javaspringspring-boothashicorp-vaultspring-cloud-vault-config

Spring Cloud Vault error: nested exception is javax.net.ssl.SSLHandshakeException: extension (5) should not be presented in certificate_request


I am trying to use HashiCorp Vault using Spring Cloud Vault on Spring Boot project. I configured my bootstrap.yml file to use app role and secret id to get passwords

bootstrap.yml

spring:
  application:
    name: pres
  cloud:
    vault:
      authentication: APPROLE
      app-role:
        role-id: ${role-id}
        secret-id: ${secret-id}
        role: pres-read
        app-role-path: approle
      uri: https://hostname:8200
      kv:
        enabled: true
        backend: secret
        application-name: pres
  profiles:
    include: dev

During startup I get the following exception

org.springframework.vault.authentication.VaultLoginException: Cannot login using org.springframework.web.client.ResourceAccessException: I/O error on POST request for "https://hostname:8200/v1/auth/approle/login": extension (5) should not be presented in certificate_request; nested exception is javax.net.ssl.SSLHandshakeException: extension (5) should not be presented in certificate_request

I am using spring-cloud-starter-vault-config dependency to access the vault

 <dependency>
            <groupId>org.springframework.cloud</groupId>
            <artifactId>spring-cloud-starter-vault-config</artifactId>
            <version> 2.2.2.RELEASE</version>
 </dependency>


Solution

  • Okay. It looks like this is a Java TLS Bug, hoping java team will fix this in Java 11.0.8.

    Update: The issue was fixed in latest Java 11 versions