[JIRA] [core] (JENKINS-25619) The connection was interrupted - issue with TSL

[pawel.grzegrzo...@gmail.com (JIRA)]

Pawel Grzegrzolka created JENKINS-25619 The connection was interrupted - issue with TSL Issue Type: Bug Assignee: Unassigned Components: core Created: 14/Nov/14 1:56 PM Description: I'm running Jenkins directly (via jetty) and have some problem with a SSL connection. I have signed Jenkins.crt certificate. I've imported it to keystore with a following command: keytool -keystore keystore -import -alias jetty -file Jenkins.crt -trustcacerts In jenkins.xml I use created keystore: --httpsKeyStore="keystore" --httpsKeyStorePassword="xxx" --httpPort=8080 --httpsPort=443 Unfortunately SSL connection doesn't work, since it works fine with http. IE shows error message 'This page can't be displayed' and Firefox complains as well 'The connection was interrupted'. Jenkins doesn't show valuable information in the jenkins.err.log file: INFO: Loaded all jobs Nov 14, 2014 2:36:29 PM org.springframework.web.context.support.StaticWebApplicationContext prepareRefresh INFO: Refreshing org.springframework.web.context.support.StaticWebApplicationContext@5962f7ac: display name [Root WebApplicationContext]; startup date [Fri Nov 14 14:36:29 CET 2014]; root of context hierarchy Nov 14, 2014 2:36:29 PM org.springframework.web.context.support.StaticWebApplicationContext obtainFreshBeanFactory INFO: Bean factory for application context [org.springframework.web.context.support.StaticWebApplicationContext@5962f7ac]: org.springframework.beans.factory.support.DefaultListableBeanFactory@7123f24f Nov 14, 2014 2:36:29 PM org.springframework.beans.factory.support.DefaultListableBeanFactory preInstantiateSingletons INFO: Pre-instantiating singletons in org.springframework.beans.factory.support.DefaultListableBeanFactory@7123f24f: defining beans [authenticationManager]; root of factory hierarchy Nov 14, 2014 2:36:29 PM org.springframework.web.context.support.StaticWebApplicationContext prepareRefresh INFO: Refreshing org.springframework.web.context.support.StaticWebApplicationContext@7f02e185: display name [Root WebApplicationContext]; startup date [Fri Nov 14 14:36:29 CET 2014]; root of context hierarchy Nov 14, 2014 2:36:29 PM org.springframework.web.context.support.StaticWebApplicationContext obtainFreshBeanFactory INFO: Bean factory for application context [org.springframework.web.context.support.StaticWebApplicationContext@7f02e185]: org.springframework.beans.factory.support.DefaultListableBeanFactory@1ffbb0ba Nov 14, 2014 2:36:29 PM org.springframework.beans.factory.support.DefaultListableBeanFactory preInstantiateSingletons INFO: Pre-instantiating singletons in org.springframework.beans.factory.support.DefaultListableBeanFactory@1ffbb0ba: defining beans [filter,legacy]; root of factory hierarchy It looks like some error with SSL in Jenkins. I've tried to investigate it a little bit, so I saw that connection is OK with TLS1: >openssl s_client -connect 1.2.3.4:443 -prexit Loading 'screen' into random state - done CONNECTED(00000154) 10120:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:./ssl/s23_lib.c:188: --- no peer certificate available --- No client certificate CA names sent --- SSL handshake has read 0 bytes and written 124 bytes --- New, (NONE), Cipher is (NONE) Compression: NONE Expansion: NONE With a DTLS1 it works fine: openssl s_client -connect 1.2.3.4:443 -dtls1 -prexit Loading 'screen' into random state - done CONNECTED(000001DC) write:errno=10054 --- no peer certificate available --- No client certificate CA names sent --- SSL handshake has read 0 bytes and written 0 bytes --- New, (NONE), Cipher is (NONE) Compression: NONE Expansion: NONE SSL-Session: Protocol : unknown Cipher : 0000 Session-ID: Session-ID-ctx: Master-Key: Key-Arg : None Start Time: 1415973203 Timeout : 7200 (sec) Verify return code: 0 (ok) --- Environment: Jenkins: 1.583 Server: Windows Server 2013 R2 container: jetty Installed: as a service Web browser: IE10, Firefox 32.0 JAVA: Oracle JRE 1.7.0_60 Project: Jenkins Priority: Minor Reporter: Pawel Grzegrzolka

This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators. For more information on JIRA, see: http://www.atlassian.com/software/jira

--
You received this message because you are subscribed to the Google Groups "Jenkins Issues" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.