JIRA's Tomcat SSL Connector fails to start with SSLContext not available
プラットフォームについて: Server および Data Center のみ。この記事は、Server および Data Center プラットフォームのアトラシアン製品にのみ適用されます。
Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.
*Fisheye および Crucible は除く
問題
Following Running JIRA applications over SSL or HTTPS to configure JIRA with a Tomcat SSL Connector, the Connector fails to start. This error is found in Tomcat logs:
18-Oct-2017 15:27:42.923 SEVERE [main] org.apache.catalina.core.StandardService.startInternal Failed to start connector [Connector[HTTP/1.1-9750]]
org.apache.catalina.LifecycleException: Failed to start component [Connector[HTTP/1.1-9750]]
at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:167)
at org.apache.catalina.core.StandardService.startInternal(StandardService.java:440)
at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150)
at org.apache.catalina.core.StandardServer.startInternal(StandardServer.java:791)
at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150)
at org.apache.catalina.startup.Catalina.start(Catalina.java:655)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:355)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:495)
Caused by: org.apache.catalina.LifecycleException: service.getName(): "Catalina"; Protocol handler start failed
at org.apache.catalina.connector.Connector.startInternal(Connector.java:976)
at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150)
... 11 more
Caused by: java.lang.IllegalArgumentException: java.security.NoSuchAlgorithmException: TLSv1.2,TLSv1.3 SSLContext not available
at org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:103)
at org.apache.tomcat.util.net.AbstractJsseEndpoint.initialiseSsl(AbstractJsseEndpoint.java:81)
at org.apache.tomcat.util.net.NioEndpoint.bind(NioEndpoint.java:244)
at org.apache.tomcat.util.net.AbstractEndpoint.start(AbstractEndpoint.java:874)
at org.apache.coyote.AbstractProtocol.start(AbstractProtocol.java:590)
at org.apache.catalina.connector.Connector.startInternal(Connector.java:969)
... 12 more
Caused by: java.security.NoSuchAlgorithmException: TLSv1.2,TLSv1.3 SSLContext not available
at sun.security.jca.GetInstance.getInstance(GetInstance.java:159)
at javax.net.ssl.SSLContext.getInstance(SSLContext.java:156)
at org.apache.tomcat.util.net.jsse.JSSESSLContext.<init>(JSSESSLContext.java:37)
at org.apache.tomcat.util.net.jsse.JSSEUtil.createSSLContext(JSSEUtil.java:167)
at org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:100)
... 17 more診断
Environment: JIRA 7.5.x bundled with Tomcat 8.5.6 and JRE 1.8.0_102.
There are 2 Connectors in server.xml like this:
- The non-SSL connector (port 8750) is started normally
- The SSL connector (port 9750) fails to start
<Connector acceptCount="100" bindOnInit="false" connectionTimeout="20000" disableUploadTimeout="true" enableLookups="false"
maxHttpHeaderSize="8192" maxThreads="150" minSpareThreads="25" useBodyEncodingForURI="true"
port="8750" protocol="HTTP/1.1" redirectPort="9750"/>
<Connector acceptCount="100" bindOnInit="false" connectionTimeout="20000" disableUploadTimeout="true" enableLookups="false"
maxHttpHeaderSize="8192" maxThreads="150" minSpareThreads="25" useBodyEncodingForURI="true"
keyAlias="tomcat" keystoreFile="keystore/tomcat.jks" keystorePass="password" keystoreType="JKS"
port="9750" protocol="org.apache.coyote.http11.Http11NioProtocol" scheme="https" secure="true"
sslEnabledProtocols="TLSv1.2,TLSv1.3" sslProtocol="TLSv1.2,TLSv1.3" SSLEnabled="true" clientAuth="false"/>原因
sslProtocol only supports a single value e.g. TLS. Configuring it with multiple values causes the problem.
JRASERVER-66168 - Documentation regarding configuring SSL uses wrong attribute in example config has been raised to address this Documentation issue.
ソリューション
Remove sslProtocol and only use sslEnabledProtocols:
<Connector acceptCount="100" bindOnInit="false" connectionTimeout="20000" disableUploadTimeout="true" enableLookups="false"
maxHttpHeaderSize="8192" maxThreads="150" minSpareThreads="25" useBodyEncodingForURI="true"
keyAlias="tomcat" keystoreFile="keystore/tomcat.jks" keystorePass="password" keystoreType="JKS"
port="9750" protocol="org.apache.coyote.http11.Http11NioProtocol" scheme="https" secure="true"
sslEnabledProtocols="TLSv1.2,TLSv1.3" SSLEnabled="true" clientAuth="false"/>
最終更新日: 2025 年 1 月 28 日
Powered by Confluence and Scroll Viewport.