SVN checkout task failed with error "svn: E175002: SSL handshake failed"

お困りですか?

アトラシアン コミュニティをご利用ください。

コミュニティに質問


プラットフォームについて: Server および Data Center のみ。この記事は、Server および Data Center プラットフォームのアトラシアン製品にのみ適用されます。

Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.

*Fisheye および Crucible は除く

要約

When running a SVN checkout task in your Bamboo plan, this fails with error svn: E175002: SSL handshake failed

環境

Java8u291 or higher

診断

  1. Run a SVN checkout task from Bamboo to your SVN server which is configured to accept TLS 1.0 or TLS 1.1 connections. 
  2. After you run your plan, your build will fail with the following error message: svn: E175002: SSL handshake failed.
  3. In addition, he following message is shown on the stack trace generated by the error:

    Caused by: javax.net.ssl.SSLHandshakeException: The server selected protocol version TLS10 is not accepted by client preferences [TLS12]

原因

Since Java version 8 update 291 or higher TLS 1.0 and TLS 1.1 have been disabled by default. See a snippet from the Java 8 update 291 release notes:

security-libs/javax.net.ssl
Disable TLS 1.0 and 1.1
TLS 1.0 and 1.1 are versions of the TLS protocol that are no longer considered secure and have been superseded by more secure and modern versions (TLS 1.2 and 1.3).
These versions have now been disabled by default. If you encounter issues, you can, at your own risk, re-enable the versions by removing "TLSv1" and/or "TLSv1.1" from the jdk.tls.disabledAlgorithms security property in the java.security configuration file.

Due to this change, and if your SVN server is not configured to accept TLS 1.2 or TLS 1.3 connections the checkout task will fail due to the disparity on the encryption algorithms between client and server.

ソリューション

In order to resolve this issue choose any of these three options:

  • Recommended solution: Enable TLS 1.2 or TLS 1.3 on your SVN server.
  • Downgrade your Java on your Bamboo agents (or Bamboo server if you run local agents) to any version prior to Java8u291
  • Modify your java.security file which is normally located under the directory /jre/lib/security on your Java installation directory. On that file, find the line that contains jdk.tls.disabledAlgorithms and delete TLSv1 and TLSv1.1 from the list of disabled algorithms.

After running these steps restart your agents (or your Bamboo server if you run local agents) so that they pick up the changes.

WARNING: please be aware that using an older Java version or enabling manually TLS 1.0 and TLS 1.1 pose a security risk to your application which may have severe implications. There are reasons why those protocols were disabled and hence our recommended solution is to use TLS 1.2 or TLS 1.3 on your SVN server.

最終更新日 2021 年 7 月 19 日

この内容はお役に立ちましたか?

はい
いいえ
この記事についてのフィードバックを送信する
Powered by Confluence and Scroll Viewport.