SpringBoot io.netty.handler.codec.DecoderException

My spring boot application uses spring-boot-starter-webflux. The application is mainly a background application invoking other services via Webclient and also exposed actuator endpoints. I configured below properties.

server:
  ssl:
    enabled: true
    key-store: classpath:mykeystore.p12
    key-store-password: password

If I access actuator endpoint via curl or browser at the http url, I get below exception.

io.netty.handler.codec.DecoderException: io.netty.handler.ssl.NotSslRecordException: not an SSL/TLS record: 

I could not find a way to make ssl only or requireSSL for netty. I also use SecurityWebFilterChain to prompt for authentication. But there is no way to enforce SSL there as well.

If the application uses spring-boot-starter-web, I would have received below

Bad Request
This combination of host and port requires TLS.

As I use webclient, I have to use spring-boot-starter-webflux, but if I also use spring-boot-starter-web, then tomcat becomes the default server. My application also uses webclient filter ServerOAuth2AuthorizedClientExchangeFilterFunction which requires ReactiveClientRegistrationRepository and ReactiveOAuth2AuthorizedClientService. But then the application fails to start throwing

Parameter 1 of method webClientBuilder in net.ifao.companion.ccbd.config.WebClientConfig required a bean of type 'org.springframework.security.oauth2.client.registration.ReactiveClientRegistrationRepository' that could not be found.
Consider defining a bean of type 'org.springframework.security.oauth2.client.registration.ReactiveClientRegistrationRepository' in your configuration.

And in order to create InMemoryReactiveClientRegistrationRepository, I have to build a clientregistration by myself which I want to avoid.

So the question is why is **netty** not stopping the http requests?

Comment From: wilkinsona

Netty is stopping HTTP requests. It's expecting an SSL record and isn't getting one so it sends an empty response. Tomcat behaves slightly differently by responding with a 400. I don't believe it's possible to customise Netty's behaviour here, but if it is that would be a question for the Netty or possibly Reactor Netty teams.

If you have any further questions, please follow up on Stack Overflow or Gitter. As mentioned in the guidelines for contributing, we prefer to use GitHub issues only for bugs and enhancements.