Summary

SSL error is encountered while creating and testing web hook connection. 

Environment

Bitbucket 7.6.0
Java JDK 1.8.0_131

Diagnosis

1. Perform SSLPoke test as per Unable to connect to SSL services due to "PKIX Path Building Failed" error. Specify hostname of the remote instance for which you are setting up a web hook

   $JAVA_HOME/bin/java -Djavax.net.debug=ssl,handshake SSLPoke <hostname> 443
   for example,
   $JAVA_HOME/bin/java -Djavax.net.debug=ssl,handshake SSLPoke abc.com 443

2. SSLPoke test shows the below error

   ***
   main, WRITE: TLSv1.2 Handshake, length = 197
   main, READ: TLSv1.2 Alert, length = 2
   main, RECV TLSv1.2 ALERT:  fatal, handshake_failure
   main, called closeSocket()
   main, handling exception: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure

3. In the SSLPoke test log output, we also see this snippet shows cipher suites which JAVA is not going to use. These ciphers are unavailable due to restrictions: 
   

   Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1
   Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1
   Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for TLSv1
   Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1
   Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for TLSv1
   Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1
   Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for TLSv1
   Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
   Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
   Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
   Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
   Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
   Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
   Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for TLSv1.1

4. Also, we see log for TLS handshake

   *** ClientHello, TLSv1.2
   RandomCookie:  GMT: 1625373961 bytes = { 98, 14, 239, 163, 92, 186, 27, 44, 218, 168, 110, 35, 241, 75, 227, 167, 197, 112, 175, 198, 224, 151, 46, 52, 195, 140, 45, 97 }
   Session ID:  {}
   Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
   Compression Methods:  { 0 }
   Extension elliptic_curves, curve names: {secp256r1, secp384r1, secp521r1, sect283k1, sect283r1, sect409k1, sect409r1, sect571k1, sect571r1, secp256k1}
   Extension ec_point_formats, formats: [uncompressed]
   Extension signature_algorithms, signature_algorithms: SHA512withECDSA, SHA512withRSA, SHA384withECDSA, SHA384withRSA, SHA256withECDSA, SHA256withRSA, SHA256withDSA, SHA224withECDSA, SHA224withRSA, SHA224withDSA, SHA1withECDSA, SHA1withRSA, SHA1withDSA
   Extension server_name, server_name: [type=host_name (0), value=XXXXXXXXXXXX]
   ***

5. Run the below nmap command to get the list of ciphers the server accepts. The command lists the ciphers with 256-bit encryption
   

   nmap --script ssl-enum-ciphers -p 443 <hostname>
   for example,
   nmap --script ssl-enum-ciphers -p 443 abc.com

6. Note that list of Cipher Suites section. Ciphers advertised by JAVA doesn't have overlap with the list from the server abc.com. 

Cause

• Java doesn't support 256-bit encryption w/o JCE, quote from Security - SunProviders - importlimits 
  • If stronger algorithms are needed (for example, AES with 256-bit keys), the JCE Unlimited Strength Jurisdiction Policy Files must be obtained and installed in the JDK/JRE
• Since these ciphers are using 256-bit encryption, Java will not support them by default (up to 8u161, see below), so there is no overlap with the list from the remote server (abc.com) . That leads to handshake_failure
  • Starting from Java 8u161 Unlimited cryptography enabled by default, see Java 8u161 relnotes

Solution

• One of the options could be low the encryption at proxy or server, eg: set TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
• If stronger algorithms are needed (for example, AES with 256-bit keys), the JCE Unlimited Strength Jurisdiction Policy files must be obtained and installed in the JDK/JRE.

1. 1. Download the Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files 8 Download
   2. Extract the jce\local_policy.jar and jce\US_export_policy.jar files from the archive to the JAVA_HOME directory that Bitbucket is currently using for eg.   $JAVA_HOME/lib/security
   3. Restart Bitbucket server