Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

Next challenges

Recent achievements

  • Global
  • Personal

Recognition

  • Give kudos
  • Received
  • Given

Leaderboard

  • Global

Trophy case

Kudos (beta program)

Kudos logo

You've been invited into the Kudos (beta program) private group. Chat with others in the program, or give feedback to Atlassian.

View group

It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

Bamboo: SSL issues after CentOS upgrade

Dear all,

Bamboo stopped accepting connections on port 8443 after the last OS upgrade we did a few days ago.

Nmap shows this:

---] START OF PASTED TEXT

PORT STATE SERVICE
8443/tcp open https-alt
| ssl-enum-ciphers:
| TLSv1.0:
| ciphers:
| TLS_DHE_RSA_WITH_AES_128_CBC_SHA (dh 2048) - A
| TLS_DHE_RSA_WITH_AES_256_CBC_SHA (dh 2048) - A
| TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (secp256r1) - A
| TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (secp256r1) - A
| compressors:
| NULL
| cipher preference: client
| TLSv1.1:
| ciphers:
| TLS_DHE_RSA_WITH_AES_128_CBC_SHA (dh 2048) - A
| TLS_DHE_RSA_WITH_AES_256_CBC_SHA (dh 2048) - A
| TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (secp256r1) - A
| TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (secp256r1) - A
| compressors:
| NULL
| cipher preference: client
| TLSv1.2:
| ciphers:
| TLS_DHE_RSA_WITH_AES_128_CBC_SHA (dh 2048) - A
| TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 (dh 2048) - A
| TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (dh 2048) - A
| TLS_DHE_RSA_WITH_AES_256_CBC_SHA (dh 2048) - A
| TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 (dh 2048) - A
| TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (dh 2048) - A
| TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (secp256r1) - A
| TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (secp256r1) - A
| TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (secp256r1) - A
| TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (secp256r1) - A
| TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (secp256r1) - A
| TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (secp256r1) - A
| compressors:
| NULL
| cipher preference: client
|_ least strength: A

---] END OF PASTED TEXT

And curl shows this:

---] START OF PASTED TEXT

$ curl -v https://bamboserver:8443
* Rebuilt URL to: https://bamboo.server:8443/
* Trying 192.168.0.10...
* TCP_NODELAY set
* Connected to bamboo.server (192.168.0.10) port 8443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /etc/pki/tls/certs/ca-bundle.crt
CApath: none
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (OUT), TLS alert, illegal parameter (559):
* error:141BD06C:SSL routines:tls_parse_stoc_key_share:bad key share
* Closing connection 0
curl: (35) error:141BD06C:SSL routines:tls_parse_stoc_key_share:bad key share
$

---] END OF PASTED TEXT

Any ideas as to why connections to port 8443 yield messages like: "ERR_SSL_PROTOCOL_ERROR" on Google Chrome? Similar ones show with Firefox as well.

Is there any way to fix it?

Thanks and regards,

Martin

 

1 answer

0 votes
Daniel Ebers Community Leader Dec 11, 2020

Hi Martin,

are you using a reverse proxy in front of Bamboo or what is exactly terminating the SSL connections?

As you mentioned an OS upgrade I rather suspect that something was updated and is not imcompatible (needs probably a fix of one configuration line or the other).
But I rather suspect this to be an Apache/nginx then Bamboo itself (except you touched Bamboo installation as well).

Are the certificate files still in the proper location, intact and readable?
I ask because of:


* error:141BD06C:SSL routines:tls_parse_stoc_key_share:bad key share

Regards,
Daniel

Hi Daniel,

thanks for your reply.

There are no reverse proxies.

I solved this issue through the Atlassian Support.

We were hit by a known issue:  https://jira.atlassian.com/browse/BAM-21157

This thread can be closed.

 

Best,

Martin

Suggest an answer

Log in or Sign up to answer
TAGS
Community showcase
Published in Bamboo

Bamboo 7.2 is here!

I'm happy to announce that Bamboo 7.2 has been released and it’s overflowing with awesome new features. This will be the last major Server release before the launch of Bamboo DC. Bamboo logs We...

481 views 5 7
Read article

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you