javax.net.ssl.SSLException

There are no available Samebug tips for this exception. Do you have an idea how to solve this issue? A short tip would help users who saw this issue last week.

  • h3. Summary {{NavLink RestCapabilitiesClient}} doesn't respect environment configuration settings {{-Dhttps.protocols=TLSv1 -Djdk.tls.client.protocols=TLSv1}} and doesn't fallback to *TLSv1* mode. It still tries to connect to Host with Java default (with *TLSv1.2* protocol). If remote host supports *TLSv1* only, so this leads to {{javax.net.ssl.SSLException: Received fatal alert: protocol_version}} error and as a result JIRA is not resolving Stash/other capabilities properly. h3. Environment * JIRA with Application links * Network environment with proxy or SSL offloading. h3. Steps to Reproduce # Setup JIRA with Java8 # Configure Stash with SSL configuration TLSv1 only (for example) # Configure Applink from JIRA to Stash (for example) # Check _Create branch_ in JIRA Development panel - it will be absent # Navigate to *<Project>* > *Administration* > *Development tools*. Clicking 'Refresh' should send the capabilities request again. h3. Expected Results JIRA will respect environment configuration settings and connect to remote host. h3. Actual Results JIRA doesn't respect environment configuration settings and fail to connect to remote host. The below exception is thrown in the atlassian-jira.log file: {noformat} NavLink RestCapabilitiesClient:thread-1, WRITE: TLSv1.2 Handshake, length = 197 NavLink RestCapabilitiesClient:thread-1, READ: SSLv3 Alert, length = 2 NavLink RestCapabilitiesClient:thread-1, RECV TLSv1.2 ALERT: fatal, protocol_version NavLink RestCapabilitiesClient:thread-1, called closeSocket() NavLink RestCapabilitiesClient:thread-1, handling exception: javax.net.ssl.SSLException: Received fatal alert: protocol_version NavLink RestCapabilitiesClient:thread-1, setSoTimeout(1) called NavLink RestCapabilitiesClient:thread-1, handling exception: java.net.SocketTimeoutException: Read timed out {noformat} {noformat} 2015-11-25 11:12:28,833 NavLink RestCapabilitiesClient:thread-1 DEBUG anonymous [menu.client.capabilities.RestCapabilitiesClient] Stacktrace: javax.net.ssl.SSLException: Received fatal alert: protocol_version at sun.security.ssl.Alerts.getSSLException(Alerts.java:208) at sun.security.ssl.Alerts.getSSLException(Alerts.java:154) at sun.security.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:2023) at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1125) at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375) at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403) at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387) at org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:290) at org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:259) at org.apache.http.impl.conn.HttpClientConnectionOperator.connect(HttpClientConnectionOperator.java:125) at org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:319) at org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:363) at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:219) at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:195) at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:86) at org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:108) at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:184) {noformat} h3. Notes JIRA 6.4.12 running on Java8 (TLSv1.2 is default for this version: see [diagnosing_tls_ssl_and_https|https://blogs.oracle.com/java-platform-group/entry/diagnosing_tls_ssl_and_https]) with configuration tuning: {code} -Dhttps.protocols=TLSv1 -Djdk.tls.client.protocols=TLSv1 {code} h5. Cause Caused by: https://ecosystem.atlassian.net/browse/ANL-41 h3.Workaround We have new version of {{atlassian-nav-links-plugin}} *3.3.22* (bundled version is 3.3.21). # Download [atlassian-nav-links-plugin-3.3.22.jar|https://maven.atlassian.com/content/repositories/atlassian-public/com/atlassian/plugins/atlassian-nav-links-plugin/3.3.22/atlassian-nav-links-plugin-3.3.22.jar] # Upload {{atlassian-nav-links-plugin-3.3.22.jar}} to <JIRA_HOME>/plugins/installed-plugins/ # Restart JIRA
    via by Andriy Yakovlev [Atlassian],
