When creating AppLinks between FishEye/Crucible and another Atlassian application behind a reverse proxy set up with SNI, the AppLinks won't work properly.
Because the client does not support SNI, it won't be served the right SSL certificate and the connection will failed.
This issue is caused by the commons-httpclient version (3.1) used by FishEye/Crucible, which does not have support for TLS - SNI.
Java version 1.7 or newer (starting from the java version 1.7 TLS 1.1 and 1.2 are disabled by default).
The AppLink can be successfully created.
It is not possible to successfully create an AppLink and the following stack trace can be found in the atlassian-fisheye-YYYY-MM-DD.log
2015-09-01 17:02:29,222 ERROR [http-bio-8085-exec-11] [CreateApplicationLinkUIResource] ManifestNotFoundException thrown while retrieving manifest
com.atlassian.applinks.spi.manifest.ManifestNotFoundException: javax.net.ssl.SSLHandshakeException: No appropriate protocol (protocol is disabled or cipher suites are inappropriate)
This ticket is about the link from FishEye/Crucible to another Atlassian application.
The improvement related to the connection from JIRA to FishEye/Crucible (or any other Atlassian applications) is described here
The improvement related to the connection from Bamboo to any other Atlassian applications is described here
As this issue is fixed, please consider upgrading before applying any of the following workarounds.
The following workaround options are alternatives, please choose the best one for your case.
Use a newer commons-httpclient jar version (you need at least version 3.1-atlassian-2) by following these steps:
- Shutdown FishEye/Crucible
- Download this commons-httpclient-3.1-atlassian-2.jar into the machine hosting FishEye/Crucible
- Backup and delete <FISHEYE_DIR>/lib/commons-httpclient-3.1.jar
- Move the file commons-httpclient-3.1-atlassian-2.jar into the directory <FISHEYE_DIR>/lib
- Restart FishEye/Crucible
Add the following Java properties to the FishEye/Crucible JVM properties:
Connect the Atlassian applications bypassing the proxy.
You can find the instructions describing the changes required to your environment, and how to recreate the AppLinks bypassing the proxy here:
How to create an unproxied Application Link