java 11 HttpClient leads to endless SSL loop

As @jspcal said before disable TLS 1.3.

tl;dr: disable tlsv1.3 via extending/overwriting

<java_home>/conf/security/java.security the jdk.tls.disabledAlgorithms property

Since my application is running in a docker container I changed the base image to disable tls1.3

FROM openjdk:11-jre
...

RUN sed -i "/jdk.tls.disabledAlgorithms=/ s/=.*/=TLSv1.3, SSLv3, RC4, MD5withRSA, DH keySize < 1024, EC keySize < 224, DES40_CBC, RC4_40, 3DES_EDE_CBC/" $(readlink -f /usr/bin/java | sed "s:bin/java::")/conf/security/java.security

As far as I know there is no way of setting this (security) property via a system property! See also sun.security.util.DisabledAlgorithmConstraints#PROPERTY_TLS_DISABLED_ALGS which actually ready the property.

Update: Bug is still present in 11.0.2


Try disabling TLSv1.3 or SSLv3 to see if that helps.

Set the system property on the command line: -Djdk.tls.disabledAlgorithms=TLSv1.3

Or define the property in <java_home>/conf/security/java.security

If you think it's an implementation bug, you may want to open an issue.


I run into the same issue and found the bug report

It is awaiting JDK 11.0.8 release.