Come for the products,
stay for the community

The Atlassian Community can help you and your team get more value out of Atlassian products and practices.

Atlassian Community about banner
4,360,934
Community Members
 
Community Events
168
Community Groups

Bamboo: SSL issues after CentOS upgrade

Dear all,

Bamboo stopped accepting connections on port 8443 after the last OS upgrade we did a few days ago.

Nmap shows this:

---] START OF PASTED TEXT

PORT STATE SERVICE
8443/tcp open https-alt
| ssl-enum-ciphers:
| TLSv1.0:
| ciphers:
| TLS_DHE_RSA_WITH_AES_128_CBC_SHA (dh 2048) - A
| TLS_DHE_RSA_WITH_AES_256_CBC_SHA (dh 2048) - A
| TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (secp256r1) - A
| TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (secp256r1) - A
| compressors:
| NULL
| cipher preference: client
| TLSv1.1:
| ciphers:
| TLS_DHE_RSA_WITH_AES_128_CBC_SHA (dh 2048) - A
| TLS_DHE_RSA_WITH_AES_256_CBC_SHA (dh 2048) - A
| TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (secp256r1) - A
| TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (secp256r1) - A
| compressors:
| NULL
| cipher preference: client
| TLSv1.2:
| ciphers:
| TLS_DHE_RSA_WITH_AES_128_CBC_SHA (dh 2048) - A
| TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 (dh 2048) - A
| TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (dh 2048) - A
| TLS_DHE_RSA_WITH_AES_256_CBC_SHA (dh 2048) - A
| TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 (dh 2048) - A
| TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (dh 2048) - A
| TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (secp256r1) - A
| TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (secp256r1) - A
| TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (secp256r1) - A
| TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (secp256r1) - A
| TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (secp256r1) - A
| TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (secp256r1) - A
| compressors:
| NULL
| cipher preference: client
|_ least strength: A

---] END OF PASTED TEXT

And curl shows this:

---] START OF PASTED TEXT

$ curl -v https://bamboserver:8443
* Rebuilt URL to: https://bamboo.server:8443/
* Trying 192.168.0.10...
* TCP_NODELAY set
* Connected to bamboo.server (192.168.0.10) port 8443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /etc/pki/tls/certs/ca-bundle.crt
CApath: none
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (OUT), TLS alert, illegal parameter (559):
* error:141BD06C:SSL routines:tls_parse_stoc_key_share:bad key share
* Closing connection 0
curl: (35) error:141BD06C:SSL routines:tls_parse_stoc_key_share:bad key share
$

---] END OF PASTED TEXT

Any ideas as to why connections to port 8443 yield messages like: "ERR_SSL_PROTOCOL_ERROR" on Google Chrome? Similar ones show with Firefox as well.

Is there any way to fix it?

Thanks and regards,

Martin

 

1 answer

0 votes
Daniel Ebers Community Leader Dec 11, 2020

Hi Martin,

are you using a reverse proxy in front of Bamboo or what is exactly terminating the SSL connections?

As you mentioned an OS upgrade I rather suspect that something was updated and is not imcompatible (needs probably a fix of one configuration line or the other).
But I rather suspect this to be an Apache/nginx then Bamboo itself (except you touched Bamboo installation as well).

Are the certificate files still in the proper location, intact and readable?
I ask because of:


* error:141BD06C:SSL routines:tls_parse_stoc_key_share:bad key share

Regards,
Daniel

Hi Daniel,

thanks for your reply.

There are no reverse proxies.

I solved this issue through the Atlassian Support.

We were hit by a known issue:  https://jira.atlassian.com/browse/BAM-21157

This thread can be closed.

 

Best,

Martin

Suggest an answer

Log in or Sign up to answer
TAGS
Community showcase
Published in Bamboo

Bamboo 9.0 is now available

Hey there, Data Center community! I'm Martyna Wojtas and I am the Product Manager for Bamboo Data Center. I’m excited to share that Bamboo 9.0 is now available. We purpose-built this platform to help...

310 views 0 7
Read article

Atlassian Community Events