Hello @darrenlewis,
It is indeed quite standard, no third-party plugins here.
Again, as it’s intermittent, you have to focus of what could change in the SSL handshake process. Here are few ideas gathered from what we know about the topic:
- Do you know what version of the TLS protocol is used in your config? Could that change and sometimes be TLS 1.2, some other times 1.3? It will be good to force it so you could potentially narrowdown the issue
- Does your certificate defines a SubjectAlternativeName? It should.
- Could you be affected by JDK-8214060? Then upgrade your JVM.
I hope this will help.