javax.net.ssl.SSLException: Received fatal alert: protocol_version

Atlassian JIRA | Andriy Yakovlev [Atlassian] | 11 months ago
  1. 0

    Development Panel missing and Workflow triggers not working - Atlassian Documentation

    atlassian.com | 7 months ago
    javax.net.ssl.SSLException: Received fatal alert: protocol_version
  2. 0

    h3. Summary {{NavLink RestCapabilitiesClient}} doesn't respect environment configuration settings {{-Dhttps.protocols=TLSv1 -Djdk.tls.client.protocols=TLSv1}} and doesn't fallback to *TLSv1* mode. It still tries to connect to Host with Java default (with *TLSv1.2* protocol). If remote host supports *TLSv1* only, so this leads to {{javax.net.ssl.SSLException: Received fatal alert: protocol_version}} error and as a result JIRA is not resolving Stash/other capabilities properly. h3. Environment * JIRA with Application links * Network environment with proxy or SSL offloading. h3. Steps to Reproduce # Setup JIRA with Java8 # Configure Stash with SSL configuration TLSv1 only (for example) # Configure Applink from JIRA to Stash (for example) # Check _Create branch_ in JIRA Development panel - it will be absent # Navigate to *<Project>* > *Administration* > *Development tools*. Clicking 'Refresh' should send the capabilities request again. h3. Expected Results JIRA will respect environment configuration settings and connect to remote host. h3. Actual Results JIRA doesn't respect environment configuration settings and fail to connect to remote host. The below exception is thrown in the atlassian-jira.log file: {noformat} NavLink RestCapabilitiesClient:thread-1, WRITE: TLSv1.2 Handshake, length = 197 NavLink RestCapabilitiesClient:thread-1, READ: SSLv3 Alert, length = 2 NavLink RestCapabilitiesClient:thread-1, RECV TLSv1.2 ALERT: fatal, protocol_version NavLink RestCapabilitiesClient:thread-1, called closeSocket() NavLink RestCapabilitiesClient:thread-1, handling exception: javax.net.ssl.SSLException: Received fatal alert: protocol_version NavLink RestCapabilitiesClient:thread-1, setSoTimeout(1) called NavLink RestCapabilitiesClient:thread-1, handling exception: java.net.SocketTimeoutException: Read timed out {noformat} {noformat} 2015-11-25 11:12:28,833 NavLink RestCapabilitiesClient:thread-1 DEBUG anonymous [menu.client.capabilities.RestCapabilitiesClient] Stacktrace: javax.net.ssl.SSLException: Received fatal alert: protocol_version at sun.security.ssl.Alerts.getSSLException(Alerts.java:208) at sun.security.ssl.Alerts.getSSLException(Alerts.java:154) at sun.security.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:2023) at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1125) at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375) at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403) at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387) at org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:290) at org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:259) at org.apache.http.impl.conn.HttpClientConnectionOperator.connect(HttpClientConnectionOperator.java:125) at org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:319) at org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:363) at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:219) at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:195) at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:86) at org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:108) at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:184) {noformat} h3. Notes JIRA 6.4.12 running on Java8 (TLSv1.2 is default for this version: see [diagnosing_tls_ssl_and_https|https://blogs.oracle.com/java-platform-group/entry/diagnosing_tls_ssl_and_https]) with configuration tuning: {code} -Dhttps.protocols=TLSv1 -Djdk.tls.client.protocols=TLSv1 {code} h5. Cause Caused by: https://ecosystem.atlassian.net/browse/ANL-41 h3.Workaround We have new version of {{atlassian-nav-links-plugin}} *3.3.22* (bundled version is 3.3.21). # Download [atlassian-nav-links-plugin-3.3.22.jar|https://maven.atlassian.com/content/repositories/atlassian-public/com/atlassian/plugins/atlassian-nav-links-plugin/3.3.22/atlassian-nav-links-plugin-3.3.22.jar] # Upload {{atlassian-nav-links-plugin-3.3.22.jar}} to <JIRA_HOME>/plugins/installed-plugins/ # Restart JIRA

    Atlassian JIRA | 11 months ago | Andriy Yakovlev [Atlassian]
    javax.net.ssl.SSLException: Received fatal alert: protocol_version
  3. 0

