Upgrade to java 11

[jonnyz32]

Tested with the js client to make sure everything gucci

[SanjulaGanepola]

@ThePrez I assume your good with this change to move to Java 11?

[ThePrez]

We should try to stay at Java 8 since it's a low common denominator that we can rely on being present. Java 11 is not installed on many machines and is also nearing end of support
😔

[jonnyz32]

@ThePrez The reason we want to upgrade to Java 11 is because the TLS version on Java8 will be incompatible with clients running more recent versions of node. See Mapepire-IBMi/mapepire-js#42 (comment). It looks like Java 11 can be easily installed on IBM i 7.3 and up https://www.ibm.com/support/pages/download-installation-and-usage-java-11-ibm-i-os

We also already have customers hitting issues with mapepire-server running on Java8 #79

[worksofliam]

@jonnyz32 dotnet clients have the same TLS issues as Node.js. Newer versions of Java will help for sure, but if we swap Java versions, it will add a new dependency for Mapepire that the client will need to have before they can use it.

@ThePrez Perhaps next major release of Mapepire increases the Java version.

[ThePrez]

Do we have a failing pcap trace to show what the client and server handshakes look like? There's gotta be a way to get our server talking the right proto reliably
https://www.ibm.com/support/pages/how-do-i-change-default-ssltls-protocol-my-java%E2%84%A2-application-will-use

I assume the clients want TLS 1.3?

[jonnyz32]

After more investigation, I found that we can get by using Java 8, but it must be at least version 341 https://www.oracle.com/java/technologies/javase/8u341-relnotes.html#R180_341. This version provides addiotional TLS support which was not had in previous versions. When debugging the TLS handshake, it seems the agreed upon cipher suite using 341 was TLS_AES_256_GCM_SHA384, which is not available in previous versions. When using older java versions, an error is presented that there are no compatible cipher suites

javax.net.ssl|SEVERE|2F|qtp-486436396-47|2024-10-31 10:17:44.248 UTC|Thread.java:1175|Fatal (HANDSHAKE_FAILURE): no cipher suites in common (
"throwable" : {
  javax.net.ssl.SSLHandshakeException: no cipher suites in common
        at com.ibm.jsse2.g.a(g.java:38)
        at com.ibm.jsse2.g.a(g.java:16)
        at com.ibm.jsse2.bb.a(bb.java:222)
        at com.ibm.jsse2.bb.a(bb.java:22)
        at com.ibm.jsse2.bb.a(bb.java:88)
        at com.ibm.jsse2.a2$d.a(a2$d.java:43)
        at com.ibm.jsse2.a2$d.produce(a2$d.java:75)
        at com.ibm.jsse2.p.produce(p.java:63)
        at com.ibm.jsse2.G$e.a(G$e.java:73)
        at com.ibm.jsse2.G$b.a(G$b.java:2)
        at com.ibm.jsse2.G$b.consume(G$b.java:15)
        at com.ibm.jsse2.p.consume(p.java:56)
        at com.ibm.jsse2.aa.a(aa.java:142)
        at com.ibm.jsse2.bg$a$b.a(bg$a$b.java:4)
        at com.ibm.jsse2.bg$a$b.run(bg$a$b.java:10)
        at java.security.AccessController.doPrivileged(AccessController.java:774)
        at com.ibm.jsse2.bg$a.run(bg$a.java:22)

I propose we check the java version in the application code, and if java < 1.8.0_341 issue an error saying a java upgrade is required. @worksofliam @ThePrez What do you think?

[jonnyz32]

Closing as we now have a check to ensure java >= 1.8.0_341