[jira] (MNG-5363) Regression for SSLv3
[ https://jira.codehaus.org/browse/MNG-5363?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=317745#comment-317745 ] James Kionka commented on MNG-5363: --- Gili, the link in your comment on 23/Dec/12 2:26 PM is correct. Hendy, I agree, all the SSL error messages I've seen are pretty terrible. This ticket is more or less independent of deploying to oss.sonatype.org. Based on the error description and attempted fixes on the stackoverflow page, it sounds almost exactly like this problem. The one part that does not make sense is that their deployments failed only sometimes. Our problem is repeatable. I figured their problem was intermittent from a load balancer which was sometimes sent the client to an SSLv3 server. However, based on Roberto's comments and the current evidence, these problems are not related as it originally seemed. Our team at work was able to handle the Java SSLv3 issues for java.net.URLConnection using: -Dhttps.protocols=SSLv3 or System.setProperty(https.protocols, SSLv3); This how we worked out the issue before Maven made the switch to HttpClient in 3.0.4. HttpClient does not respect this setting. When we use HttpClient in our other projects, we have a method named getSslv3SocketFactory() which creates a generic SocketFactory with the method on it. private void setSslv3Protocol(SSLSocket sslSocket) { sslSocket.setEnabledProtocols(new String[] { SSLv3 }); } We then create ThreadSafeClientConnManager using our SocketFactory. (Apparently, it is now called PoolingClientConnectionManager.) How to create that object is explained in 2.8.4. Pooling connection manager: https://hc.apache.org/httpcomponents-client-ga/tutorial/html/connmgmt.html Javadoc for PoolingClientConnectionManager: https://hc.apache.org/httpcomponents-client-ga/httpclient/apidocs/org/apache/http/impl/conn/PoolingClientConnectionManager.html This is obviously a frustrating solution, but there were no other options. Part of life is that web browsers handle SSL better than Java, and HttpClient did not feel like this was something they'd like to make easy. Some more background is available at: http://stackoverflow.com/questions/2159586/jsse-handshake-failure-on-public-https-web-site http://docs.oracle.com/javase/1.4.2/docs/guide/plugin/developer_guide/faq/troubleshooting.html http://httpcomponents.10934.n7.nabble.com/Fwd-Httpclient-sslv3-amp-bad-record-mac-error-td16136.html#a21999553 Maven could really use a way to specify what https protocols to respect, one way or another, since there is currently no way to do so as of 3.0.4. This could be done in a lot of different ways, but respecting the System Property seems like a clean solution to me at this time. Regression for SSLv3 Key: MNG-5363 URL: https://jira.codehaus.org/browse/MNG-5363 Project: Maven 2 3 Issue Type: Bug Components: Errors Affects Versions: 3.0.4 Environment: Operation system independent, but tested on Macbook Pro with 10.6 and Red Hat Enterprise Linux 6 on a virtual machine. Reporter: James Kionka Priority: Critical When attempting to access a Maven repository which uses SSLv3, you get the following error, javax.net.ssl.SSLException: Received fatal alert: bad_record_mac. Earlier versions of Maven used java.net.URLConnection which respects the https.protocols system property. This allowed us to set it to SSLv3, which is what our Maven repository uses. However, HttpClient ignores that property. In other situations, we programmatically tell HttpClient to use SSLv3, which we cannot do from our end. You can find another person in the same situation here: http://stackoverflow.com/questions/12787657/received-fatal-alert-bad-record-mac-when-deploying-to-sonatype -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://jira.codehaus.org/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] (MNG-5363) Regression for SSLv3
