I had similar thoughts and told them to start working with different flavors of Java 11.
Thanks, Mike On Tue, Aug 15, 2023 at 10:03 AM David Handermann < exceptionfact...@apache.org> wrote: > Mike, > > It sounds like the problem could be related to the specific Java vendor > and version, or related to Java Security settings. > > Java 8 Update 261 [1] and following include TLSv1.3, and Java 11 also > includes TLSv1.3 as you noted. However, the java.security configuration can > disable specific TLS versions using the jdk.tls.disabledAlgorithms property. > > It is possible that a custom java.security configuration disabled TLSv1.3, > perhaps for compatibility reasons. Checking the java.security configuration > for the JDK installation would be a good next step for troubleshooting. > > Regards, > David Handermann > > [1] https://www.oracle.com/java/technologies/javase/8u261-relnotes.html > > [2] > https://docs.oracle.com/en/java/javase/11/security/java-secure-socket-extension-jsse-reference-guide.html#GUID-0A438179-32A7-4900-A81C-29E3073E1E90 > > On Tue, Aug 15, 2023 at 8:43 AM Mike Thomsen <mikerthom...@gmail.com> > wrote: > >> Roughly copy-pasta: "ERROR o.anifi.security.util.SslContextFactory >> Encountered an error creating SSLContext from TLSConfiguration >> [TlsConfiguration]keystorePath.....protocol=TLSv1.3): TLSv1.3 SSLContext >> not available" >> >> Can't copy and paste because it's on a client's network. >> >> On Tue, Aug 15, 2023 at 9:41 AM Phillip Lord <phillord0...@gmail.com> >> wrote: >> >>> Can you add the error here for more context? >>> On Aug 15, 2023 at 9:38 AM -0400, Mike Thomsen <mikerthom...@gmail.com>, >>> wrote: >>> >>> As the subject line says, we're getting a weird error when trying to >>> migrate to RHEL8. We're already on Java 11 on RHEL7, but for some reason >>> NiFi is running into problems instantiating a TLSv1.3 SSLContext. >>> >>> Does anyone have any suggestions on what could be happening here? >>> >>>