You're on your way to the next level! Join the Kudos program to earn points and save your progress.
Level 1: Seed
25 / 150 points
1 badge earned
Challenges come and go, but your rewards stay with you. Do more to earn more!
What goes around comes around! Share the love by gifting kudos to your peers.
Keep earning points to reach the top of the leaderboard. It resets every quarter so you always have a chance!
Join now to unlock these features and more
We've been using bamboo with tls on port 8443 for years. Redhat released openjdk 220.127.116.112.b10-1.el7_9 and when we upgraded our bamboo server to it, none of the agents or browsers could communicate to 8443. We are seeing a "err_ssl_protocol_error" message in chrome and the agents report "javax.net.ssl.sslexception: unsupported or unrecognized ssl message" in their logs. We do have a proxy in front on port 443 that proxies to 8443 and that still works fine.
I've tried modifying java.security file settings but nothing seems to be making a difference. My concern is that I'm going to see the same issue with our other Atlassian servers.
Also, I upgraded to bamboo 7.1.4 but forgot to specify the bamboo.home directory in atlassian-bamboo/WEB-INF/classes/bamboo-init.properties. When I went to the bamboo server on port 8443, it displayed the web page showing me the diagnostic page that shows the java version check and the bamboo.home setting and how to fix it so the tls issue happens after I specified the bamboo.home directory.
Had anyone else seen issues with upgrading to that version of openjdk on RHEL7?
It looks like you have stumbled onto this bug.
Glad to see that you managed to fix it by downgrading Java. If this was not an option, I was going to suggest the workaround proposed by my colleague in the bug report above.
Good news is that this has been fixed in Bamboo 7.2.0 already (that is yet to be released as of today).
1. Yes they were. I only upgraded from 7.1.1 to 7.1.4 to see if it fixed the issue. The only upgrade that broke bamboo was the openjdk upgrade.
2. Yes. We have a connector specified in the server.xml for port 8443 that references a keystore with the password. This worked fine before the openjdk upgrade.
3. I saw this in my searches and tried it but it didn't fix the issue.
I should also note that downgrading openjdk fixes the issue. We don't run any custom jdk settings. I've only started trying different jdk settings to see if it affects it. It seems like either a TLS protocol or cipher issue.