SVN checkout task failed with error "svn: E175002: SSL handshake failed"

Still need help?

The Atlassian Community is here for you.

Ask the community


Platform notice: Server and Data Center only. This article only applies to Atlassian products on the Server and Data Center platforms.

Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.

*Except Fisheye and Crucible

Summary

When running a SVN checkout task in your Bamboo plan, this fails with error svn: E175002: SSL handshake failed

Environment

Java8u291 or higher

Diagnosis

  1. Run a SVN checkout task from Bamboo to your SVN server which is configured to accept TLS 1.0 or TLS 1.1 connections. 
  2. After you run your plan, your build will fail with the following error message: svn: E175002: SSL handshake failed.
  3. In addition, he following message is shown on the stack trace generated by the error:

    Caused by: javax.net.ssl.SSLHandshakeException: The server selected protocol version TLS10 is not accepted by client preferences [TLS12]

Cause

Since Java version 8 update 291 or higher TLS 1.0 and TLS 1.1 have been disabled by default. See a snippet from the Java 8 update 291 release notes:

security-libs/javax.net.ssl
Disable TLS 1.0 and 1.1
TLS 1.0 and 1.1 are versions of the TLS protocol that are no longer considered secure and have been superseded by more secure and modern versions (TLS 1.2 and 1.3).
These versions have now been disabled by default. If you encounter issues, you can, at your own risk, re-enable the versions by removing "TLSv1" and/or "TLSv1.1" from the jdk.tls.disabledAlgorithms security property in the java.security configuration file.

Due to this change, and if your SVN server is not configured to accept TLS 1.2 or TLS 1.3 connections the checkout task will fail due to the disparity on the encryption algorithms between client and server.

Solution

In order to resolve this issue choose any of these three options:

  • Recommended solution: Enable TLS 1.2 or TLS 1.3 on your SVN server.
  • Downgrade your Java on your Bamboo agents (or Bamboo server if you run local agents) to any version prior to Java8u291
  • Modify your java.security file which is normally located under the directory /jre/lib/security on your Java installation directory. On that file, find the line that contains jdk.tls.disabledAlgorithms and delete TLSv1 and TLSv1.1 from the list of disabled algorithms.

After running these steps restart your agents (or your Bamboo server if you run local agents) so that they pick up the changes.

WARNING: please be aware that using an older Java version or enabling manually TLS 1.0 and TLS 1.1 pose a security risk to your application which may have severe implications. There are reasons why those protocols were disabled and hence our recommended solution is to use TLS 1.2 or TLS 1.3 on your SVN server.

Last modified on Jul 19, 2021

Was this helpful?

Yes
No
Provide feedback about this article
Powered by Confluence and Scroll Viewport.