[ https://jira.codehaus.org/browse/MNG-5363?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=317767#comment-317767 ] Gili commented on MNG-5363: --- This issue makes me so frustrated I don't know where to begin :) # Yes, Maven should provide a consistent mechanism for specifying what https protocols to respect regardless of the underlying implementation it decides to use (JDK or HttpClient). # We need to get this fixed in the JDK! The only way to do this is getting an easily reproducible testcase. Any idea on how to do this (ideally using a local server instance?) We need to avoid intermittent failures. Regression for SSLv3 Key: MNG-5363 URL: https://jira.codehaus.org/browse/MNG-5363 Project: Maven 2 3 Issue Type: Bug Components: Errors Affects Versions: 3.0.4 Environment: Operation system independent, but tested on Macbook Pro with 10.6 and Red Hat Enterprise Linux 6 on a virtual machine. Reporter: James Kionka Priority: Critical When attempting to access a Maven repository which uses SSLv3, you get the following error, javax.net.ssl.SSLException: Received fatal alert: bad_record_mac. Earlier versions of Maven used java.net.URLConnection which respects the https.protocols system property. This allowed us to set it to SSLv3, which is what our Maven repository uses. However, HttpClient ignores that property. In other situations, we programmatically tell HttpClient to use SSLv3, which we cannot do from our end. You can find another person in the same situation here: http://stackoverflow.com/questions/12787657/received-fatal-alert-bad-record-mac-when-deploying-to-sonatype -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://jira.codehaus.org/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] (MNG-5363) Regression for SSLv3
[ https://jira.codehaus.org/browse/MNG-5363?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=317713#comment-317713 ] Olivier Lamy commented on MNG-5363: --- Can I exactly know the env needed to reproduce this issue ? I just deployed a project to https://oss.sonatype.org My env {code} Apache Maven 3.1-SNAPSHOT (57d9c68e56a4bc8d825c7615534023eeda52b9c0; 2013-01-05 00:17:48+0100) Maven home: /Users/olamy/softs/maven/trunk Java version: 1.7.0_10, vendor: Oracle Corporation Java home: /Library/Java/JavaVirtualMachines/jdk1.7.0_10.jdk/Contents/Home/jre Default locale: fr_FR, platform encoding: UTF-8 OS name: mac os x, version: 10.8.2, arch: x86_64, family: mac {code} {code} Downloading: https://oss.sonatype.org/content/repositories/snapshots/com/google/code/maven-scm-provider-svnjava/maven-scm-provider-svnjava/2.0.6-SNAPSHOT/maven-metadata.xml Uploading: https://oss.sonatype.org/content/repositories/snapshots/com/google/code/maven-scm-provider-svnjava/maven-scm-provider-svnjava/2.0.6-SNAPSHOT/maven-scm-provider-svnjava-2.0.6-20130119.211246-1.jar Uploaded: https://oss.sonatype.org/content/repositories/snapshots/com/google/code/maven-scm-provider-svnjava/maven-scm-provider-svnjava/2.0.6-SNAPSHOT/maven-scm-provider-svnjava-2.0.6-20130119.211246-1.jar (57 KB at 14.0 KB/sec) Uploading: https://oss.sonatype.org/content/repositories/snapshots/com/google/code/maven-scm-provider-svnjava/maven-scm-provider-svnjava/2.0.6-SNAPSHOT/maven-scm-provider-svnjava-2.0.6-20130119.211246-1.pom Uploaded: https://oss.sonatype.org/content/repositories/snapshots/com/google/code/maven-scm-provider-svnjava/maven-scm-provider-svnjava/2.0.6-SNAPSHOT/maven-scm-provider-svnjava-2.0.6-20130119.211246-1.pom (10 KB at 1.1 KB/sec) Downloading: https://oss.sonatype.org/content/repositories/snapshots/com/google/code/maven-scm-provider-svnjava/maven-scm-provider-svnjava/maven-metadata.xml Downloaded: https://oss.sonatype.org/content/repositories/snapshots/com/google/code/maven-scm-provider-svnjava/maven-scm-provider-svnjava/maven-metadata.xml (328 B at 0.1 KB/sec) Uploading: https://oss.sonatype.org/content/repositories/snapshots/com/google/code/maven-scm-provider-svnjava/maven-scm-provider-svnjava/2.0.6-SNAPSHOT/maven-metadata.xml Uploaded: https://oss.sonatype.org/content/repositories/snapshots/com/google/code/maven-scm-provider-svnjava/maven-scm-provider-svnjava/2.0.6-SNAPSHOT/maven-metadata.xml (818 B at 0.2 KB/sec) Uploading: https://oss.sonatype.org/content/repositories/snapshots/com/google/code/maven-scm-provider-svnjava/maven-scm-provider-svnjava/maven-metadata.xml Uploaded: https://oss.sonatype.org/content/repositories/snapshots/com/google/code/maven-scm-provider-svnjava/maven-scm-provider-svnjava/maven-metadata.xml (368 B at 0.1 KB/sec) [INFO] [INFO] BUILD SUCCESS [INFO] {code} Regression for SSLv3 Key: MNG-5363 URL: https://jira.codehaus.org/browse/MNG-5363 Project: Maven 2 3 Issue Type: Bug Components: Errors Affects Versions: 3.0.4 Environment: Operation system independent, but tested on Macbook Pro with 10.6 and Red Hat Enterprise Linux 6 on a virtual machine. Reporter: James Kionka Priority: Critical When attempting to access a Maven repository which uses SSLv3, you get the following error, javax.net.ssl.SSLException: Received fatal alert: bad_record_mac. Earlier versions of Maven used java.net.URLConnection which respects the https.protocols system property. This allowed us to set it to SSLv3, which is what our Maven repository uses. However, HttpClient ignores that property. In other situations, we programmatically tell HttpClient to use SSLv3, which we cannot do from our end. You can find another person in the same situation here: http://stackoverflow.com/questions/12787657/received-fatal-alert-bad-record-mac-when-deploying-to-sonatype -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://jira.codehaus.org/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] (MNG-5363) Regression for SSLv3
[ https://jira.codehaus.org/browse/MNG-5363?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=317715#comment-317715 ] Gili commented on MNG-5363: --- Olivier, Try deploying a project with many sub-modules such TrueVFS, the one mentioned by Roberto or http://code.google.com/p/boost-maven-project/ which I own. TrueVFS is probably the best one to investigate because it has the most modules and doesn't use native code like boost-maven-project does. Regression for SSLv3 Key: MNG-5363 URL: https://jira.codehaus.org/browse/MNG-5363 Project: Maven 2 3 Issue Type: Bug Components: Errors Affects Versions: 3.0.4 Environment: Operation system independent, but tested on Macbook Pro with 10.6 and Red Hat Enterprise Linux 6 on a virtual machine. Reporter: James Kionka Priority: Critical When attempting to access a Maven repository which uses SSLv3, you get the following error, javax.net.ssl.SSLException: Received fatal alert: bad_record_mac. Earlier versions of Maven used java.net.URLConnection which respects the https.protocols system property. This allowed us to set it to SSLv3, which is what our Maven repository uses. However, HttpClient ignores that property. In other situations, we programmatically tell HttpClient to use SSLv3, which we cannot do from our end. You can find another person in the same situation here: http://stackoverflow.com/questions/12787657/received-fatal-alert-bad-record-mac-when-deploying-to-sonatype -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://jira.codehaus.org/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] (MNG-5363) Regression for SSLv3
[ https://jira.codehaus.org/browse/MNG-5363?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=317718#comment-317718 ] Harald Wellmann commented on MNG-5363: -- FYI, the bad_record_mac issue with Sonatype OSS might have been caused by misconfiguration in Sonatype OSS Nexus, see https://issues.sonatype.org/browse/OSSRH-5165, which appears to be resolved now. Regression for SSLv3 Key: MNG-5363 URL: https://jira.codehaus.org/browse/MNG-5363 Project: Maven 2 3 Issue Type: Bug Components: Errors Affects Versions: 3.0.4 Environment: Operation system independent, but tested on Macbook Pro with 10.6 and Red Hat Enterprise Linux 6 on a virtual machine. Reporter: James Kionka Priority: Critical When attempting to access a Maven repository which uses SSLv3, you get the following error, javax.net.ssl.SSLException: Received fatal alert: bad_record_mac. Earlier versions of Maven used java.net.URLConnection which respects the https.protocols system property. This allowed us to set it to SSLv3, which is what our Maven repository uses. However, HttpClient ignores that property. In other situations, we programmatically tell HttpClient to use SSLv3, which we cannot do from our end. You can find another person in the same situation here: http://stackoverflow.com/questions/12787657/received-fatal-alert-bad-record-mac-when-deploying-to-sonatype -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://jira.codehaus.org/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] (MNG-5363) Regression for SSLv3