  • h3. Summary {{NavLink RestCapabilitiesClient}} doesn't respect environment configuration settings {{-Dhttps.protocols=TLSv1 -Djdk.tls.client.protocols=TLSv1}} and doesn't fallback to *TLSv1* mode. It still tries to connect to Host with Java default (with *TLSv1.2* protocol). If remote host supports *TLSv1* only, so this leads to {{javax.net.ssl.SSLException: Received fatal alert: protocol_version}} error and as a result JIRA is not resolving Stash/other capabilities properly. h3. Environment * JIRA with Application links * Network environment with proxy or SSL offloading. h3. Steps to Reproduce # Setup JIRA with Java8 # Configure Stash with SSL configuration TLSv1 only (for example) # Configure Applink from JIRA to Stash (for example) # Check _Create branch_ in JIRA Development panel - it will be absent # Navigate to *<Project>* > *Administration* > *Development tools*. Clicking 'Refresh' should send the capabilities request again. h3. Expected Results JIRA will respect environment configuration settings and connect to remote host. h3. Actual Results JIRA doesn't respect environment configuration settings and fail to connect to remote host. The below exception is thrown in the atlassian-jira.log file: {noformat} NavLink RestCapabilitiesClient:thread-1, WRITE: TLSv1.2 Handshake, length = 197 NavLink RestCapabilitiesClient:thread-1, READ: SSLv3 Alert, length = 2 NavLink RestCapabilitiesClient:thread-1, RECV TLSv1.2 ALERT: fatal, protocol_version NavLink RestCapabilitiesClient:thread-1, called closeSocket() NavLink RestCapabilitiesClient:thread-1, handling exception: javax.net.ssl.SSLException: Received fatal alert: protocol_version NavLink RestCapabilitiesClient:thread-1, setSoTimeout(1) called NavLink RestCapabilitiesClient:thread-1, handling exception: java.net.SocketTimeoutException: Read timed out {noformat} {noformat} 2015-11-25 11:12:28,833 NavLink RestCapabilitiesClient:thread-1 DEBUG anonymous [menu.client.capabilities.RestCapabilitiesClient] Stacktrace: javax.net.ssl.SSLException: Received fatal alert: protocol_version at sun.security.ssl.Alerts.getSSLException(Alerts.java:208) at sun.security.ssl.Alerts.getSSLException(Alerts.java:154) at sun.security.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:2023) at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1125) at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375) at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403) at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387) at org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:290) at org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:259) at org.apache.http.impl.conn.HttpClientConnectionOperator.connect(HttpClientConnectionOperator.java:125) at org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:319) at org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:363) at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:219) at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:195) at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:86) at org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:108) at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:184) {noformat} h3. Notes JIRA 6.4.12 running on Java8 (TLSv1.2 is default for this version: see [diagnosing_tls_ssl_and_https|https://blogs.oracle.com/java-platform-group/entry/diagnosing_tls_ssl_and_https]) with configuration tuning: {code} -Dhttps.protocols=TLSv1 -Djdk.tls.client.protocols=TLSv1 {code} h5. Cause Caused by: https://ecosystem.atlassian.net/browse/ANL-41 h3.Workaround We have new version of {{atlassian-nav-links-plugin}} *3.3.22* (bundled version is 3.3.21). # Download [atlassian-nav-links-plugin-3.3.22.jar|https://maven.atlassian.com/content/repositories/atlassian-public/com/atlassian/plugins/atlassian-nav-links-plugin/3.3.22/atlassian-nav-links-plugin-3.3.22.jar] # Upload {{atlassian-nav-links-plugin-3.3.22.jar}} to <JIRA_HOME>/plugins/installed-plugins/ # Restart JIRA
    via by Andriy Yakovlev [Atlassian],
  • Can&#39;t catch SSLException - Java
    via Stack Overflow by yasuo
    ,
  • Java applet not loading on Java8/HTTPS
    via Stack Overflow by Jokkeri
    ,
  • JAVA 7上からTLSv1.2接続について - QA@IT
    via by Unknown author,
    • javax.net.ssl.SSLException: Received fatal alert: protocol_version at sun.security.ssl.Alerts.getSSLException(Alerts.java:208) at sun.security.ssl.Alerts.getSSLException(Alerts.java:154) at sun.security.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:2023) at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1125) at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375) at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403) at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387) at org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:290) at org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:259) at org.apache.http.impl.conn.HttpClientConnectionOperator.connect(HttpClientConnectionOperator.java:125) at org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:319) at org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:363) at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:219) at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:195) at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:86) at org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:108) at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:184)

    Users with the same issue

    Unknown visitor1 times, last one,
    Unknown visitor3 times, last one,
    Unknown visitor1 times, last one,
    Unknown visitor1 times, last one,
    Unknown visitor1 times, last one,
    126 more bugmates