Jira server unable to connect to external applications running older Java versions using SSL
プラットフォームについて: Server と Data Center のみ - この記事は、サーバーおよびデータセンター プラットフォームのアトラシアン製品にのみ適用されます。
When trying to connect to another application over SSL (eg. Incoming Mail), it will fail.
The following appears in
2015-11-20 10:02:00,340 WARN [xxxxx] yyyyyy anonymous TEST TEST: javax.mail.MessagingException: Received fatal alert: handshake_failure while connecting to host 'xxxxx.example.net' as user 'ABCDE' via protocol 'imaps, caused by: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
- Have already confirmed that all relevant certificates are added to the truststore
- Problem happened since migrating or upgrading JIRA (more specifically Java)
If you're running Java 1.8.0_51+ this can be caused by certain ciphers being disabled. Specifically, in update 51, RC4 support was disabled. If the server you're connecting to still has RC4 enabled, Java will no longer connect to it. More information can be found in the release notes.
This workaround involves downgrading to a version of Java that allows weak ciphers, this is considered a significant security risk. The RC4 cipher has been deprecated which is why this error occurs.
Downgrade to Java 1.8.0_45 where RC4 is still enabled.
Update the remote servers configuration so that the RC4 cipher is not longer allowed to used. https://mozilla.github.io/server-side-tls/ssl-config-generator/ is an excellent resource for identifying the appropriate configuration to use.