Recently I am seeing errors such as
javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
on Windows.
It maybe that something has changed in AcousticBrainz. or it may be due to the underlying Java base. The Java version supports TLSv1.1,TLSv1.2 are they valid for AcousticBrainz or does it only accept 1.3 ?
It seems to support TLS/1.2 and TLS/1.3 so it should be fine running on java 8 build 161 and above.
See https://www.ssllabs.com/ssltest/analyze.html?d=acousticbrainz.org
Okay thx, I think my problem is connected to https://bugs.java.com/bugdatabase/view_bug.do?bug_id=8227707 or https://bugs.java.com/bugdatabase/view_bug.do?bug_id=JDK-8242141
What version of java are you using?
Can you take a look at the java settings control pannel and make sure TLS/1.2 and TLS/1.3 are enabled.
Acousticbrainz uses letsencrypt for thair certificates.
Do you have the setting to use the browser certificates?
Otherwise have you imported thair ca to the global certificate store.
There are java properties that can change how the ssl engine work and do things such as enable particular ciphers.
This is using SongKong (I am not connecting via browser), I am using Java 11, but currently I have 1.3 disabled (using -Dhttps.protocols=TLSv1.1,TLSv1.2) because this caused an issue with communicating with wikipedia when I updated from Java 8 to Java 11.
However at that time I didnt notice an issue with AcousticBrainz which is why I wanted to check if anything has changed. If nothing has changed the issue must be with Java, but I wasn’t aware of an issue with Java using 1.2
So can you clarify if AcousticBrainz supports 1.2 and 1.3 or only 1.3 please.
Hi,
I’m not aware of anything changing on just AcousticBrainz recently. I’ve asked @zas to confirm if there have been any changes to TLS settings on the metabrainz gateways.
Are you seeing this error only on acousticbrainz? As far as I’m aware the configuration for all sites are the same, so you might see similar errors on musicbrainz too if that’s the case. I’ll confirm with you when I know if this is the case or not.
It does support TLS 1.2 and 1.3 (but not <1.2).
Sorry for false alarm, found the issue eventually. I was building a custom java runtime with just the modules required, I already had java.net.http included but turns out I also required jdk.crypto.ec to get the ssl certificates, now working.
thanks for letting us know!