Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

Unknown SSL protocol error in connection to bitbucket

Hi , 

From Jenkins, when connecting to Bitbucket repository using SSL, i am getting below error :

stderr: fatal: unable to access 'https://q-bitbucket.nl.eu.abnamro.com:7999/scm/sccm/sccm-manager.git/': Unknown SSL protocol error in connection to q-bitbucket.nl.eu.abnamro.com:8080

When i checked in Bitbucket settings i see : sslProtocol="TLS", should i change it to SSL ? 

Regards,

Sriram

2 answers

Hi Renato Rudnicki, 

We are using reverse proxy ( Load Balanced as i understood).  And our rev proxy is able to recognize the certificate. I have loaded the certificate chain to a keystore (q-bitbucket_nl_eu_abnamro_com.jks) , and set this path in /var/gitstash/atlassian-bitbucket-4.1.0/conf/server.xml

 

Here is the output of curl command:

curl -3 -v https://q-bitbucket.nl.eu.abnamro.com:7999/scm/sccm/sccm-manager.git/
* About to connect() to q-bitbucket.nl.eu.abnamro.com port 7999
* Trying 10.20.192.101... connected
* Connected to q-bitbucket.nl.eu.abnamro.com (10.20.192.101) port 7999
* successfully set certificate verify locations:
* CAfile: /etc/pki/tls/certs/ca-bundle.crt
CApath: none
* SSLv3, TLS handshake, Client hello (1):
SSLv3, TLS alert, Server hello (2):
error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number
* Closing connection #0
curl: (35) error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number

 

From this command , i see CA file path is showing /etc/pki/tls/certs/ca-bundle.crt , is this expected ? of should i change the path ? please suggest . 

 

Regards,

Sriram

rrudnicki Atlassian Team Dec 14, 2015

Looks like the openssl version from your LB and your BB Server are not the same or they don’t support the same cypher version. 

 

You can check this with the following commands:

openssl version

openssl ciphers -v

 

I recommend you to setup the openssl version to the same version of your BB Server. 

 

I Also recommend you to check this documentation: https://confluence.atlassian.com/display/BitbucketServerKB/Securing+Bitbucket+Server+(using+Tomcat)+against+Poodle+Disabling+SSLv3

 

Cheers, 

Renato 

0 votes
rrudnicki Atlassian Team Dec 14, 2015

Hi Sriram, 

Looks like you are using some reverse proxy, am I right? If so, can you confirm if your reverse proxy is recognizing your certificate? What is the output of the following command?

curl -3 -v https://q-bitbucket.nl.eu.abnamro.com:7999/scm/sccm/sccm-manager.git/

The command above you show if your server is supporting ssl v3. If not, you can try to add this for testing purposes with the following command:

openssl s_client -connect
https://q-bitbucket.nl.eu.abnamro.com:7999/scm/sccm/sccm-manager.git/ -ssl3

If you are using Reverse Proxy, please check this documentation:

https://confluence.atlassian.com/display/BitbucketServer/Proxying+and+securing+Bitbucket+Server

 

Lastly, can confirm if those ports 7999 or 8080 are supporting HTTPS? This sounds like and HTTP connection.

 

Regards, 

Renato Rudnicki

It really very helpful for me and I really like this. FEMA

Suggest an answer

Log in or Sign up to answer
TAGS
Community showcase
Published in Bitbucket

New improvements to user management in Bitbucket Cloud 👥

Hey Community! We’re willing to wager that quite a few of you not only use Bitbucket, but administer it too. Our team is excited to share that we’ll be releasing improvements throughout this month of...

3,719 views 10 16
Read article

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you