Knowledge Base
Page tree

Versions Compared

Old Version 3

changes.mady.by.user Anonymous

Saved on

compared with

New Version 4

changes.mady.by.user Eugene Sokhransky

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Wiki Markup
{workflow-include}
{panel}This article applies to: *Deskzilla 1.x-2.x, JIRA Client 1.x-2.x*, and connecting to Bugzilla and JIRA servers via https://... connections.
For clarity, this article is written about JIRA Client and JIRA, but it applies to Deskzilla / Bugzilla as well.{panel}

h3. Problem

When trying to establish a connection to a server with HTTPS-based URL, JIRA Client reports the following problem:{code}Received fatal alert: bad_record_mac{code}

*Check* if the server allows only SSL v3 as the protocol for HTTPS connection. 

The problem is caused by issues with Sun Java security package ([#4815023|http://bugs.sun.com/view_bug.do?bug_id=4815023]), which makes the client (JIRA Client) try TLS even if it's not supported on the server. This results in aborted connection.

h3. Solution

The workaround is to enable only SSLv3 on the client. This can be done by setting "https.protocols" system property to "SSLv3", and also turning on "force.http.jre.executor" system property.

h5. On Windows

Find "JIRA Client" start menu item (or other shortcut that you use to launch JIRA Client), _Right-Click_ on it and select _Properties_. The _Shortcut_ tab will appear, with the _Target_ field containing something like _"C:\Program Files\JIRA Client\bin\jiraclient.exe"_. 

Click on the Target field and modify it so it says {code}"C:\Program Files\JIRA Client\bin\jiraclient.exe" -J-Dhttps.protocols=SSLv3 -J-Dforce.http.jre.executor=true{code}

Use copy&paste from this article to avoid typos. 

{tip}Note the quotes in this example. Don't put additional parameters inside the quotes around the .exe file path.{tip}

h5. On Linux

Modify "jiraclient.sh" script. Find line that says _JAVA_OPTIONS="-Xmx600m -Duse.metal=true"_. Modify it so it says
{code}
JAVA_OPTIONS="-Xmx600m -Duse.metal=true -Dhttps.protocols=SSLv3 -Dforce.http.jre.executor=true"
{code}

Note the quotes are around all the line. Use full path to specify the location of jiraclient.jks.

h5. On Mac

Right-click on JIRA Client application and select _Show Package Contents_. Open _Contents_ folder. Double-click on the _Info.plist_ file. Plist editor should start. Open _Java_ section, then _Properties_ subsection. Use "+" button to add the following properties:
||Name||Value||
|force.http.jre.executor|true|
|https.protocols|SSLv3|

{panel:title=For self-signed server certificates}If the server uses a self-signed certificate (or a certificate signed by an unknown CA), you will need to explicitly import server's certificate into the Java's trust keystore. (See [instructions|Connecting to a Bugzilla, JIRA server with a self-signed SSL certificate].) By default, the trust keystore is called _cacerts_ and it resides in C:\Program Files\JIRA Client\jre\lib\security\cacerts. With the same method you used for setting the three properties described above, it's possible to specify a different location for cacerts: you need to set _javax.net.ssl.trustStore_ property to _</path/to/your/cacerts>_, and, if the password is not default (_changeit_), set _javax.net.ssl.trustStorePassword_ property.
{panel}