Wiki Markup |
---|
Panel |
This article applies to: Deskzilla 1.x-2.x, JIRA Client 1.x-2.x *, and connecting to Bugzilla and JIRA servers via https://... connections.
clarity, this article is written about JIRA Client and JIRA, but it applies to Deskzilla / Bugzilla as well. {panel} h3. Problem When trying to establish a connection to a server with HTTPS-based URL, JIRA Client reports the following problem:{code} |
Problem
When trying to establish a connection to a server with HTTPS-based URL, JIRA Client reports the following problem:
Code Block |
---|
Received fatal alert: bad_record_mac{code}
*Check* if the server allows only SSL v3 as the protocol for HTTPS connection.
The problem is caused by issues with Sun Java security package ([#4815023|http://bugs.sun.com/view_bug.do?bug_id=4815023]), which makes the client (JIRA Client) try TLS even if it's not supported on the server. This results in aborted connection.
h3. Solution
The workaround is to enable only SSLv3 on the client. This can be done by setting "https.protocols" system property to "SSLv3", and also turning on |
Check if the server allows only SSL v3 as the protocol for HTTPS connection.
The problem is caused by issues with Sun Java security package (#4815023), which makes the client (JIRA Client) try TLS even if it's not supported on the server. This results in aborted connection.
Solution
The workaround is to enable only SSLv3 on the client. This can be done by setting "https.protocols" system property to "SSLv3", and also turning on "force.http.jre.executor"
...
system
...
property.
...
On
...
Windows
...
Find
...
"JIRA
...
Client"
...
start
...
menu
...
item
...
(or
...
other
...
shortcut
...
that
...
you
...
use
...
to
...
launch
...
JIRA
...
Client),
...
Right-Click
...
on
...
it
...
and
...
select
...
Properties
...
.
...
The
...
Shortcut
...
tab
...
will
...
appear,
...
with
...
the
...
Target
...
field
...
containing
...
something
...
like
...
"C:\Program
...
Files\JIRA
...
Client\bin\jiraclient.exe"
...
.
...
Click
...
on
...
the
...
Target
...
field
...
and
...
modify
...
it
...
so
...
it
...
says
...
Code Block |
---|
"C:\Program Files\JIRA Client\bin\jiraclient.exe" -J-Dhttps.protocols=SSLv3 -J-Dforce.http.jre.executor=true{code}
|
Use
...
copy&paste
...
from
...
this
...
article
...
to
...
avoid
...
typos.
...
Tip |
---|
Note the quotes in this example. Don't put additional parameters inside the quotes around the .exe file path. {tip} h5. On Linux Modify |
On Linux
Modify "jiraclient.sh"
...
script.
...
Find
...
line
...
that
...
says
...
JAVA_OPTIONS="-Xmx600m
...
-Duse.metal=true"
...
.
...
Modify
...
it
...
so
...
it
...
says
...
Code Block |
---|
JAVA_OPTIONS="-Xmx600m -Duse.metal=true -Dhttps.protocols=SSLv3 -Dforce.http.jre.executor=true"
{code}
|
Note
...
the
...
quotes
...
are
...
around
...
all
...
the
...
line.
...
Use
...
full
...
path
...
to
...
specify
...
the
...
location
...
of
...
jiraclient.jks.
...
On
...
Mac
...
Right-click
...
on
...
JIRA
...
Client
...
application
...
and
...
select
...
Show
...
Package
...
Contents
...
.
...
Open
...
Contents
...
folder.
...
Double-click
...
on
...
the
...
Info.plist
...
file.
...
Plist
...
editor
...
should
...
start.
...
Open
...
Java
...
section,
...
then
...
Properties
...
subsection.
...
Use
...
"+"
...
button
...
to
...
add
...
the
...
following
...
properties:
...
Name | Value |
---|---|
force.http.jre.executor |
...
true |
...
https.protocols |
...
SSLv3 |
Panel | ||||||||
---|---|---|---|---|---|---|---|---|
|
|
| }||||||
If the server uses a self-signed certificate (or a certificate signed by an unknown CA), you will need to explicitly import server's certificate into the Java's trust keystore. (See [|Connecting to a Bugzilla, JIRA server with a self-signed SSL certificate].) By default, the trust keystore is called _cacerts _and it resides in C:\Program Files\JIRA Client\jre\lib\security\cacerts. With the same method you used for setting the three properties described above, it's possible to specify a different location for cacerts: you need to set _javax.net.ssl.trustStore _property to _</path/to/your/cacerts> _, and, if the password is not default ( _changeit _), set _javax.net.ssl.trustStorePassword _property. {panel} |