Spring Boot 2.1.1: UnsatisfiedLinkError: org.apache.tomcat.jni.SSL.renegotiatePending

Question

After updating from Spring Boot 2.1.0.RELEASE to 2.1.1.RELEASE, all HTTPS requests fail with the following error:

2018-12-03 14:23:46,089 PID=21726 LEVEL=ERR         


        

Answer 1

I cannot add comments, so here's a humble addition to the above answer for a slightly different setup (webapp developed with spring framework running on tomcat 8.5).

When building from tcnative from source and using the tomcat from repos, remember to copy the tcnative library to the /usr/lib64 folder and recreate the symbolic links in that folder.

For me the problem started at the beginning of april 2019 when the tomcat was upgraded from 8.5.32 to 8.5.35, but tomcat native was still at version 1.2.17 and no update was available in the repos. The answer from Andy Wilkinson was the only one that I could find that properly explains the issue and helps.

Answer 2

Spring Boot 2.1.1 upgraded to Tomcat 9.0.13 from 9.0.12. Due to this change, Tomcat 9.0.13 requires a version of Tomcat Native that contains this change. It is available in 1.2.18 and later. The requirement to use a new patch release of Tomcat Native when upgrading to a new patch release of Tomcat is to be expected. Similarly, it is also to be expected that a new patch release of Spring Boot will update to a new patch release of one of its dependencies.

If your OS does not provide an up-to-date Tomcat Native package that you can use, I would recommend building it yourself. Instructions for doing so can be found in Tomcat's documentation. This is preferable to downgrading Tomcat to 9.0.12 as getting stuck on an older version increases your risk of being affected by a bug or security vulnerability in the future.