Unable to Upload Attachments after Enabling SSL

お困りですか?

アトラシアン コミュニティをご利用ください。

コミュニティに質問

プラットフォームについて: Server と Data Center のみ - この記事は、サーバーおよびデータセンター プラットフォームのアトラシアン製品にのみ適用されます。

問題

In Confluence, you can't upload attachments after enabling SSL. We see an error in the UI.

診断

環境

Confluence is hosted in Solaris Operating System.

 

診断ステップ

Looking into atlassian-confluence.log, we can see the following errors:

2017-03-09 17:07:56,871 ERROR [http-nio-8444-exec-3] [confluence.plugins.dragdrop.UploadAction] execute Failed to save file.
-- referer: https://<obfuscated-url> | url: /plugins/drag-and-drop/upload.action | userName: justin | action: upload
java.security.ProviderException: Could not determine buffer size
at javax.crypto.CipherSpi.bufferCrypt(CipherSpi.java:843)
at javax.crypto.CipherSpi.engineDoFinal(CipherSpi.java:730)
at javax.crypto.Cipher.doFinal(Cipher.java:2460)
at sun.security.ssl.CipherBox.decrypt(CipherBox.java:535)
at sun.security.ssl.EngineInputRecord.decrypt(EngineInputRecord.java:200)
at sun.security.ssl.SSLEngineImpl.readRecord(SSLEngineImpl.java:974)
at sun.security.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:907)
at sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:781)
at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:624)
Caused by: javax.crypto.ShortBufferException: Output buffer must be (at least) 12272 bytes long
at com.oracle.security.ucrypto.NativeGCMCipher.engineUpdate(NativeGCMCipher.java:261)
at javax.crypto.CipherSpi.bufferCrypt(CipherSpi.java:828)

原因

The root cause of this issue lies in the Oracle Ucrypto JCE Provider that is unable to handle the buffer size of the requests over SSL on Solaris.

ソリューション

Edit the $JAVA_HOME/jre/lib/security/java.security file and comment the uncrypto provider:

  • Before editing:
security.provider.1=com.oracle.security.ucrypto.UcryptoProvider $
{java.home}/lib/security/ucrypto-solaris.cfg
security.provider.2=sun.security.pkcs11.SunPKCS11 ${java.home}
/lib/security/sunpkcs11-solaris.cfg
security.provider.3=sun.security.provider.Sun
security.provider.4=sun.security.rsa.SunRsaSign
security.provider.5=sun.security.ec.SunEC
security.provider.6=com.sun.net.ssl.internal.ssl.Provider
security.provider.7=com.sun.crypto.provider.SunJCE
security.provider.8=sun.security.jgss.SunProvider
security.provider.9=com.sun.security.sasl.Provider
security.provider.10=org.jcp.xml.dsig.internal.dom.XMLDSigRI
security.provider.11=sun.security.smartcardio.SunPCSC

 

  • After editing:
#security.provider.1=com.oracle.security.ucrypto.UcryptoProvider $
{java.home}/lib/security/ucrypto-solaris.cfg
security.provider.1=sun.security.pkcs11.SunPKCS11 ${java.home}
/lib/security/sunpkcs11-solaris.cfg
security.provider.2=sun.security.provider.Sun
security.provider.3=sun.security.rsa.SunRsaSign
security.provider.4=sun.security.ec.SunEC
security.provider.5=com.sun.net.ssl.internal.ssl.Provider
security.provider.6=com.sun.crypto.provider.SunJCE
security.provider.7=sun.security.jgss.SunProvider
security.provider.8=com.sun.security.sasl.Provider
security.provider.9=org.jcp.xml.dsig.internal.dom.XMLDSigRI
security.provider.10=sun.security.smartcardio.SunPCSC

(warning) Please notice that the providers must be reordered after removing the first one.

 

After this change, restart Confluence and you should be able to upload attachments.

 

Last modified on Mar 14, 2017

この内容はお役に立ちましたか?

はい
いいえ
この記事についてのフィードバックを送信する
Powered by Confluence and Scroll Viewport.