    h3. Summary {{NavLink RestCapabilitiesClient}} doesn't respect environment configuration settings {{-Dhttps.protocols=TLSv1 -Djdk.tls.client.protocols=TLSv1}} and doesn't fallback to *TLSv1* mode. It still tries to connect to Host with Java default (with *TLSv1.2* protocol). If remote host supports *TLSv1* only, so this leads to {{javax.net.ssl.SSLException: Received fatal alert: protocol_version}} error and as a result JIRA is not resolving Stash/other capabilities properly. h3. Environment * JIRA with Application links * Network environment with proxy or SSL offloading. h3. Steps to Reproduce # Setup JIRA with Java8 # Configure Stash with SSL configuration TLSv1 only (for example) # Configure Applink from JIRA to Stash (for example) # Check _Create branch_ in JIRA Development panel - it will be absent # Navigate to *<Project>* > *Administration* > *Development tools*. Clicking 'Refresh' should send the capabilities request again. h3. Expected Results JIRA will respect environment configuration settings and connect to remote host. h3. Actual Results JIRA doesn't respect environment configuration settings and fail to connect to remote host. The below exception is thrown in the atlassian-jira.log file: {noformat} NavLink RestCapabilitiesClient:thread-1, WRITE: TLSv1.2 Handshake, length = 197 NavLink RestCapabilitiesClient:thread-1, READ: SSLv3 Alert, length = 2 NavLink RestCapabilitiesClient:thread-1, RECV TLSv1.2 ALERT: fatal, protocol_version NavLink RestCapabilitiesClient:thread-1, called closeSocket() NavLink RestCapabilitiesClient:thread-1, handling exception: javax.net.ssl.SSLException: Received fatal alert: protocol_version NavLink RestCapabilitiesClient:thread-1, setSoTimeout(1) called NavLink RestCapabilitiesClient:thread-1, handling exception: java.net.SocketTimeoutException: Read timed out {noformat} {noformat} 2015-11-25 11:12:28,833 NavLink RestCapabilitiesClient:thread-1 DEBUG anonymous [menu.client.capabilities.RestCapabilitiesClient] Stacktrace: javax.net.ssl.SSLException: Received fatal alert: protocol_version at sun.security.ssl.Alerts.getSSLException(Alerts.java:208) at sun.security.ssl.Alerts.getSSLException(Alerts.java:154) at sun.security.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:2023) at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1125) at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375) at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403) at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387) at org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:290) at org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:259) at org.apache.http.impl.conn.HttpClientConnectionOperator.connect(HttpClientConnectionOperator.java:125) at org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:319) at org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:363) at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:219) at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:195) at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:86) at org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:108) at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:184) {noformat} h3. Notes JIRA 6.4.12 running on Java8 (TLSv1.2 is default for this version: see [diagnosing_tls_ssl_and_https|https://blogs.oracle.com/java-platform-group/entry/diagnosing_tls_ssl_and_https]) with configuration tuning: {code} -Dhttps.protocols=TLSv1 -Djdk.tls.client.protocols=TLSv1 {code} h5. Cause Caused by: https://ecosystem.atlassian.net/browse/ANL-41 h3.Workaround We have new version of {{atlassian-nav-links-plugin}} *3.3.22* (bundled version is 3.3.21). # Download [atlassian-nav-links-plugin-3.3.22.jar|https://maven.atlassian.com/content/repositories/atlassian-public/com/atlassian/plugins/atlassian-nav-links-plugin/3.3.22/atlassian-nav-links-plugin-3.3.22.jar] # Upload {{atlassian-nav-links-plugin-3.3.22.jar}} to <JIRA_HOME>/plugins/installed-plugins/ # Restart JIRA

    Atlassian JIRA | 11 months ago | Andriy Yakovlev [Atlassian]
    javax.net.ssl.SSLException: Received fatal alert: protocol_version
  4. Speed up your debug routine!

    Automated exception search integrated into your IDE

  5. 0

    Can't catch SSLException - Java

    Stack Overflow | 12 months ago | yasuo
    javax.net.ssl.SSLException: Received fatal alert: protocol_version
  6. 0

    Apache httpclient: get "Received fatal alert: protocol_version" sometimes

    Stack Overflow | 10 months ago | Michael
    javax.net.ssl.SSLException: Received fatal alert: protocol_version

  1. AndrewProg 4 times, last 3 months ago
  2. kid 3 times, last 3 months ago
  3. mortalman7 1 times, last 4 months ago
  4. balintn 1 times, last 8 months ago
74 unregistered visitors
Not finding the right solution?
Take a tour to get the most out of Samebug.

Tired of useless tips?

Automated exception search integrated into your IDE

Root Cause Analysis

  1. javax.net.ssl.SSLException

    Received fatal alert: protocol_version

    at sun.security.ssl.Alerts.getSSLException()
  2. Java JSSE
    SSLSocketImpl.startHandshake
    1. sun.security.ssl.Alerts.getSSLException(Alerts.java:208)
    2. sun.security.ssl.Alerts.getSSLException(Alerts.java:154)
    3. sun.security.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:2023)
    4. sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1125)
    5. sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375)
    6. sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403)
    7. sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387)
    7 frames
  3. Apache HttpClient
    InternalHttpClient.doExecute
    1. org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:290)
    2. org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:259)
    3. org.apache.http.impl.conn.HttpClientConnectionOperator.connect(HttpClientConnectionOperator.java:125)
    4. org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:319)
    5. org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:363)
    6. org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:219)
    7. org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:195)
    8. org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:86)
    9. org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:108)
    10. org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:184)
    10 frames