Page History

Problem

When trying to establish a connection to a server with HTTPS-based URL, JIRA Client reports the following problem:

Received fatal alert: bad_record_mac{code}

*Check* if the server allows only SSL v3 as the protocol for HTTPS connection. 

The problem is caused by issues with Sun Java security package ([#4815023|http://bugs.sun.com/view_bug.do?bug_id=4815023]), which makes the client (JIRA Client) try TLS even if it's not supported on the server. This results in aborted connection.

h3. Solution

The workaround is to enable only SSLv3 on the client. This can be done by setting "https.protocols" system property to "SSLv3", and also turning on 

Check if the server allows only SSL v3 as the protocol for HTTPS connection.

The problem is caused by issues with Sun Java security package (#4815023), which makes the client (JIRA Client) try TLS even if it's not supported on the server. This results in aborted connection.

Solution

The workaround is to enable only SSLv3 on the client. This can be done by setting "https.protocols" system property to "SSLv3", and also turning on "force.http.jre.executor"

...

system

...

property.

...

On

...

Windows

...

Find

...

"JIRA

...

Client"

...

start

...

menu

...

item

...

(or

...

other

...

shortcut

...

that

...

you

...

use

...

to

...

launch

...

JIRA

...

Client),

...

Right-Click

...

on

...

it

...

and

...

select

...

Properties

...

.

...

The

...

Shortcut

...

tab

...

will

...

appear,

...

with

...

the

...

Target

...

field

...

containing

...

something

...

like

...

"C:\Program

...

Files\JIRA

...

Client\bin\jiraclient.exe"

...

.

...

Click

...

on

...

the

...

Target

...

field

...

and

...

modify

...

it

...

so

...

it

...

says

...

}

Code Block
"C:\Program Files\JIRA Client\bin\jiraclient.exe" -J-Dhttps.protocols=SSLv3 -J-Dforce.http.jre.executor=true{code}

Use

...

copy&paste

...

from

...

this

...

article

...

to

...

avoid

...

typos.

...

Tip
Note the quotes in this example. Don't put additional parameters inside the quotes around the .exe file path. {tip} h5. On Linux Modify

On Linux

Modify "jiraclient.sh"

...

script.

...

Find

...

line

...

that

...

says

...

JAVA_OPTIONS="-Xmx600m

...

-Duse.metal=true"

...

.

...

Modify

...

it

...

so

...

it

...

says

...

JAVA_OPTIONS="-Xmx600m -Duse.metal=true -Dhttps.protocols=SSLv3 -Dforce.http.jre.executor=true"
{code}

Note

...

the

...

quotes

...

are

...

around

...

all

...

the

...

line.

...

Use

...

full

...

path

...

to

...

specify

...

the

...

location

...

of

...

jiraclient.jks.

...

On

...

Mac

...

Right-click

...

on

...

JIRA

...

Client

...

application

...

and

...

select

...

Show

...

Package

...

Contents

...

.

...

Open

...

Contents

...

folder.

...

Double-click

...

on

...

the

...

Info.plist

...

file.

...

Plist

...

editor

...

should

...

start.

...

Open

...

Java

...

section,

...

then

...

Properties

...

subsection.

...

Use

...

"+"

...

button

...

to

...

add

...

the

...

following

...

properties:

...

Name	Value
force.http.jre.executor

...

true

...

https.protocols

...

SSLv3

}

Panel
title For self-signed	server	certificates
If the server uses a self-signed certificate (or a certificate signed by an unknown CA), you will need to explicitly import server's certificate into the Java's trust keystore. (See [ instructions |Connecting to a Bugzilla, JIRA server with a self-signed SSL certificate] .) By default, the trust keystore is called _ cacerts _ and it resides in C:\Program Files\JIRA Client\jre\lib\security\cacerts. With the same method you used for setting the three properties described above, it's possible to specify a different location for cacerts: you need to set _ javax.net.ssl.trustStore _ property to _ </path/to/your/cacerts> _ , and, if the password is not default ( _ changeit _ ), set _ javax.net.ssl.trustStorePassword _ property. {panel}