You might check if your RHEL8 was installed with FIPS mode enabled (fips-mode-setup --check). FIPS can limit available ciphers which would affect TLS in Java.
-- Mike On Tue, Aug 15, 2023 at 1:38 PM Mike Thomsen <mikerthom...@gmail.com> wrote: > I had similar thoughts and told them to start working with different > flavors of Java 11. > > Thanks, > > Mike > > On Tue, Aug 15, 2023 at 10:03 AM David Handermann < > exceptionfact...@apache.org> wrote: > >> Mike, >> >> It sounds like the problem could be related to the specific Java vendor >> and version, or related to Java Security settings. >> >> Java 8 Update 261 [1] and following include TLSv1.3, and Java 11 also >> includes TLSv1.3 as you noted. However, the java.security configuration can >> disable specific TLS versions using the jdk.tls.disabledAlgorithms property. >> >> It is possible that a custom java.security configuration disabled >> TLSv1.3, perhaps for compatibility reasons. Checking the java.security >> configuration for the JDK installation would be a good next step for >> troubleshooting. >> >> Regards, >> David Handermann >> >> [1] https://www.oracle.com/java/technologies/javase/8u261-relnotes.html >> >> [2] >> https://docs.oracle.com/en/java/javase/11/security/java-secure-socket-extension-jsse-reference-guide.html#GUID-0A438179-32A7-4900-A81C-29E3073E1E90 >> >> On Tue, Aug 15, 2023 at 8:43 AM Mike Thomsen <mikerthom...@gmail.com> >> wrote: >> >>> Roughly copy-pasta: "ERROR o.anifi.security.util.SslContextFactory >>> Encountered an error creating SSLContext from TLSConfiguration >>> [TlsConfiguration]keystorePath.....protocol=TLSv1.3): TLSv1.3 SSLContext >>> not available" >>> >>> Can't copy and paste because it's on a client's network. >>> >>> On Tue, Aug 15, 2023 at 9:41 AM Phillip Lord <phillord0...@gmail.com> >>> wrote: >>> >>>> Can you add the error here for more context? >>>> On Aug 15, 2023 at 9:38 AM -0400, Mike Thomsen <mikerthom...@gmail.com>, >>>> wrote: >>>> >>>> As the subject line says, we're getting a weird error when trying to >>>> migrate to RHEL8. We're already on Java 11 on RHEL7, but for some reason >>>> NiFi is running into problems instantiating a TLSv1.3 SSLContext. >>>> >>>> Does anyone have any suggestions on what could be happening here? >>>> >>>>
