NPN and ALPN are not supported by JDK SSL provider

Author: sscarduzio

es51x/src/main/java/tech/beshu/ror/es/SSLTransportNetty4.java

@@ -103,7 +103,7 @@ private class SSLHandler extends Netty4HttpServerTransport.HttpChannelHandler {
 
           basicSettings.getAllowedSSLProtocols().ifPresent(allowedProtos -> {
             sslcb.applicationProtocolConfig(new ApplicationProtocolConfig(
-              ApplicationProtocolConfig.Protocol.NPN_AND_ALPN,
+              ApplicationProtocolConfig.Protocol.NONE,
               ApplicationProtocolConfig.SelectorFailureBehavior.CHOOSE_MY_LAST_PROTOCOL,
               ApplicationProtocolConfig.SelectedListenerFailureBehavior.ACCEPT,
               allowedProtos

es52x/src/main/java/tech/beshu/ror/es/SSLTransportNetty4.java

@@ -106,7 +106,7 @@ private class SSLHandler extends Netty4HttpServerTransport.HttpChannelHandler {
           if (basicSettings.getAllowedSSLProtocols().isPresent()) {
             List<String> protocols = basicSettings.getAllowedSSLProtocols().get();
             sslcb.applicationProtocolConfig(new ApplicationProtocolConfig(
-              ApplicationProtocolConfig.Protocol.NPN_AND_ALPN,
+              ApplicationProtocolConfig.Protocol.NONE,
               ApplicationProtocolConfig.SelectorFailureBehavior.CHOOSE_MY_LAST_PROTOCOL,
               ApplicationProtocolConfig.SelectedListenerFailureBehavior.ACCEPT,
               protocols

es53x/src/main/java/tech/beshu/ror/es/SSLTransportNetty4.java

@@ -29,6 +29,7 @@
 import io.netty.handler.ssl.NotSslRecordException;
 import io.netty.handler.ssl.SslContext;
 import io.netty.handler.ssl.SslContextBuilder;
+import io.netty.handler.ssl.SslProvider;
 import org.elasticsearch.common.logging.Loggers;
 import org.elasticsearch.common.network.NetworkService;
 import org.elasticsearch.common.settings.Settings;
@@ -91,18 +92,21 @@ private class SSLHandler extends Netty4HttpServerTransport.HttpChannelHandler {
 
       new SSLCertParser(basicSettings, logger, (certChain, privateKey) -> {
         try {
+          SslProvider provider = SslContext.defaultServerProvider();
+          logger.info("SSL: using provider " + provider.toString());
           // #TODO expose configuration of sslPrivKeyPem password? Letsencrypt never sets one..
           SslContextBuilder sslcb = SslContextBuilder.forServer(
             new ByteArrayInputStream(certChain.getBytes(StandardCharsets.UTF_8)),
             new ByteArrayInputStream(privateKey.getBytes(StandardCharsets.UTF_8)),
             null
-          );
+          )
+            .sslProvider(provider);
 
           basicSettings.getAllowedSSLCiphers().ifPresent(sslcb::ciphers);
 
           basicSettings.getAllowedSSLProtocols().ifPresent(allowedProtos -> {
             sslcb.applicationProtocolConfig(new ApplicationProtocolConfig(
-              ApplicationProtocolConfig.Protocol.NPN_AND_ALPN,
+              ApplicationProtocolConfig.Protocol.NONE,
               ApplicationProtocolConfig.SelectorFailureBehavior.CHOOSE_MY_LAST_PROTOCOL,
               ApplicationProtocolConfig.SelectedListenerFailureBehavior.ACCEPT,
               allowedProtos

es61x/src/main/java/tech/beshu/ror/es/SSLTransportNetty4.java

@@ -42,7 +42,6 @@
 
 import java.io.ByteArrayInputStream;
 import java.nio.charset.StandardCharsets;
-import java.util.List;
 import java.util.Optional;
 
 public class SSLTransportNetty4 extends Netty4HttpServerTransport {

gradle.properties

@@ -1,3 +1,3 @@
 publishedPluginVersion=1.16.14
-pluginVersion=1.16.15-pre3
+pluginVersion=1.16.15-pre4
 pluginName=readonlyrest