It has been a month since I filed the issue #235 about anonymous SSL failures at https://github.com/h2database/h2database/issues/235
Unfortunately, neither the issue nor the associated pull request has led to any reaction. Here is a sample list of JREs where anonymous SSL connections fail: OpenJDK 1.6.0_38 (Linux), OpenJDK 1.7.0_95 (Linux), Oracle JDK 1.8.0_72-b15 (Linux), Oracle JDK 1.8.0_66-b18 (Windows) The only environments which I have access where the anonymous SSL happens to work are Oracle JDK 1.6.0_45 (Windows) and Oracle JDK 1.7.0_71 (Windows). In short, the only versions where the feature works are obsolete and unsupported versions of Java which do not receive updates (and anyone using them is likely to migrate away from those, sooner or later). I am not sure what more I could do to get this problem fixed. Tomas On Tuesday, February 9, 2016 at 1:30:32 PM UTC-5, Tomas Pospichal wrote: > > Probably the easiest way to see that there is a problem (for most > combinations of client/server JREs) is to simply start an H2 server with > SSL and then try to shut it down using the same server tool: > > java -cp ./h2-1.4.190.jar org.h2.tools.Server -tcp -tcpSSL & > # TCP server running at ssl://... > > java -cp ./h2-1.4.190.jar org.h2.tools.Server -tcpShutdown > "ssl://localhost" > # Exception in thread ... Connection is broken: > "javax.net.ssl.SSLHandshakeException: ... PKIX path building failed > > > Changes in Java regarding certificates are not related to this issue, but > most of the observations in this thread are correct. The server side > running on many modern JREs ignores anonymous ciphers (Java 6, 7, or 8). I > have put a more detailed description of the causes in > https://github.com/h2database/h2database/issues/235 > > A pull request which restores the ability to use anonymous TLS for H2 > connections has been posted too. In general, one would have to update the > h2 library on both server and client side to have it working reliably, > however. > > Regards, > Tomas > > > -- You received this message because you are subscribed to the Google Groups "H2 Database" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/h2-database. For more options, visit https://groups.google.com/d/optout.
