TLSv1.3 is relatively new and shiny, as fundamental web protocols go, and TLS stacks are still working out the bugs.  In my experience:


In both cases the solution was to avoid TLSv1.3 for now, by setting the Java flag:

-Djdk.tls.client.protocols=TLSv1.2

The first bug might also be avoidable by upgrading to Java 11.0.8 or higher. I haven't tested that yet though.

For now, I'm setting that flag in all instances I administer, until TLS servers and clients get their act together.