SVN checkout task failed with error "svn: E175002: SSL handshake failed"
プラットフォームについて: サーバーと Data Center のみ。この記事は、サーバーおよび Data Center プラットフォームのアトラシアン製品にのみ適用されます。
When running a SVN checkout task in your Bamboo plan, this fails with error
svn: E175002: SSL handshake failed
Java8u291 or higher
- Run a SVN checkout task from Bamboo to your SVN server which is configured to accept TLS 1.0 or TLS 1.1 connections.
- After you run your plan, your build will fail with the following error message:
svn: E175002: SSL handshake failed.
In addition, he following message is shown on the stack trace generated by the error:
Caused by: javax.net.ssl.SSLHandshakeException: The server selected protocol version TLS10 is not accepted by client preferences [TLS12]
Since Java version 8 update 291 or higher TLS 1.0 and TLS 1.1 have been disabled by default. See a snippet from the Java 8 update 291 release notes:
Disable TLS 1.0 and 1.1
TLS 1.0 and 1.1 are versions of the TLS protocol that are no longer considered secure and have been superseded by more secure and modern versions (TLS 1.2 and 1.3).
These versions have now been disabled by default. If you encounter issues, you can, at your own risk, re-enable the versions by removing "TLSv1" and/or "TLSv1.1" from the jdk.tls.disabledAlgorithms security property in the java.security configuration file.
Due to this change, and if your SVN server is not configured to accept TLS 1.2 or TLS 1.3 connections the checkout task will fail due to the disparity on the encryption algorithms between client and server.
In order to resolve this issue choose any of these three options:
- Recommended solution: Enable TLS 1.2 or TLS 1.3 on your SVN server.
- Downgrade your Java on your Bamboo agents (or Bamboo server if you run local agents) to any version prior to Java8u291
- Modify your
java.securityfile which is normally located under the directory
/jre/lib/securityon your Java installation directory. On that file, find the line that contains
TLSv1.1from the list of disabled algorithms.
After running these steps restart your agents (or your Bamboo server if you run local agents) so that they pick up the changes.
WARNING: please be aware that using an older Java version or enabling manually TLS 1.0 and TLS 1.1 pose a security risk to your application which may have severe implications. There are reasons why those protocols were disabled and hence our recommended solution is to use TLS 1.2 or TLS 1.3 on your SVN server.