Uploaded image for project: 'Bitbucket Server'
  1. Bitbucket Server
  2. BSERV-12374

Java 11 TLS 1.3 problems

    XMLWordPrintable

    Details

      Description

      Issue Summary

      There are currently some issues with TLS 1.3 support in Java 11, including (the JDK ticket is not public):

      JDK-8214418 HttpClient falls in running with 100% cpu usage after an error signalled on channel

      Some examples of how TLS 1.3 issues have manifested in Bitbucket Server (there may be more):

      • BSERV-11796: Failure while importing repositories when running on Java 11
      • BSERV-12180: Code search intermittently stops working with Java 11 JRE
      • BSERV-12131: Webhooks intermittently stop working with Java 11 JRE

      Loosely related (although not directly to Java 11 TLSv1.3 problems):

      • BSERV-11889: Enforce TLS v1.2 for the Bitbucket Mail Server SMTP Protocol

      Steps to Reproduce

      See linked issues for reproduction details

      Expected Results

      All functionality works as expected when running Bitbucket Server on JRE 11

      Actual Results

      HttpClient calls using TLS 1.3 fail intermittently if Bitbucket Server is run using JRE 11

      Workaround

      Universally disable TLS 1.3 support and force use of TLS 1.2 instead by passing the following JVM args (on startup):

      • jdk.tls.disabledAlgorithms=TLSv1.3
      • https.protocols=TLSv1.2

      plus this one specifically for BSERV-11889:

      • mail.crypto.protocols=TLSv1.2

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              Unassigned Unassigned
              Reporter:
              akord Kordinator
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: