JIRA version = 8.5.4, Java Version = 1.8.0_292, MySQL 5.7.33-0ubuntu0.18.04.1 on Ubuntu 18.04 LTS
Everything was running fine until I had to reboot the server today. I haven't touched anything in my Jira config in months, all that might have happened is that an OS update might have updated MySQL, although I'm pretty sure I had 5.7 to begin with.
The dbconfig.xml connection URL looks like this (file is unmodified since a year):
<jdbc-datasource>
<url>jdbc:mysql://address=(protocol=tcp)(host=localhost)(port=3306)/jiradb?sessionVariables=default_storage_engine=InnoDB</url>
<driver-class>com.mysql.jdbc.Driver</driver-class>
...
The errors I see in my log are those:
2021-05-05 23:58:38,269+0200 JIRA-Bootstrap INFO [c.a.j.config.database.SystemDatabaseConfigurationLoader] Reading database configuration fr
om /var/atlassian/application-data/jira/dbconfig.xml
2021-05-05 23:58:38,295+0200 JIRA-Bootstrap INFO [c.a.j.config.database.DatabaseConfigHandler] Trying to get encrypted password from xml and
decrypt it
2021-05-05 23:58:38,296+0200 JIRA-Bootstrap INFO [c.a.j.config.database.DatabaseConfigHandler] Database password decryption not performed.
2021-05-05 23:58:38,556+0200 JIRA-Bootstrap ERROR [c.a.config.bootstrap.DefaultAtlassianBootstrapManager] Could not successfully test your d
atabase:
com.mysql.jdbc.exceptions.jdbc4.CommunicationsException: Communications link failure
The last packet successfully received from the server was 81 milliseconds ago. The last packet sent successfully to the server was 76 milliseconds ago.
...
Caused by: javax.net.ssl.SSLHandshakeException: No appropriate protocol (protocol is disabled or cipher suites are inappropriate)
at sun.security.ssl.HandshakeContext.<init>(HandshakeContext.java:171)
at sun.security.ssl.ClientHandshakeContext.<init>(ClientHandshakeContext.java:98)
at sun.security.ssl.TransportContext.kickstart(TransportContext.java:220)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:428)
at com.mysql.jdbc.ExportControlled.transformSocketToSSLSocket(ExportControlled.java:186)
Changing the JDBC URL to
jdbc:mysql://localhost:3306/jiradb?useUnicode=true&characterEncoding=UTF8&sessionVariables=default_storage_engine=InnoDB
as shown in https://confluence.atlassian.com/jirakb/change-mysql-connection-url-for-jira-server-874744240.html brings up the server in "new" mode, i.e. it asks me to configure the database and so on (obviously I already have a database with plenty of Jira data in it)
I've already checked this, but don't think the solutions apply since they only seem to be relevant for older MySQL and Jira versions.
Any help is appreciated!
I had the same problem upgrading from Jira core 7.13.1 to 8.18.2.
The java.security file released with bundled jre has changed between the versions.
So I solve in 2 different ways:
* Commenting lines 706-708 in JIRA\jre\lib\security\java.security (read on stackoverflow):
jdk.tls.disabledAlgorithms=SSLv3, TLSv1, TLSv1.1, RC4, DES, MD5withRSA, \
DH keySize < 1024, EC keySize < 224, 3DES_EDE_CBC, anon, NULL, \
include jdk.disabled.namedCurves
or, an alternative way
* adding useSSL=false in my dbconfig.xml read on Atlassian pages here
jdbc:mysql://<host>:<port>/<dbname>?...&useSSL=false
To add enabledTLSProtocols=TLSv1.2
and/or also TLSv1,TLSv1.1, did not worked for me.
These are the 2 fastest way to go on. There is also the Atlassian page about how to configure SSL in MySQL but I didn't try: I needed to go on in a faster way.
I'll try to study better the argument later.
Add this to your dbconfig.xml
jdbc:mysql://<host>:<port>/<dbname>?...&enabledTLSProtocols=TLSv1.2
Will work
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
The reason for this was probably caused by a minor upgrade of mysql from 5.7.something to 5.7.33 which according to this replaces yaSSL (which only supports TLS 1.1) with OpenSSL (which only supports TLS 1.2 or 1.3).
I'm not sure if this is then a limitation of my 5.1.48 mysql-jdbc driver or something else in the JRE, at any rate, specifically setting ssl = 0 in my mysql conf (which was previously not set at all), rebooting mysql, then rebooting Jira solved the problem.
Since I only use localhost connections on that mysql server, that shouldn't be a problem, but I'd be curious as to how to make this work without disabling SSL in mysql.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.