[ https://jira.codehaus.org/browse/MNG-5363?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=317719#comment-317719 ] Olivier Lamy commented on MNG-5363: --- good to know. Thanks for sharing the information. Regression for SSLv3 Key: MNG-5363 URL: https://jira.codehaus.org/browse/MNG-5363 Project: Maven 2 3 Issue Type: Bug Components: Errors Affects Versions: 3.0.4 Environment: Operation system independent, but tested on Macbook Pro with 10.6 and Red Hat Enterprise Linux 6 on a virtual machine. Reporter: James Kionka Priority: Critical When attempting to access a Maven repository which uses SSLv3, you get the following error, javax.net.ssl.SSLException: Received fatal alert: bad_record_mac. Earlier versions of Maven used java.net.URLConnection which respects the https.protocols system property. This allowed us to set it to SSLv3, which is what our Maven repository uses. However, HttpClient ignores that property. In other situations, we programmatically tell HttpClient to use SSLv3, which we cannot do from our end. You can find another person in the same situation here: http://stackoverflow.com/questions/12787657/received-fatal-alert-bad-record-mac-when-deploying-to-sonatype -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://jira.codehaus.org/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] (MNG-5363) Regression for SSLv3
[ https://jira.codehaus.org/browse/MNG-5363?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=317720#comment-317720 ] Gili commented on MNG-5363: --- I'm going to retest on my end and get back to you. It'll take a couple of days to be sure. PS: If this was really caused by a server misconfiguration then Maven needs to be a lot more specific about what actually went wrong. The existing error message is extremely vague. There are no less than 4 different explanations out in the wild with strong community backing. It's not clear which, if any of them, is correct. Regression for SSLv3 Key: MNG-5363 URL: https://jira.codehaus.org/browse/MNG-5363 Project: Maven 2 3 Issue Type: Bug Components: Errors Affects Versions: 3.0.4 Environment: Operation system independent, but tested on Macbook Pro with 10.6 and Red Hat Enterprise Linux 6 on a virtual machine. Reporter: James Kionka Priority: Critical When attempting to access a Maven repository which uses SSLv3, you get the following error, javax.net.ssl.SSLException: Received fatal alert: bad_record_mac. Earlier versions of Maven used java.net.URLConnection which respects the https.protocols system property. This allowed us to set it to SSLv3, which is what our Maven repository uses. However, HttpClient ignores that property. In other situations, we programmatically tell HttpClient to use SSLv3, which we cannot do from our end. You can find another person in the same situation here: http://stackoverflow.com/questions/12787657/received-fatal-alert-bad-record-mac-when-deploying-to-sonatype -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://jira.codehaus.org/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] (MNG-5363) Regression for SSLv3
[ https://jira.codehaus.org/browse/MNG-5363?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=317616#comment-317616 ] Gili commented on MNG-5363: --- NOTE: The workaround of downgrading to 3.0.3 is not really an option. Having downgraded to 3.0.3 you will then run against this other major bug: MRELEASE-742 and I'm sure there are others. Please schedule this issue for an upcoming release. Regression for SSLv3 Key: MNG-5363 URL: https://jira.codehaus.org/browse/MNG-5363 Project: Maven 2 3 Issue Type: Bug Components: Errors Affects Versions: 3.0.4 Environment: Operation system independent, but tested on Macbook Pro with 10.6 and Red Hat Enterprise Linux 6 on a virtual machine. Reporter: James Kionka Priority: Critical When attempting to access a Maven repository which uses SSLv3, you get the following error, javax.net.ssl.SSLException: Received fatal alert: bad_record_mac. Earlier versions of Maven used java.net.URLConnection which respects the https.protocols system property. This allowed us to set it to SSLv3, which is what our Maven repository uses. However, HttpClient ignores that property. In other situations, we programmatically tell HttpClient to use SSLv3, which we cannot do from our end. You can find another person in the same situation here: http://stackoverflow.com/questions/12787657/received-fatal-alert-bad-record-mac-when-deploying-to-sonatype -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://jira.codehaus.org/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] (MNG-5363) Regression for SSLv3
