Unable to Upload Attachments after Enabling SSL
Platform Notice: Data Center Only - This article only applies to Atlassian products on the Data Center platform.
Note that this KB was created for the Data Center version of the product. Data Center KBs for non-Data-Center-specific features may also work for Server versions of the product, however they have not been tested. Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.
*Except Fisheye and Crucible
Summary
Problem
In Confluence, you can't upload attachments after enabling SSL. We see an error in the UI.
Diagnosis
Environment
Confluence is hosted in Solaris Operating System.
Diagnostic Steps
Looking into atlassian-confluence.log, we can see the following errors:
1
2
3
4
5
6
7
8
9
10
11
12
2017-03-09 17:07:56,871 ERROR [http-nio-8444-exec-3] [confluence.plugins.dragdrop.UploadAction] execute Failed to save file.
-- referer: https://<obfuscated-url> | url: /plugins/drag-and-drop/upload.action | userName: justin | action: upload
java.security.ProviderException: Could not determine buffer size
at javax.crypto.CipherSpi.bufferCrypt(CipherSpi.java:843)
at javax.crypto.CipherSpi.engineDoFinal(CipherSpi.java:730)
at javax.crypto.Cipher.doFinal(Cipher.java:2460)
at sun.security.ssl.CipherBox.decrypt(CipherBox.java:535)
at sun.security.ssl.EngineInputRecord.decrypt(EngineInputRecord.java:200)
at sun.security.ssl.SSLEngineImpl.readRecord(SSLEngineImpl.java:974)
at sun.security.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:907)
at sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:781)
at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:624)1
2
3
Caused by: javax.crypto.ShortBufferException: Output buffer must be (at least) 12272 bytes long
at com.oracle.security.ucrypto.NativeGCMCipher.engineUpdate(NativeGCMCipher.java:261)
at javax.crypto.CipherSpi.bufferCrypt(CipherSpi.java:828)Cause
The root cause of this issue lies in the Oracle Ucrypto JCE Provider that is unable to handle the buffer size of the requests over SSL on Solaris.
Solution
Resolution
Edit the $JAVA_HOME/jre/lib/security/java.security file and comment the ucrypto provider:
Before editing:
1
2
3
4
5
6
7
8
9
10
11
12
13
security.provider.1=com.oracle.security.ucrypto.UcryptoProvider $
{java.home}/lib/security/ucrypto-solaris.cfg
security.provider.2=sun.security.pkcs11.SunPKCS11 ${java.home}
/lib/security/sunpkcs11-solaris.cfg
security.provider.3=sun.security.provider.Sun
security.provider.4=sun.security.rsa.SunRsaSign
security.provider.5=sun.security.ec.SunEC
security.provider.6=com.sun.net.ssl.internal.ssl.Provider
security.provider.7=com.sun.crypto.provider.SunJCE
security.provider.8=sun.security.jgss.SunProvider
security.provider.9=com.sun.security.sasl.Provider
security.provider.10=org.jcp.xml.dsig.internal.dom.XMLDSigRI
security.provider.11=sun.security.smartcardio.SunPCSCAfter editing:
1
2
3
4
5
6
7
8
9
10
11
12
13
#security.provider.1=com.oracle.security.ucrypto.UcryptoProvider $
{java.home}/lib/security/ucrypto-solaris.cfg
security.provider.1=sun.security.pkcs11.SunPKCS11 ${java.home}
/lib/security/sunpkcs11-solaris.cfg
security.provider.2=sun.security.provider.Sun
security.provider.3=sun.security.rsa.SunRsaSign
security.provider.4=sun.security.ec.SunEC
security.provider.5=com.sun.net.ssl.internal.ssl.Provider
security.provider.6=com.sun.crypto.provider.SunJCE
security.provider.7=sun.security.jgss.SunProvider
security.provider.8=com.sun.security.sasl.Provider
security.provider.9=org.jcp.xml.dsig.internal.dom.XMLDSigRI
security.provider.10=sun.security.smartcardio.SunPCSC⚠️ Please notice that the providers must be reordered after removing the first one.
After this change, restart Confluence and you should be able to upload attachments.
Was this helpful?