Handshake failed during wrap javax.net.ssl.SSLHandshakeException error seen in Bitbucket
Platform notice: Server and Data Center only. This article only applies to Atlassian products on the Server and Data Center platforms.
Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.
*Except Fisheye and Crucible
Summary
After adding ssl configurations to the bitbucket.properties file an ssl error is displayed by the browser when navigating to the user interface.
Environment
- 7.6.0
- Bouncycastle < 1.65
- JDK 8u272
Diagnosis
When navigating to the application the following is written to the Bitbucket Server logs files:
2020-11-26 09:24:27,779 DEBUG [https-jsse-nio-8444-exec-5] o.a.tomcat.util.net.SecureNioChannel Handshake failed during wrap
javax.net.ssl.SSLHandshakeException: No available authentication scheme
Cause
By default the following property supports all protocols
server.ssl.enabled-protocols=all
As such TLSv1.3 is enabled and can lead to this issue.
Solution
Add or change the property so that TLSv1.3 is disabled by setting it to TLSv1.2:
server.ssl.enabled-protocols=TLSv1.2