I had the same issue with OpenJDK 1.7.0 on CentOS 6.5. Upgrading to nss 3.19 fixed the issue. Thanks for the inputs everyone. Thanks Lukasz.
On Tuesday, October 27, 2015 at 7:50:02 PM UTC+5:30, Łukasz Korzybski wrote: > > > I had the same issue with OpenJDK 1.7.0 on CentOS 6.6. I had nss 3.16 and > upgrading to nss 3.19 fixed the issue. > > > On Thursday, 11 June 2015 16:08:46 UTC+1, Ari LiVigni wrote: >> >> I am having an issue with Java 1.7 and using self-signed cert it works >> with Java 1.6 and an official certificate but in some cases we have test >> Jenkins where we self sign. >> >> Is there a setting in the jenkins config to get around this issue? >> Something that can be done with Jetty? >> >> Here are exceptions from the jenkins log and the cli >> >> https://paste.fedoraproject.org/231148/ >> >> Exception from Jenkins Log: >> >> Jun 10, 2015 6:06:21 PM org.eclipse.jetty.util.log.JavaUtilLog warn >> WARNING: handle failed >> java.lang.RuntimeException: java.security.KeyException >> at sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1333) >> at >> sun.security.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:519) >> at sun.security.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:799) >> at sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:767) >> at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:624) >> at org.eclipse.jetty.io.nio.SslConnection.unwrap(SslConnection.java:536) >> at >> org.eclipse.jetty.io.nio.SslConnection.process(SslConnection.java:401) >> at org.eclipse.jetty.io.nio.SslConnection.handle(SslConnection.java:193) >> at >> org.eclipse.jetty.io.nio.SelectChannelEndPoint.handle(SelectChannelEndPoint.java:668) >> at >> org.eclipse.jetty.io.nio.SelectChannelEndPoint$1.run(SelectChannelEndPoint.java:52) >> at winstone.BoundedExecutorService$1.run(BoundedExecutorService.java:77) >> at >> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) >> at >> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) >> at java.lang.Thread.run(Thread.java:745) >> Caused by: java.security.ProviderException: java.security.KeyException >> at >> sun.security.ec.ECKeyPairGenerator.generateKeyPair(ECKeyPairGenerator.java:146) >> at >> java.security.KeyPairGenerator$Delegate.generateKeyPair(KeyPairGenerator.java:687) >> at sun.security.ssl.ECDHCrypt.<init>(ECDHCrypt.java:63) >> at >> sun.security.ssl.ServerHandshaker.setupEphemeralECDHKeys(ServerHandshaker.java:1316) >> at >> sun.security.ssl.ServerHandshaker.trySetCipherSuite(ServerHandshaker.java:1115) >> at >> sun.security.ssl.ServerHandshaker.chooseCipherSuite(ServerHandshaker.java:942) >> at >> sun.security.ssl.ServerHandshaker.clientHello(ServerHandshaker.java:675) >> at >> sun.security.ssl.ServerHandshaker.processMessage(ServerHandshaker.java:213) >> at sun.security.ssl.Handshaker.processLoop(Handshaker.java:901) >> at sun.security.ssl.Handshaker$1.run(Handshaker.java:841) >> at sun.security.ssl.Handshaker$1.run(Handshaker.java:839) >> at java.security.AccessController.doPrivileged(Native Method) >> at sun.security.ssl.Handshaker$DelegatedTask.run(Handshaker.java:1273) >> at >> org.eclipse.jetty.io.nio.SslConnection.process(SslConnection.java:375) >> at >> org.eclipse.jetty.io.nio.SslConnection.access$900(SslConnection.java:48) >> at >> org.eclipse.jetty.io.nio.SslConnection$SslEndPoint.fill(SslConnection.java:678) >> at org.eclipse.jetty.http.HttpParser.fill(HttpParser.java:1044) >> at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:280) >> at org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:235) >> at >> org.eclipse.jetty.server.AsyncHttpConnection.handle(AsyncHttpConnection.java:82) >> at org.eclipse.jetty.io.nio.SslConnection.handle(SslConnection.java:196) >> ... 6 more >> Caused by: java.security.KeyException >> at sun.security.ec.ECKeyPairGenerator.generateECKeyPair(Native Method) >> at >> sun.security.ec.ECKeyPairGenerator.generateKeyPair(ECKeyPairGenerator.java:126) >> ... 26 more >> >> >> Exception from CLI: >> [root@java16-master-jenkins-https-new ~]# java -jar jenkins-cli.jar -s >> https://localhost -noCertificateCheck help >> Skipping HTTPS certificate checks altogether. Note that this is not secure >> at all. >> Exception in thread "main" java.io.IOException: Failed to connect to >> https://localhost/ >> at hudson.cli.CLI.getCliTcpPort(CLI.java:271) >> at hudson.cli.CLI.<init>(CLI.java:126) >> at hudson.cli.CLIConnectionFactory.connect(CLIConnectionFactory.java:72) >> at hudson.cli.CLI._main(CLI.java:471) >> at hudson.cli.CLI.main(CLI.java:387) >> Suppressed: javax.net.ssl.SSLHandshakeException: Remote host closed >> connection during handshake >> at >> sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:953) >> at >> sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1332) >> at >> sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1359) >> at >> sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1343) >> at >> sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:563) >> at >> sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185) >> at >> sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:1092) >> at >> sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(HttpsURLConnectionImpl.java:250) >> at >> hudson.cli.FullDuplexHttpStream.<init>(FullDuplexHttpStream.java:77) >> at hudson.cli.CLI.connectViaHttp(CLI.java:156) >> at hudson.cli.CLI.<init>(CLI.java:130) >> ... 3 more >> Caused by: java.io.EOFException: SSL peer shut down incorrectly >> at sun.security.ssl.InputRecord.read(InputRecord.java:482) >> at >> sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:934) >> ... 13 more >> Caused by: javax.net.ssl.SSLHandshakeException: Remote host closed >> connection during handshake >> at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:953) >> at >> sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1332) >> at >> sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1359) >> at >> sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1343) >> at >> sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:563) >> at >> sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185) >> at >> sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(HttpsURLConnectionImpl.java:153) >> at hudson.cli.CLI.getCliTcpPort(CLI.java:269) >> ... 4 more >> Caused by: java.io.EOFException: SSL peer shut down incorrectly >> at sun.security.ssl.InputRecord.read(InputRecord.java:482) >> at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:934) >> ... 11 more >> >> >> >> -- You received this message because you are subscribed to the Google Groups "Jenkins Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/8eee538f-c1da-42d9-b3b6-625377ef1b96%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
