Hello Baptiste:
The "Error testing connection; Reason: javax.net.ssl.SSLException: Connection reset" message you're encountering during the setup of the Qualys Container Scanning Connector in your Bamboo instance can be frustrating. This error generally indicates a problem in the SSL/TLS handshake process, which can be caused by several underlying issues. Here are some potential causes and solutions to explore:
- SSL/TLS Version Mismatch
The client and server might be using incompatible versions of SSL/TLS.
- Solution: Ensure that both your Bamboo server and the Qualys API endpoint support the same versions of SSL/TLS. You might need to update your Java version on the Bamboo server or configure it to use a specific protocol version that's compatible with Qualys.
- Cipher Suite Mismatch
Similar to the version mismatch, this happens when the client and server do not have any cipher suites in common.
- Solution: Check the server's configuration (in this case, the Qualys API endpoint) to see which cipher suites are supported and then configure your Bamboo server's JVM to support one or more of these cipher suites.
- Java's TrustStore Does Not Recognize the Server's Certificate
If the server's certificate (Qualys API) isn't trusted by the JVM running Bamboo, the SSL handshake will fail.
- Solution: Add the Qualys API endpoint's certificate to the Java TrustStore used by your Bamboo server. This often involves exporting the certificate from the browser or directly from the server, and then importing it into the Java TrustStore with the keytool command.
- Intermediate or Root CA Certificate Missing
Sometimes, the issue is not with the server's certificate but with a missing intermediate or root CA certificate in the chain of trust.
- Solution: Ensure that all necessary intermediate and root CA certificates are present in your Bamboo server's TrustStore.
- Firewall or Network Security Device Interference
Network security devices (like IDS/IPS systems, firewalls, or even corporate proxies) can sometimes interfere with SSL/TLS handshakes.
- Solution: Verify with your network team if any security device is intercepting SSL/TLS traffic. You might need to create an exception rule for traffic between your Bamboo server and Qualys.
- Qualys Endpoint Configuration
Ensure you're pointing to the correct Qualys API endpoint and that it's accessible from your network. Qualys has multiple data centers and API endpoints.
- Solution: Double-check the Qualys API endpoint URL you're using for the connector setup.
Troubleshooting Steps
- Enable SSL Debugging: You can enable SSL debugging on your Bamboo server to get more detailed logs about the SSL handshake process. Add -Djavax.net.debug=ssl to the Bamboo server's JVM startup options to enable this.
- Test with a Simple SSL Client: Use a tool like openssl s_client -connect <qualys-api-endpoint>:443 to manually test the SSL/TLS handshake from your Bamboo server to the Qualys API endpoint. This can help identify if the issue is with the Java environment or elsewhere in the network.
- Review Bamboo and System Logs: There might be more detailed error messages in the Bamboo logs or the system logs that could give more clues.
- Consult Qualys and Atlassian Support: If you continue to have issues, reaching out to Qualys and Atlassian support may provide more specific guidance, especially if there are known issues or configurations that are specific to their platforms.
Resolving SSLException issues can be complex due to the variety of potential causes, but systematically checking each potential issue will help you pinpoint and solve the problem.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.