Jira server unable to connect to external applications running older Java versions using SSL

Still need help?

The Atlassian Community is here for you.

Ask the community

Platform notice: Server and Data Center only. This article only applies to Atlassian products on the Server and Data Center platforms.

Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.

*Except Fisheye and Crucible

 

 

Problem

When trying to connect to another application over SSL (eg. Incoming Mail), it will fail.

The following appears in atlassian-jira-incoming-mail.log or atlassian-jira.log

2015-11-20 10:02:00,340 WARN [xxxxx] yyyyyy anonymous    TEST TEST[10101]: javax.mail.MessagingException: Received fatal alert: handshake_failure while connecting to host 'xxxxx.example.net' as user 'ABCDE' via protocol 'imaps, caused by: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure

Diagnosis

  • Have already confirmed that all relevant certificates are added to the truststore
  • Problem happened since migrating or upgrading JIRA (more specifically Java)

Cause

If you're running Java 1.8.0_51+ this can be caused by certain ciphers being disabled. Specifically, in update 51, RC4 support was disabled. If the server you're connecting to still has RC4 enabled, Java will no longer connect to it. More information can be found in the release notes.

Workaround

This workaround involves downgrading to a version of Java that allows weak ciphers, this is considered a significant security risk. The RC4 cipher has been deprecated which is why this error occurs.

Downgrade to Java 1.8.0_45 where RC4 is still enabled.

Resolution

Update the remote servers configuration so that the RC4 cipher is not longer allowed to used. https://mozilla.github.io/server-side-tls/ssl-config-generator/ is an excellent resource for identifying the appropriate configuration to use.

Last modified on Sep 25, 2019

Was this helpful?

Yes
No
Provide feedback about this article
Powered by Confluence and Scroll Viewport.