Spring Boot 2.1.1: UnsatisfiedLinkError: org.apache.tomcat.jni.SSL.renegotiatePending

Question

After updating from Spring Boot 2.1.0.RELEASE to 2.1.1.RELEASE, all HTTPS requests fail with the following error:

2018-12-03 14:23:46,089 PID=21726 LEVEL=ERROR THREAD=https-openssl-nio-443-exec-2 LOGGER=org.apache.tomcat.util.net.NioEndpoint METHOD=log:175 MESSAGE="java.lang.UnsatisfiedLinkError: org.apache.tomcat.jni.SSL.renegotiatePending(J)I
        at org.apache.tomcat.jni.SSL.renegotiatePending(Native Method) ~[tomcat-embed-core-9.0.13.jar!/:9.0.13]
        at org.apache.tomcat.util.net.openssl.OpenSSLEngine.getHandshakeStatus(OpenSSLEngine.java:1021) ~[tomcat-embed-core-9.0.13.jar!/:9.0.13]
        at org.apache.tomcat.util.net.openssl.OpenSSLEngine.wrap(OpenSSLEngine.java:457) ~[tomcat-embed-core-9.0.13.jar!/:9.0.13]
        at java.base/javax.net.ssl.SSLEngine.wrap(SSLEngine.java:471) ~[na:na]
        at org.apache.tomcat.util.net.SecureNioChannel.handshakeWrap(SecureNioChannel.java:440) ~[tomcat-embed-core-9.0.13.jar!/:9.0.13]
        at org.apache.tomcat.util.net.SecureNioChannel.handshake(SecureNioChannel.java:211) ~[tomcat-embed-core-9.0.13.jar!/:9.0.13]
        at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1394) ~[tomcat-embed-core-9.0.13.jar!/:9.0.13]
        at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) [tomcat-embed-core-9.0.13.jar!/:9.0.13]
        at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1135) [na:na]
        at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635) [na:na]
        at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) [tomcat-embed-core-9.0.13.jar!/:9.0.13]
        at java.base/java.lang.Thread.run(Thread.java:844) [na:na]
"

Reverting to 2.1.0.RELEASE resolves the issue.

• OS: Ubuntu 18.04.1 LTS
• Java: OpenJDK Runtime Environment (build 10.0.2+13-Ubuntu-1ubuntu0.18.04.4)
• libtcnative: 1.2.16-1build1

Suspecting this is related to: https://github.com/spring-projects/spring-boot/issues/15261

Explicitly lock dependency to tomcat-embed-core 9.0.12 resolves the issue.

<dependencyManagement>
    <dependencies>
        <dependency>
            <groupId>org.apache.tomcat.embed</groupId>
            <artifactId>tomcat-embed-core</artifactId>
            <version>9.0.12</version>
        </dependency>
    </dependencies>
</dependencyManagement>

Suspect that libtcnative update would also resolve the issue, but current version for Ubuntu LTS is 1.2.16-1build1, thus we consider this a regression in Spring Boot.

https://packages.ubuntu.com/search?keywords=libtcnative-1

Issue resolved with the above listed dependency lock.

Answer 1

This can be fixed by upgrading Tomcat Native. Just remove the existing version, and replace it with the latest one. Download it from Apache into your /tmp folder. Then use this guide to install it in your system.

Answer 2

I cannot add comments, so here's a humble addition to the above answer for a slightly different setup (webapp developed with spring framework running on tomcat 8.5).

When building from tcnative from source and using the tomcat from repos, remember to copy the tcnative library to the /usr/lib64 folder and recreate the symbolic links in that folder.

For me the problem started at the beginning of april 2019 when the tomcat was upgraded from 8.5.32 to 8.5.35, but tomcat native was still at version 1.2.17 and no update was available in the repos. The answer from Andy Wilkinson was the only one that I could find that properly explains the issue and helps.

Answer 3

Spring Boot 2.1.1 upgraded to Tomcat 9.0.13 from 9.0.12. Due to this change, Tomcat 9.0.13 requires a version of Tomcat Native that contains this change. It is available in 1.2.18 and later. The requirement to use a new patch release of Tomcat Native when upgrading to a new patch release of Tomcat is to be expected. Similarly, it is also to be expected that a new patch release of Spring Boot will update to a new patch release of one of its dependencies.

If your OS does not provide an up-to-date Tomcat Native package that you can use, I would recommend building it yourself. Instructions for doing so can be found in Tomcat's documentation. This is preferable to downgrading Tomcat to 9.0.12 as getting stuck on an older version increases your risk of being affected by a bug or security vulnerability in the future.