Jira server unable to connect to external applications running older Java versions using SSL

お困りですか?

アトラシアン コミュニティをご利用ください。

コミュニティに質問

プラットフォームについて: Server と Data Center のみ - この記事は、サーバーおよびデータセンター プラットフォームのアトラシアン製品にのみ適用されます。

 

 

問題

When trying to connect to another application over SSL (eg. Incoming Mail), it will fail.

The following appears in atlassian-jira-incoming-mail.log or atlassian-jira.log

2015-11-20 10:02:00,340 WARN [xxxxx] yyyyyy anonymous    TEST TEST[10101]: javax.mail.MessagingException: Received fatal alert: handshake_failure while connecting to host 'xxxxx.example.net' as user 'ABCDE' via protocol 'imaps, caused by: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure

診断

  • Have already confirmed that all relevant certificates are added to the truststore
  • Problem happened since migrating or upgrading JIRA (more specifically Java)

原因

If you're running Java 1.8.0_51+ this can be caused by certain ciphers being disabled. Specifically, in update 51, RC4 support was disabled. If the server you're connecting to still has RC4 enabled, Java will no longer connect to it. More information can be found in the release notes.

回避策

This workaround involves downgrading to a version of Java that allows weak ciphers, this is considered a significant security risk. The RC4 cipher has been deprecated which is why this error occurs.

Downgrade to Java 1.8.0_45 where RC4 is still enabled.

ソリューション

Update the remote servers configuration so that the RC4 cipher is not longer allowed to used. https://mozilla.github.io/server-side-tls/ssl-config-generator/ is an excellent resource for identifying the appropriate configuration to use.

最終更新日 2019 年 9 月 25 日

この内容はお役に立ちましたか?

はい
いいえ
この記事についてのフィードバックを送信する
Powered by Confluence and Scroll Viewport.