WriterBasedFileLog@69fb11b6
Property 'ows.install4j.propertyUpdate' is unknown.
Loading USER level properties from: file:/C:/Users/rchurchill/.config/icedtea-web/deployment.properties
Ico provider registered correctly.
Ico provider registered correctly.
Starting OpenWebStart 1.3.3
OWS main args [C:\Users\rchurchill\Downloads\launch_newLive.jnlp].
init logger factory to net.sourceforge.jnlp.util.logging.OutputControllerLoggerFactory@694f9431
[rchurchill][ITW-CORE][2021-03-10 15:48:47.191 GMT][INFO ][net.sourceforge.jnlp.util.logging.filelogs.WriterBasedFileLog][Output controller consumer daemon#56bd6f45] writer-based impl.
[ITW-CORE][2021-03-10 15:48:46.964 GMT][INFO ][com.openwebstart.launcher.OpenWebStartLauncher] OWS main args [C:\Users\rchurchill\Downloads\launch.jnlp].
[ITW-CORE][2021-03-10 15:48:47.048 GMT][INFO ][com.openwebstart.launcher.PhaseTwoWebStartLauncher] Starting OpenWebStart 1.3.3
[ITW-CORE][2021-03-10 15:48:47.092 GMT][INFO ][net.sourceforge.jnlp.config.DeploymentConfiguration] Ico provider registered correctly.
[ITW-CORE][2021-03-10 15:48:47.129 GMT][INFO ][net.sourceforge.jnlp.config.DeploymentConfiguration] Ico provider registered correctly.
[ITW-CORE][2021-03-10 15:48:47.133 GMT][INFO ][net.sourceforge.jnlp.config.DeploymentConfiguration] Loading USER level properties from: file:/C:/Users/rchurchill/.config/icedtea-web/deployment.properties
[ITW-CORE][2021-03-10 15:48:47.136 GMT][INFO ][net.sourceforge.jnlp.config.DeploymentConfiguration] Property 'ows.install4j.propertyUpdate' is unknown.
[ITW-CORE][2021-03-10 15:48:47.189 GMT][INFO ][net.sourceforge.jnlp.config.DeploymentConfiguration] Loading USER level properties from: file:/C:/Users/rchurchill/.config/icedtea-web/deployment.properties
[ITW-CORE][2021-03-10 15:48:47.194 GMT][INFO ][net.sourceforge.jnlp.config.DeploymentConfiguration] Property 'ows.install4j.propertyUpdate' is unknown.
[ITW-CORE][2021-03-10 15:48:47.234 GMT][INFO ][com.openwebstart.launcher.PhaseTwoWebStartLauncher] Calling ITW Boot with args [C:\Users\rchurchill\Downloads\launch.jnlp].
[ITW-CORE][2021-03-10 15:48:47.237 GMT][INFO ][net.sourceforge.jnlp.runtime.EnvironmentPrinter] OpenWebStartLauncher called with args: [C:\Users\rchurchill\Downloads\launch.jnlp].
[ITW-CORE][2021-03-10 15:48:47.237 GMT][INFO ][net.sourceforge.jnlp.runtime.EnvironmentPrinter] OS: Windows 10
[ITW-CORE][2021-03-10 15:48:47.237 GMT][INFO ][net.sourceforge.jnlp.runtime.EnvironmentPrinter] Java Runtime AdoptOpenJDK-1.8.0_265
[ITW-CORE][2021-03-10 15:48:47.766 GMT][INFO ][net.sourceforge.jnlp.runtime.Boot] Proceeding with jnlp
[ITW-CORE][2021-03-10 15:48:47.769 GMT][INFO ][net.sourceforge.jnlp.runtime.Boot] JNLP file location: C:\Users\rchurchill\Downloads\launch.jnlp
[ITW-CORE][2021-03-10 15:48:47.802 GMT][INFO ][net.adoptopenjdk.icedteaweb.xmlparser.MalformedXMLParser] Using MalformedXMLParser
[ITW-CORE][2021-03-10 15:48:48.048 GMT][INFO ][net.sourceforge.jnlp.Parser] Homepage: https://[Redacted URL]/foundry
[ITW-CORE][2021-03-10 15:48:48.049 GMT][INFO ][net.sourceforge.jnlp.Parser] Description: Titanium
[ITW-CORE][2021-03-10 15:48:48.050 GMT][INFO ][net.sourceforge.jnlp.JNLPFile] Acceptable vendor tag found, contains: First Call Payment Protection
[ITW-CORE][2021-03-10 15:48:48.054 GMT][INFO ][net.sourceforge.jnlp.Parser] good - your JRE - 1.8.0_265 - match requested JRE - 1.6+
[ITW-CORE][2021-03-10 15:48:48.090 GMT][INFO ][net.adoptopenjdk.icedteaweb.resources.cache.LeastRecentlyUsedCache] isCached: https://[Redacted URL]/foundry/webstart/launch.jnlp - (v: null) = true
[ITW-CORE][2021-03-10 15:48:48.226 GMT][ERROR][net.adoptopenjdk.icedteaweb.resources.downloader.BaseResourceDownloader] could not download resource location=https://[Redacted URL]/foundry/webstart/launch.jnlp version=null state=INCOMPLETE from any of theses urls [https://[Redacted URL]/foundry/webstart/launch.jnlp]
[ITW-CORE][2021-03-10 15:48:48.229 GMT][ERROR][net.sourceforge.jnlp.AbstractLaunchHandler]
netx: Read Error: Could not read or parse the JNLP file at 'file:/C:/Users/rchurchill/Downloads/launch.jnlp'. (java.lang.NullPointerException ())
net.sourceforge.jnlp.LaunchException: Fatal: Read Error: Could not read or parse the JNLP file at 'file:/C:/Users/rchurchill/Downloads/launch.jnlp'. You can try to download this file manually and send it as bug report to IcedTea-Web team.
