Jira server unable to connect to external applications running older Java versions using SSL
プラットフォームについて: Server および Data Center のみ。この記事は、Server および Data Center プラットフォームのアトラシアン製品にのみ適用されます。
Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.
*Fisheye および Crucible は除く
問題
When trying to connect to another application over SSL (eg. Incoming Mail), it will fail.
The following appears in atlassian-jira-incoming-mail.log or atlassian-jira.log
2015-11-20 10:02:00,340 WARN [xxxxx] yyyyyy anonymous TEST TEST[10101]: javax.mail.MessagingException: Received fatal alert: handshake_failure while connecting to host 'xxxxx.example.net' as user 'ABCDE' via protocol 'imaps, caused by: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
診断
- Have already confirmed that all relevant certificates are added to the truststore
- Problem happened since migrating or upgrading JIRA (more specifically Java)
原因
If you're running Java 1.8.0_51+ this can be caused by certain ciphers being disabled. Specifically, in update 51, RC4 support was disabled. If the server you're connecting to still has RC4 enabled, Java will no longer connect to it. More information can be found in the release notes.
回避策
This workaround involves downgrading to a version of Java that allows weak ciphers, this is considered a significant security risk. The RC4 cipher has been deprecated which is why this error occurs.
Downgrade to Java 1.8.0_45 where RC4 is still enabled.
ソリューション
Update the remote servers configuration so that the RC4 cipher is not longer allowed to used. https://mozilla.github.io/server-side-tls/ssl-config-generator/ is an excellent resource for identifying the appropriate configuration to use.