SVN checkout task failed with error "svn: E175002: SSL handshake failed"
プラットフォームについて: Server および Data Center のみ。この記事は、Server および Data Center プラットフォームのアトラシアン製品にのみ適用されます。
Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.
*Fisheye および Crucible は除く
要約
When running a SVN checkout task in your Bamboo plan, this fails with error svn: E175002: SSL handshake failed
環境
Java8u291 or higher
診断
- Run a SVN checkout task from Bamboo to your SVN server which is configured to accept TLS 1.0 or TLS 1.1 connections.
- After you run your plan, your build will fail with the following error message:
svn: E175002: SSL handshake failed.
In addition, he following message is shown on the stack trace generated by the error:
Caused by: javax.net.ssl.SSLHandshakeException: The server selected protocol version TLS10 is not accepted by client preferences [TLS12]
原因
Since Java version 8 update 291 or higher TLS 1.0 and TLS 1.1 have been disabled by default. See a snippet from the Java 8 update 291 release notes:
security-libs/javax.net.ssl
Disable TLS 1.0 and 1.1
TLS 1.0 and 1.1 are versions of the TLS protocol that are no longer considered secure and have been superseded by more secure and modern versions (TLS 1.2 and 1.3).
These versions have now been disabled by default. If you encounter issues, you can, at your own risk, re-enable the versions by removing "TLSv1" and/or "TLSv1.1" from the jdk.tls.disabledAlgorithms security property in the java.security configuration file.
Due to this change, and if your SVN server is not configured to accept TLS 1.2 or TLS 1.3 connections the checkout task will fail due to the disparity on the encryption algorithms between client and server.
ソリューション
In order to resolve this issue choose any of these three options:
- Recommended solution: Enable TLS 1.2 or TLS 1.3 on your SVN server.
- Downgrade your Java on your Bamboo agents (or Bamboo server if you run local agents) to any version prior to Java8u291
- Modify your
java.security
file which is normally located under the directory/jre/lib/security
on your Java installation directory. On that file, find the line that containsjdk.tls.disabledAlgorithms
and deleteTLSv1
andTLSv1.1
from the list of disabled algorithms.
After running these steps restart your agents (or your Bamboo server if you run local agents) so that they pick up the changes.
WARNING: please be aware that using an older Java version or enabling manually TLS 1.0 and TLS 1.1 pose a security risk to your application which may have severe implications. There are reasons why those protocols were disabled and hence our recommended solution is to use TLS 1.2 or TLS 1.3 on your SVN server.