at net.sourceforge.jnlp.Launcher.fromUrl(Launcher.java:331)
at net.sourceforge.jnlp.Launcher.launch(Launcher.java:191)
at net.sourceforge.jnlp.runtime.Boot.launch(Boot.java:355)
at net.sourceforge.jnlp.runtime.Boot.run(Boot.java:335)
at net.sourceforge.jnlp.runtime.Boot.run(Boot.java:73)
at java.security.AccessController.doPrivileged(Native Method)
at net.sourceforge.jnlp.runtime.Boot.runMain(Boot.java:279)
at net.sourceforge.jnlp.runtime.Boot.mainWithReturnCode(Boot.java:132)
at net.sourceforge.jnlp.runtime.Boot.main(Boot.java:114)
at com.openwebstart.launcher.PhaseTwoWebStartLauncher.main(PhaseTwoWebStartLauncher.java:81)
at com.openwebstart.launcher.OpenWebStartLauncher.main(OpenWebStartLauncher.java:35)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at com.exe4j.runtime.LauncherEngine.launch(LauncherEngine.java:84)
at com.exe4j.runtime.WinLauncher.main(WinLauncher.java:94)
at com.install4j.runtime.launcher.WinLauncher.main(WinLauncher.java:25)
Caused by: java.io.IOException: java.lang.NullPointerException
at net.sourceforge.jnlp.JNLPFileFactory.openURL(JNLPFileFactory.java:107)
at net.sourceforge.jnlp.JNLPFileFactory.create(JNLPFileFactory.java:79)
at net.sourceforge.jnlp.JNLPFileFactory.create(JNLPFileFactory.java:63)
at net.sourceforge.jnlp.Launcher.fromUrl(Launcher.java:322)
... 17 more
Caused by: java.lang.NullPointerException
at java.io.FileInputStream.<init>(FileInputStream.java:130)
at net.sourceforge.jnlp.JNLPFileFactory.openURL(JNLPFileFactory.java:103)
... 20 more
[ITW-CORE][2021-03-10 15:48:48.229 GMT][ERROR][net.sourceforge.jnlp.runtime.Boot]
failed to launch
net.sourceforge.jnlp.LaunchException: Fatal: Read Error: Could not read or parse the JNLP file at 'file:/C:/Users/rchurchill/Downloads/launch.jnlp'. You can try to download this file manually and send it as bug report to IcedTea-Web team.
at net.sourceforge.jnlp.Launcher.fromUrl(Launcher.java:331)
at net.sourceforge.jnlp.Launcher.launch(Launcher.java:191)
at net.sourceforge.jnlp.runtime.Boot.launch(Boot.java:355)
at net.sourceforge.jnlp.runtime.Boot.run(Boot.java:335)
at net.sourceforge.jnlp.runtime.Boot.run(Boot.java:73)
at java.security.AccessController.doPrivileged(Native Method)
at net.sourceforge.jnlp.runtime.Boot.runMain(Boot.java:279)
at net.sourceforge.jnlp.runtime.Boot.mainWithReturnCode(Boot.java:132)
at net.sourceforge.jnlp.runtime.Boot.main(Boot.java:114)
at com.openwebstart.launcher.PhaseTwoWebStartLauncher.main(PhaseTwoWebStartLauncher.java:81)
at com.openwebstart.launcher.OpenWebStartLauncher.main(OpenWebStartLauncher.java:35)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at com.exe4j.runtime.LauncherEngine.launch(LauncherEngine.java:84)
at com.exe4j.runtime.WinLauncher.main(WinLauncher.java:94)
at com.install4j.runtime.launcher.WinLauncher.main(WinLauncher.java:25)
Caused by: java.io.IOException: java.lang.NullPointerException
at net.sourceforge.jnlp.JNLPFileFactory.openURL(JNLPFileFactory.java:107)
at net.sourceforge.jnlp.JNLPFileFactory.create(JNLPFileFactory.java:79)
at net.sourceforge.jnlp.JNLPFileFactory.create(JNLPFileFactory.java:63)
at net.sourceforge.jnlp.Launcher.fromUrl(Launcher.java:322)
... 17 more
Caused by: java.lang.NullPointerException
at java.io.FileInputStream.<init>(FileInputStream.java:130)
at net.sourceforge.jnlp.JNLPFileFactory.openURL(JNLPFileFactory.java:103)
... 20 more