-
Bug
-
Resolution: Fixed
-
Low
-
None
-
1
-
Severity 3 - Minor
-
Summary
NavLink RestCapabilitiesClient doesn't respect environment configuration settings -Dhttps.protocols=TLSv1 -Djdk.tls.client.protocols=TLSv1 and doesn't fallback to TLSv1 mode. It still tries to connect to Host with Java default (with TLSv1.2 protocol). If remote host supports TLSv1 only, so this leads to javax.net.ssl.SSLException: Received fatal alert: protocol_version error and as a result JIRA is not resolving Stash/other capabilities properly.
Environment
- JIRA with Application links
- Network environment with proxy or SSL offloading.
Steps to Reproduce
- Setup JIRA with Java8
- Configure Stash with SSL configuration TLSv1 only (for example)
- Configure Applink from JIRA to Stash (for example)
- Check Create branch in JIRA Development panel - it will be absent
- Navigate to <Project> > Administration > Development tools. Clicking 'Refresh' should send the capabilities request again.
Expected Results
JIRA will respect environment configuration settings and connect to remote host.
Actual Results
JIRA doesn't respect environment configuration settings and fail to connect to remote host.
The below exception is thrown in the atlassian-jira.log file:
NavLink RestCapabilitiesClient:thread-1, WRITE: TLSv1.2 Handshake, length = 197 NavLink RestCapabilitiesClient:thread-1, READ: SSLv3 Alert, length = 2 NavLink RestCapabilitiesClient:thread-1, RECV TLSv1.2 ALERT: fatal, protocol_version NavLink RestCapabilitiesClient:thread-1, called closeSocket() NavLink RestCapabilitiesClient:thread-1, handling exception: javax.net.ssl.SSLException: Received fatal alert: protocol_version NavLink RestCapabilitiesClient:thread-1, setSoTimeout(1) called NavLink RestCapabilitiesClient:thread-1, handling exception: java.net.SocketTimeoutException: Read timed out
2015-11-25 11:12:28,833 NavLink RestCapabilitiesClient:thread-1 DEBUG anonymous [menu.client.capabilities.RestCapabilitiesClient] Stacktrace: javax.net.ssl.SSLException: Received fatal alert: protocol_version at sun.security.ssl.Alerts.getSSLException(Alerts.java:208) at sun.security.ssl.Alerts.getSSLException(Alerts.java:154) at sun.security.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:2023) at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1125) at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375) at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403) at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387) at org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:290) at org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:259) at org.apache.http.impl.conn.HttpClientConnectionOperator.connect(HttpClientConnectionOperator.java:125) at org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:319) at org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:363) at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:219) at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:195) at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:86) at org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:108) at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:184)
Notes
JIRA 6.4.12 running on Java8 (TLSv1.2 is default for this version: see diagnosing_tls_ssl_and_https) with configuration tuning:
-Dhttps.protocols=TLSv1 -Djdk.tls.client.protocols=TLSv1
Cause
Caused by: https://ecosystem.atlassian.net/browse/ANL-41
Workaround
We have new version of atlassian-nav-links-plugin 3.3.22 (bundled version is 3.3.21).
- Download atlassian-nav-links-plugin-3.3.22.jar
- Upload atlassian-nav-links-plugin-3.3.22.jar to <JIRA_HOME>/plugins/installed-plugins/
- Restart JIRA
- relates to
-
-
- Closed
-
- is related to
-
ANL-41 Loading...
- mentioned in
-