Summary

      NavLink RestCapabilitiesClient doesn't respect environment configuration settings -Dhttps.protocols=TLSv1 -Djdk.tls.client.protocols=TLSv1 and doesn't fallback to TLSv1 mode. It still tries to connect to Host with Java default (with TLSv1.2 protocol). If remote host supports TLSv1 only, so this leads to javax.net.ssl.SSLException: Received fatal alert: protocol_version error and as a result JIRA is not resolving Stash/other capabilities properly.

      Environment

      • JIRA with Application links
      • Network environment with proxy or SSL offloading.

      Steps to Reproduce

      1. Setup JIRA with Java8
      2. Configure Stash with SSL configuration TLSv1 only (for example)
      3. Configure Applink from JIRA to Stash (for example)
      4. Check Create branch in JIRA Development panel - it will be absent
      5. Navigate to <Project> > Administration > Development tools. Clicking 'Refresh' should send the capabilities request again.

      Expected Results

      JIRA will respect environment configuration settings and connect to remote host.

      Actual Results

      JIRA doesn't respect environment configuration settings and fail to connect to remote host.
      The below exception is thrown in the atlassian-jira.log file:

      NavLink RestCapabilitiesClient:thread-1, WRITE: TLSv1.2 Handshake, length = 197
      NavLink RestCapabilitiesClient:thread-1, READ: SSLv3 Alert, length = 2
      NavLink RestCapabilitiesClient:thread-1, RECV TLSv1.2 ALERT:  fatal, protocol_version
      NavLink RestCapabilitiesClient:thread-1, called closeSocket()
      NavLink RestCapabilitiesClient:thread-1, handling exception: javax.net.ssl.SSLException: Received fatal alert: protocol_version
      NavLink RestCapabilitiesClient:thread-1, setSoTimeout(1) called
      NavLink RestCapabilitiesClient:thread-1, handling exception: java.net.SocketTimeoutException: Read timed out
      
      2015-11-25 11:12:28,833 NavLink RestCapabilitiesClient:thread-1 DEBUG anonymous     [menu.client.capabilities.RestCapabilitiesClient] Stacktrace: 
      javax.net.ssl.SSLException: Received fatal alert: protocol_version
      	at sun.security.ssl.Alerts.getSSLException(Alerts.java:208)
      	at sun.security.ssl.Alerts.getSSLException(Alerts.java:154)
      	at sun.security.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:2023)
      	at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1125)
      	at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375)
      	at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403)
      	at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387)
      	at org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:290)
      	at org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:259)
      	at org.apache.http.impl.conn.HttpClientConnectionOperator.connect(HttpClientConnectionOperator.java:125)
      	at org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:319)
      	at org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:363)
      	at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:219)
      	at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:195)
      	at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:86)
      	at org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:108)
      	at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:184)
      

      Notes

      JIRA 6.4.12 running on Java8 (TLSv1.2 is default for this version: see diagnosing_tls_ssl_and_https) with configuration tuning:

      -Dhttps.protocols=TLSv1 -Djdk.tls.client.protocols=TLSv1
      
      Cause

      Caused by: https://ecosystem.atlassian.net/browse/ANL-41

      Workaround

      We have new version of atlassian-nav-links-plugin 3.3.22 (bundled version is 3.3.21).

      1. Download atlassian-nav-links-plugin-3.3.22.jar
      2. Upload atlassian-nav-links-plugin-3.3.22.jar to <JIRA_HOME>/plugins/installed-plugins/
      3. Restart JIRA

            [JSWSERVER-14914] NavLink RestCapabilitiesClient ignoring system properties

            Renata Dornelas made changes -
            Remote Link Original: This issue links to "Page (Atlassian Documentation)" [ 157713 ]
            Owen made changes -
            Workflow Original: JAC Bug Workflow v2 [ 2855151 ] New: JAC Bug Workflow v3 [ 2935248 ]
            Status Original: Resolved [ 5 ] New: Closed [ 6 ]
            Owen made changes -
            Symptom Severity Original: Minor [ 14432 ] New: Severity 3 - Minor [ 15832 ]
            Owen made changes -
            Workflow Original: JIRA Bug Workflow w Kanban v7 - Restricted [ 2540139 ] New: JAC Bug Workflow v2 [ 2855151 ]
            Ignat (Inactive) made changes -
            Workflow Original: JIRA Bug Workflow w Kanban v6 - Restricted [ 1519773 ] New: JIRA Bug Workflow w Kanban v7 - Restricted [ 2540139 ]
            Anton Genkin (Inactive) made changes -
            Resolution New: Fixed [ 1 ]
            Status Original: Verified [ 10005 ] New: Resolved [ 5 ]
            Confluence Escalation Bot (Inactive) made changes -
            Support reference count Original: 5 New: 1
            Oswaldo Hernandez (Inactive) made changes -
            Component/s New: Development Panel [ 43313 ]
            Component/s Original: Issue - Development Panel [ 25405 ]
            Fix Version/s New: 7.0.Next [ 53603 ]
            Fix Version/s New: 7.1.4 Server [ 61618 ]
            Fix Version/s Original: 7.1.4 [ 61620 ]
            Fix Version/s Original: 7.0.9 [ 60528 ]
            Key Original: JRA-59406 New: JSW-14914
            Affects Version/s Original: 6.4.12 [ 56100 ]
            Project Original: JIRA (including JIRA Core) [ 10240 ] New: JIRA Software (including JIRA Agile) [ 12200 ]
            Confluence Escalation Bot (Inactive) made changes -
            Labels Original: jira-development-panel pse-request slush New: affects-server jira-development-panel pse-request slush
            Oswaldo Hernandez (Inactive) made changes -
            Labels Original: pse-request slush New: jira-development-panel pse-request slush

              Unassigned Unassigned
              ayakovlev@atlassian.com Andriy Yakovlev [Atlassian]
              Affected customers:
              0 This affects my team
              Watchers:
              4 Start watching this issue

                Created:
                Updated:
                Resolved: