Jira fails to send webhooks to a custom URL
Platform notice: Server and Data Center only. This article only applies to Atlassian products on the Server and Data Center platforms.
Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.
*Except Fisheye and Crucible
Problem
Jira is unable to send webhooks to a custom URL which requires the calling client to use SNI. This might also affect other types of links with the custom URL (eg. application links)
- When sending webhooks to your URL (with com.atlassian.webhooks enabled for DEBUG), we don't see any
WebHook successfully sent
message even though we can see that the webhooks is sent - When sending webhooks using Service Management automation, we can see a handshake_failure error. The following appears in the
atlassian-jira.log
2016-12-13 16:12:17,967 Caesium-1-4 WARN it support [execution.engine.asyncthen.AsyncThenJobProcessor] Failed executing ThenAction com.atlassian.servicedesk.plugins.automation.webhook.rulethen.WebhookThenAction asynchronously: 'Unable to obtain status code from webhook server: java.lang.RuntimeException: javax.net.ssl.SSLException: Received fatal alert: handshake_failure'
Diagnosis
cURL, wget and SSLPoke from the Jira server to the URL will work fine
Cause
The following JVM argument is being applied to the Jira instance
-Djsse.enableSNIExtension=false
This disables SNI support for Jira. You can try SSLPoke with this argument
computer:~/sslpoke$ java SSLPoke example.com 443
Successfully connected
computer:~/sslpoke$ java -Djsse.enableSNIExtension=false SSLPoke example.com 443
javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
at sun.security.ssl.Alerts.getSSLException(Alerts.java:154)
at sun.security.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:2023)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1125)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375)
at sun.security.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:747)
at sun.security.ssl.AppOutputStream.write(AppOutputStream.java:123)
at sun.security.ssl.AppOutputStream.write(AppOutputStream.java:138)
at SSLPoke.main(SSLPoke.java:31)
Resolution
Remove that JVM argument and restart Jira for it to take effect