NullPointerException on unsupported protocol

[skyghis]

Exception received :

Exception in thread "main" java.lang.NullPointerException
    at usn.net.ssl.util.InstallCert.getCerts(InstallCert.java:612)
    at usn.net.ssl.util.InstallCert.main(InstallCert.java:376)

Expected exception :

javax.net.ssl.SSLHandshakeException: The server selected protocol version TLS10 is not accepted by client preferences [TLS13, TLS12]

I have this exception on a ldaps server when I use OpenJdk JRE v11.0.11 The cause of the exception is the removal of TLSv1 and TLSv1.1 (See: TLSv1 and TLSv1.1 Disabled by Default in Java after April 2021).

The thrown SSLHandshakeException have no cause and create a NullPointerException.

[spyhunter99]

thanks for reporting this. i'll take a look at it

[spyhunter99]

even if i enable this feature, other java applications will most likely run into the same issue. I guess it's useful for getting the cert and saving it locally for other uses though.

[spyhunter99]

so i'm not super sure which version of installcert this came off of, but that line is an exception handling line. i'll some null checks on it. Please test retest with your server if possible

[skyghis]

Thanks for the work.

I was not expecting the code to allow import of unsupported ciphers. I only expected to fix the NullPointerException on exception handling to have a valid error message (and find the cause of the import error).

even if i enable this feature, other java applications will most likely run into the same issue.

Exactly. The import is useless in this case.
I personally edited the java.security file when the certificate can't be edited. I think the new enableAll option is useless.

[spyhunter99]

got it, i rolled back that change. feel free to retest the NPE issue when you have time

[skyghis]

I tested on actual master and I got the expected exception. Thanks.

Could you plan a release please ?

[spyhunter99]

just did the release, may be a few days before it's available globally on maven central