The Jetty Project provided to the Java community support for NPN first (the precursor of ALPN) in Java 7, and then support for ALPN in Java 8.
The ALPN support was implemented by modifying
sun.security.ssl classes, and this required that the modified classes were prepended to the bootclasspath, so the command line would like like this:
java -Xbootclasspath/p:/path/to/alpn-boot-8.1.13.v20181017.jar ...
However, every different OpenJDK version could require a different version of the
alpn-boot jar. ALPN support is there, but cumbersome to use.
Things improved a bit with the Jetty ALPN agent. The agent could detect the Java version and redefine on-the-fly the
sun.security.ssl classes (using the
alpn-boot jars). However, a new OpenJDK version could generate a new
alpn-boot jar, which in turn generates a new agent version, and therefore for every new OpenJDK version applications needed to verify whether the agent version needed to be updated. A bit less cumbersome, but still another hoop to jump through.
OpenJDK ALPN APIs in Java 9
The Jetty Project worked with the OpenJDK project to introduce proper ALPN APIs, and this was introduced in Java 9 with JEP 244.
ALPN APIs backported to Java 8u252
On April 14th 2020, OpenJDK 8u252 released (the Oracle version is named 8u251, and it may be equivalent to 8u252, but there is no source code available to confirm this; we will be referring only to the OpenJDK version in the following sections).
OpenJDK 8u252 contains the ALPN APIs backported from Java 9.
This means that for OpenJDK 8u252 the
alpn-boot jar is no longer necessary, because it’s no longer necessary to modify
sun.security.ssl classes as now the official OpenJDK ALPN APIs can be used instead of the Jetty ALPN APIs.
The Jetty ALPN agent version 2.0.10 does not perform class redefinition if it detects that the OpenJDK version is 8u252 or later. It can still be left in the command line (although we recommend not to), but will do nothing.
Changes for libraries/applications directly using Jetty ALPN APIs
Libraries or applications that are directly using the Jetty ALPN APIs (the
org.eclipse.jetty.alpn.ALPN and related classes) should now be modified to detect whether the backported OpenJDK ALPN APIs are available. If the backported OpenJDK ALPN APIs are available, libraries or applications must use them; otherwise they must fall back to use the Jetty ALPN APIs (like they were doing in the past).
For example, the Jetty project is using the Jetty ALPN APIs in artifact
jetty-alpn-openjdk8-[client|server]. The classes in that Jetty artifact have been changed like described above, starting from Jetty version 9.4.28.v20200408.
Changes for applications indirectly using ALPN
Applications that are using Java 8 and that depend on libraries that provide ALPN support (such as the
jetty-alpn-openjdk8-[client|server] artifact described above) must modify the way they are started.
For an application that is still using an OpenJDK version prior to 8u252, the typical command line requires the
alpn-boot jar in the bootclasspath and a library that uses the Jetty ALPN APIs (here as an example,
jetty-alpn-openjdk8-server) in the classpath:
/opt/openjdk-8u242/bin/java -Xbootclasspath/p:/path/to/alpn-boot-8.1.13.v20181017.jar -classpath jetty-alpn-openjdk8-server-9.4.27.v20200227:...
For the same application that wants to use OpenJDK 8u252 or later, the command line becomes:
/opt/openjdk-8u252/bin/java -classpath jetty-alpn-openjdk8-server-9.4.28.v20200408:...
That is, the
-Xbootclasspath option must be removed and the library must be upgraded to a version that supports the backported OpenJDK ALPN APIs.
Alternatively, applications can switch to use the Jetty ALPN agent as described below.
Frequently Asked Questions
Was the ALPN APIs backport a good idea?
Yes, because Java vendors are planning to support Java 8 until (at least) 2030 and this would have required to provide
alpn-boot for another 10 years.
Now instead, applications and libraries will be able to use the official OpenJDK ALPN APIs provided by Java for as long as Java 8 is supported.
Can I use OpenJDK 8u252 with an old version of Jetty?
Yes, if your application does not need ALPN (in particular, it does not need artifacts
No, if your application needs ALPN (in particular, it needs artifacts
jetty-alpn-openjdk8-[client|server]). You must upgrade to Jetty 9.4.28.v20200402 or later.
Can I use OpenJDK 8u252 with library X, which depends on the Jetty ALPN APIs?
You must verify that library X has been updated to OpenJDK 8u252.
In practice, library X must detect whether the backported OpenJDK ALPN APIs are available; if so, it must use the backported OpenJDK ALPN APIs; otherwise, it must use the Jetty ALPN APIs.
I don’t know what OpenJDK version my application will be run with!
You need to make a version of your application that works with OpenJDK 8u252 and earlier, see the previous question.
For example, if you depend on Jetty, you need to depend on
jetty-alpn-openjdk8-[client|server]-9.4.28.v20200402 or later.
Then you must add the Jetty ALPN agent to the command line, since it supports all Java 8 versions.
/opt/openjdk-8u242/bin/java -javaagent:/path/to/jetty-alpn-agent-2.0.10.jar -classpath jetty-alpn-openjdk8-server-9.4.28.v20200408:...
/opt/openjdk-8u252/bin/java -javaagent:/path/to/jetty-alpn-agent-2.0.10.jar -classpath jetty-alpn-openjdk8-server-9.4.28.v20200408:...
The command lines are identical apart the Java version.
In this way, if your application is run with with OpenJDK 8u242 or earlier, the Jetty ALPN agent will apply the
sun.security.ssl class redefinitions, and
jetty-alpn-openjdk8-[client|server]-9.4.28.v20200402 will use the Jetty ALPN APIs.
Otherwise your application is run with OpenJDK 8u252 or later, the Jetty ALPN agent will do nothing (no class redefinition is necessary), and the
jetty-alpn-openjdk8-[client|server]-9.4.28.v20200402 will use the OpenJDK ALPN APIs.