SSLHandshakeException - Received fatal alert - handshake_failure
The content on this page relates to platforms which are supported, however are out of scope of our Atlassian Support Offerings. Consequently, Atlassian cannot guarantee support. Please be aware that this material is provided for your information only and you may use it at your own risk.
Attempt to connect to a repository over HTTPS fails with the following entry in
2015-10-12 00:06:42,005 WARN [InitPing3 repo ] fisheye BaseRepositoryScanner-handleSlurpException - Problem processing revisions from repo Nanotick due to class com.cenqua.fisheye.config.ConfigException - Could not access https://server.company.com/repo/ : org.apache.subversion.javahl.ClientException: svn: E175002: SSL handshake failed: 'Received fatal alert: handshake_failure' com.cenqua.fisheye.config.ConfigException: Could not access https://server.company.com/repo/ : org.apache.subversion.javahl.ClientException: svn: E175002: SSL handshake failed: 'Received fatal alert: handshake_failure' at com.cenqua.fisheye.svn.SvnRepositoryTester.pingAndValidateAccess(SvnRepositoryTester.java:159) ... Caused by: com.cenqua.fisheye.rep.RepositoryClientException: org.apache.subversion.javahl.ClientException: svn: E175002: SSL handshake failed: 'Received fatal alert: handshake_failure' at com.cenqua.fisheye.svn.SvnThrottledClient.executeNoThrottle(SvnThrottledClient.java:186) ... Caused by: org.apache.subversion.javahl.ClientException: svn: E175002: SSL handshake failed: 'Received fatal alert: handshake_failure' at org.apache.subversion.javahl.ClientException.fromException(ClientException.java:68) ... Caused by: org.tmatesoft.svn.core.SVNException: svn: E175002: SSL handshake failed: 'Received fatal alert: handshake_failure' at org.tmatesoft.svn.core.internal.wc.SVNErrorManager.error(SVNErrorManager.java:64) ... Caused by: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure at sun.security.ssl.Alerts.getSSLException(Alerts.java:192) at sun.security.ssl.Alerts.getSSLException(Alerts.java:154) at sun.security.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:2023) at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1125) at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375)
This message has multiple causes which are described below.
The CA's intermediate certificates are not imported into Fisheye's keystore. For example: https://support.globalsign.com/customer/portal/articles/1211591-trusted-root-intermediate-certificates (GlobalSign), or this: https://support.godaddy.com/help/article/5239/generating-a-csr-and-installing-an-ssl-certificate-in-tomcat-4-x5-x6-x7-x (for GoDaddy, refer to the section under "Installing Your SSL in Tomcat").
If you're running Java 1.8.0_51+ this can be caused by certain ciphers being disabled. Specifically, in update 51, RC4 support was disabled. If the server you're connecting to still has RC4 enabled, Java will no longer connect to it. More information can be found in the release notes.
If you're running the application with an OpenJDK it's possible that it doesn't have the required cipher suites.
Downgrade to Java 1.8.0_45 where RC4 is still enabled.
Follow your CA's instructions to import the intermediate certs into Fisheye's keystore. You may need to contact your CA's support for further assistance, as this is beyond the scope of Atlassian Support.
Update the remote servers configuration so that the RC4 cipher is not longer allowed to used.
Install an Oracle JDK, import the target application's certificate into its truststore, then restart Fisheye, making sure it's using the new JDK.