-
Bug
-
Resolution: Unresolved
-
Low
-
None
-
7.2.6
-
7.02
-
5
-
Severity 3 - Minor
-
0
-
Summary
- When switching JIRA to use TLSv1.2 only from TLSv1.0, application link with Bitbucket breaks.
- No issues with application link between JIRA and Confluence.
Enviroment
Apache2 webserver for the SSL offloading,
Steps to Reproduce
- Switch to TLSv1.2
- Restart both applications
- Recreate application link
Expected Results
Application link with Bitbucket will break
Actual Results
The below exception is thrown in the atassian-jira.log file:
2018-10-12 12:50:14,449 http-nio-8080-exec-33 DEBUG XXXXX 770x2670x1 1vbxfxv 53.208.139.173,127.0.0.1 /rest/dev-status/1.0/issue/summary [c.a.j.p.devstatus.provider.DefaultCoordinator] Request to 'Stash' has failed. Diagnostic info: com.atlassian.sal.api.net.ResponseException: javax.net.ssl.SSLException: Received fatal alert: protocol_version
at com.atlassian.sal.core.net.HttpClientRequest.executeAndReturn(HttpClientRequest.java:108)
at com.atlassian.plugins.rest.module.jersey.JerseyRequest.executeAndReturn(JerseyRequest.java:131)
at com.atlassian.applinks.core.auth.ApplicationLinkRequestAdaptor.execute(ApplicationLinkRequestAdaptor.java:58)
at com.atlassian.applinks.oauth.auth.OAuthRequest.execute(OAuthRequest.java:58)
at com.atlassian.jira.plugin.devstatus.provider.source.applink.ApplicationLinkDataProvider$1.executeRequest(ApplicationLinkDataProvider.java:315)
at com.atlassian.jira.plugin.devstatus.provider.source.applink.ApplicationLinkDataProvider$1.execute(ApplicationLinkDataProvider.java:296)
at com.atlassian.jira.plugin.devstatus.provider.source.applink.ApplicationLinkDataProvider$RateLimitedCallable.call(ApplicationLinkDataProvider.java:498)
at com.atlassian.jira.plugin.devstatus.provider.source.applink.ApplicationLinkDataProvider$RateLimitedCallable.call(ApplicationLinkDataProvider.java:480)
at com.atlassian.jira.plugin.devstatus.provider.LoggingDecorator.call(LoggingDecorator.java:56)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:745)
Caused by: javax.net.ssl.SSLException: Received fatal alert: protocol_version
at sun.security.ssl.Alerts.getSSLException(Alerts.java:208)
at sun.security.ssl.Alerts.getSSLException(Alerts.java:154)
at sun.security.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:2023)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1125)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387)
at org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:394)
at org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:353)
at org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:134)
at org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:353)
at org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:380)
at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:236)
at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:184)
at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:88)
at org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:110)
at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:184)
at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:82)
at com.atlassian.sal.core.net.HttpClientRequest.executeAndReturn(HttpClientRequest.java:103)
... 12 more
Workaround
- Add -Djdk.tls.client.protocols=TLSv1.2 to to Jira's JVM parameters and restart.
https://confluence.atlassian.com/adminjiraserver/setting-properties-and-options-on-startup-938847831.html - Then re-create the application link