Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Redhat openjdk 1.8.0.272.b10-1 breaks tls in bamboo 7.1

doug.curtis
doug.curtis November 19, 2020

We've been using bamboo with tls on port 8443 for years.  Redhat released openjdk 1.8.0.272.b10-1.el7_9 and when we upgraded our bamboo server to it, none of the agents or browsers could communicate to 8443.  We are seeing a "err_ssl_protocol_error" message in chrome and the agents report "javax.net.ssl.sslexception: unsupported or unrecognized ssl message" in their logs.  We do have a proxy in front on port 443 that proxies to 8443 and that still works fine.

I've tried modifying java.security file settings but nothing seems to be making a difference.  My concern is that I'm going to see the same issue with our other Atlassian servers.

Also, I upgraded to bamboo 7.1.4 but forgot to specify the bamboo.home directory in atlassian-bamboo/WEB-INF/classes/bamboo-init.properties.  When I went to the bamboo server on port 8443, it displayed the web page showing me the diagnostic page that shows the java version check and the bamboo.home setting and how to fix it so the tls issue happens after I specified the bamboo.home directory.

Had anyone else seen issues with upgrading to that version of openjdk on RHEL7?

Thanks

Answer
Watch
Like Be the first to like this
1256 views

2 answers

1 accepted

3 votes
Answer accepted
Jeyanthan I
Jeyanthan I
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
November 19, 2020

Hi @doug.curtis,

It looks like you have stumbled onto this bug.

Glad to see that you managed to fix it by downgrading Java. If this was not an option, I was going to suggest the workaround proposed by my colleague in the bug report above.

Good news is that this has been fixed in Bamboo 7.2.0 already (that is yet to be released as of today).

Cheers,
Jey

View More Comments
doug.curtis
doug.curtis November 19, 2020

Thanks for this.  This seems exactly like what I'm running into.  I'll play around with options specified in the bug report to verify.

Thanks again!

Like
doug.curtis
doug.curtis November 19, 2020

That's definitely what it was.  Disabling the RSASSA-PSS signature algorithm fixed the issue.  At least now if I HAVE to upgrade to u272, I have a solution for it.

Thanks for the quick response.

Like
Jeremy Owen
Jeremy Owen
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
November 19, 2020

G'day Doug,

We're fairly confident you won't run into this with any other Atlassian products as it relates to a certain Bamboo dependency and how it's loading crypto providers. 

Cheers,

Jeremy

Like
doug.curtis
doug.curtis November 20, 2020

That's good news.  I was going to add RSASSA-PSS on my other Atlassian servers as a precautionary measure but I'm glad that it's probably not necessary.

Like
Reply
0 votes
Edwin Kyalangalilwa
Edwin Kyalangalilwa
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
November 19, 2020

Hi @doug.curtis ,

Please confirm and test the following.

  1. Custom configurations were migrated from the previous installation.
  2. Port 8443 is enabled in the server.xml .... Bamboo listens on 8085 by default.
  3. Unrecognized SSL message, plaintext connection? 
View More Comments
doug.curtis
doug.curtis November 19, 2020

1.  Yes they were.  I only upgraded from 7.1.1 to 7.1.4 to see if it fixed the issue.  The only upgrade that broke bamboo was the openjdk upgrade.

2.  Yes.  We have a connector specified in the server.xml for port 8443 that references a keystore with the password.  This worked fine before the openjdk upgrade.

3.  I saw this in my searches and tried it but it didn't fix the issue.

 

I should also note that downgrading openjdk fixes the issue.  We don't run any custom jdk settings.  I've only started trying different jdk settings to see if it affects it.  It seems like either a TLS protocol or cipher issue.

Like
Reply

Suggest an answer

Log in or Sign up to answer
Bamboo
Bamboo
TAGS
AUG Leaders

Atlassian Community Events

    See all events