Introduction

The Jetty Project provided to the Java community support for NPN first (the precursor of ALPN) in Java 7, and then support for ALPN in Java 8.

The ALPN support was implemented by modifying sun.security.ssl classes, and this required that the modified classes were prepended to the bootclasspath, so the command line would like like this:

java -Xbootclasspath/p:/path/to/alpn-boot-8.1.13.v20181017.jar ...

However, every different OpenJDK version could require a different version of the alpn-boot jar. ALPN support is there, but cumbersome to use.

Things improved a bit with the Jetty ALPN agent. The agent could detect the Java version and redefine on-the-fly the sun.security.ssl classes (using the alpn-boot jars). However, a new OpenJDK version could generate a new alpn-boot jar, which in turn generates a new agent version, and therefore for every new OpenJDK version applications needed to verify whether the agent version needed to be updated. A bit less cumbersome, but still another hoop to jump through.

OpenJDK ALPN APIs in Java 9

The Jetty Project worked with the OpenJDK project to introduce proper ALPN APIs, and this was introduced in Java 9 with JEP 244.

ALPN APIs backported to Java 8u252

On April 14th 2020, OpenJDK 8u252 released (the Oracle version is named 8u251, and it may be equivalent to 8u252, but there is no source code available to confirm this; we will be referring only to the OpenJDK version in the following sections).
OpenJDK 8u252 contains the ALPN APIs backported from Java 9.

This means that for OpenJDK 8u252 the alpn-boot jar is no longer necessary, because it’s no longer necessary to modify sun.security.ssl classes as now the official OpenJDK ALPN APIs can be used instead of the Jetty ALPN APIs.

The Jetty ALPN agent version 2.0.10 does not perform class redefinition if it detects that the OpenJDK version is 8u252 or later. It can still be left in the command line (although we recommend not to), but will do nothing.

Changes for libraries/applications directly using Jetty ALPN APIs

Libraries or applications that are directly using the Jetty ALPN APIs (the org.eclipse.jetty.alpn.ALPN and related classes) should now be modified to detect whether the backported OpenJDK ALPN APIs are available. If the backported OpenJDK ALPN APIs are available, libraries or applications must use them; otherwise they must fall back to use the Jetty ALPN APIs (like they were doing in the past).

For example, the Jetty project is using the Jetty ALPN APIs in artifact jetty-alpn-openjdk8-[client|server]. The classes in that Jetty artifact have been changed like described above, starting from Jetty version 9.4.28.v20200408.

Changes for applications indirectly using ALPN

Applications that are using Java 8 and that depend on libraries that provide ALPN support (such as the jetty-alpn-openjdk8-[client|server] artifact described above) must modify the way they are started.

For an application that is still using an OpenJDK version prior to 8u252, the typical command line requires the alpn-boot jar in the bootclasspath and a library that uses the Jetty ALPN APIs (here as an example, jetty-alpn-openjdk8-server) in the classpath:

/opt/openjdk-8u242/bin/java -Xbootclasspath/p:/path/to/alpn-boot-8.1.13.v20181017.jar -classpath jetty-alpn-openjdk8-server-9.4.27.v20200227:...

For the same application that wants to use OpenJDK 8u252 or later, the command line becomes:

/opt/openjdk-8u252/bin/java -classpath jetty-alpn-openjdk8-server-9.4.28.v20200408:...

That is, the -Xbootclasspath option must be removed and the library must be upgraded to a version that supports the backported OpenJDK ALPN APIs.

Alternatively, applications can switch to use the Jetty ALPN agent as described below.

Frequently Asked Questions

Was the ALPN APIs backport a good idea?

Yes, because Java vendors are planning to support Java 8 until (at least) 2030 and this would have required to provide alpn-boot for another 10 years.

Now instead, applications and libraries will be able to use the official OpenJDK ALPN APIs provided by Java for as long as Java 8 is supported.

Can I use OpenJDK 8u252 with an old version of Jetty?

Yes, if your application does not need ALPN (in particular, it does not need artifacts jetty-alpn-openjdk8-[client|server]).

No, if your application needs ALPN (in particular, it needs artifacts jetty-alpn-openjdk8-[client|server]). You must upgrade to Jetty 9.4.28.v20200402 or later.

Can I use OpenJDK 8u252 with library X, which depends on the Jetty ALPN APIs?

You must verify that library X has been updated to OpenJDK 8u252.

In practice, library X must detect whether the backported OpenJDK ALPN APIs are available; if so, it must use the backported OpenJDK ALPN APIs; otherwise, it must use the Jetty ALPN APIs.

I don’t know what OpenJDK version my application will be run with!

You need to make a version of your application that works with OpenJDK 8u252 and earlier, see the previous question.

For example, if you depend on Jetty, you need to depend on jetty-alpn-openjdk8-[client|server]-9.4.28.v20200402 or later.
Then you must add the Jetty ALPN agent to the command line, since it supports all Java 8 versions.

/opt/openjdk-8u242/bin/java -javaagent:/path/to/jetty-alpn-agent-2.0.10.jar -classpath jetty-alpn-openjdk8-server-9.4.28.v20200408:...
/opt/openjdk-8u252/bin/java -javaagent:/path/to/jetty-alpn-agent-2.0.10.jar -classpath jetty-alpn-openjdk8-server-9.4.28.v20200408:...

The command lines are identical apart the Java version.

In this way, if your application is run with with OpenJDK 8u242 or earlier, the Jetty ALPN agent will apply the sun.security.ssl class redefinitions, and jetty-alpn-openjdk8-[client|server]-9.4.28.v20200402 will use the Jetty ALPN APIs.

Otherwise your application is run with OpenJDK 8u252 or later, the Jetty ALPN agent will do nothing (no class redefinition is necessary), and the jetty-alpn-openjdk8-[client|server]-9.4.28.v20200402 will use the OpenJDK ALPN APIs.

Jetty, ALPN & Java 8u252
Tagged on:                 

2 thoughts on “Jetty, ALPN & Java 8u252

  • June 1, 2020 at 7:34 am
    Permalink

    I tested with:
    A)
    java version “9.0.4”
    Java(TM) SE Runtime Environment (build 9.0.4+11)
    Java HotSpot(TM) 64-Bit Server VM (build 9.0.4+11, mixed mode)
    B)
    openjdk version “1.8.0_252”
    OpenJDK Runtime Environment (build 1.8.0_252-b09)
    OpenJDK 64-Bit Server VM (build 25.252-b09, mixed mode)
    My command line:
    java -javaagent:D:\jetty-alpn-agent-2.0.10.jar -jar myapp.jar
    But failed:
    my error message:
    error=null, httpStatusCode=-1, responseBody=’null’, cause=java.io.IOException: unexpected end of stream on okhttp3.Address@6cc8a711

    Bu I tested on the
    openjdk version “1.8.0_242”
    my commandline: java -jar myapp.jar
    it worked fine
    Please help me?

    Reply
  • September 15, 2020 at 4:50 am
    Permalink

    One clarification , we have upgraded to JDK 8u261 and removed boot class path of alpn-boot jar .
    But we are using the jetty eclipse of 9.4.19 version. Whether it is mandatory to upgrade to 9.4.28.

    Reply

Leave a Reply to Abirami Cancel reply

Your email address will not be published. Required fields are marked *