[ https://jira.codehaus.org/browse/MNG-5363?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=317374#comment-317374 ] Gili commented on MNG-5363: --- Is the component on this bug report correct? Shouldn't this be fixed against Maven core or the release plugin? Regression for SSLv3 Key: MNG-5363 URL: https://jira.codehaus.org/browse/MNG-5363 Project: Maven 2 3 Issue Type: Bug Components: Errors Affects Versions: 3.0.4 Environment: Operation system independent, but tested on Macbook Pro with 10.6 and Red Hat Enterprise Linux 6 on a virtual machine. Reporter: James Kionka When attempting to access a Maven repository which uses SSLv3, you get the following error, javax.net.ssl.SSLException: Received fatal alert: bad_record_mac. Earlier versions of Maven used java.net.URLConnection which respects the https.protocols system property. This allowed us to set it to SSLv3, which is what our Maven repository uses. However, HttpClient ignores that property. In other situations, we programmatically tell HttpClient to use SSLv3, which we cannot do from our end. You can find another person in the same situation here: http://stackoverflow.com/questions/12787657/received-fatal-alert-bad-record-mac-when-deploying-to-sonatype -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://jira.codehaus.org/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] (MNG-5363) Regression for SSLv3
[ https://jira.codehaus.org/browse/MNG-5363?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Robert Scholte updated MNG-5363: Priority: Critical (was: Major) Regression for SSLv3 Key: MNG-5363 URL: https://jira.codehaus.org/browse/MNG-5363 Project: Maven 2 3 Issue Type: Bug Components: Errors Affects Versions: 3.0.4 Environment: Operation system independent, but tested on Macbook Pro with 10.6 and Red Hat Enterprise Linux 6 on a virtual machine. Reporter: James Kionka Priority: Critical When attempting to access a Maven repository which uses SSLv3, you get the following error, javax.net.ssl.SSLException: Received fatal alert: bad_record_mac. Earlier versions of Maven used java.net.URLConnection which respects the https.protocols system property. This allowed us to set it to SSLv3, which is what our Maven repository uses. However, HttpClient ignores that property. In other situations, we programmatically tell HttpClient to use SSLv3, which we cannot do from our end. You can find another person in the same situation here: http://stackoverflow.com/questions/12787657/received-fatal-alert-bad-record-mac-when-deploying-to-sonatype -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://jira.codehaus.org/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] (MNG-5363) Regression for SSLv3
[ https://jira.codehaus.org/browse/MNG-5363?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=316204#comment-316204 ] Roberto Tyley commented on MNG-5363: I was getting this problem consistently with Maven 3.0.4 deploying a 14-module project to oss.sonatype.org. Downgrading to Maven 3.0.3 and trying again worked first time. http://stackoverflow.com/a/13078665/438886 recommends adding MAVEN_OPTS=-Dhttps.protocols=SSLv3 -Dforce.http.jre.executor=true, but this was not necessary for me - just the downgrade to Maven 3.0.3. Regression for SSLv3 Key: MNG-5363 URL: https://jira.codehaus.org/browse/MNG-5363 Project: Maven 2 3 Issue Type: Bug Components: Errors Affects Versions: 3.0.4 Environment: Operation system independent, but tested on Macbook Pro with 10.6 and Red Hat Enterprise Linux 6 on a virtual machine. Reporter: James Kionka When attempting to access a Maven repository which uses SSLv3, you get the following error, javax.net.ssl.SSLException: Received fatal alert: bad_record_mac. Earlier versions of Maven used java.net.URLConnection which respects the https.protocols system property. This allowed us to set it to SSLv3, which is what our Maven repository uses. However, HttpClient ignores that property. In other situations, we programmatically tell HttpClient to use SSLv3, which we cannot do from our end. You can find another person in the same situation here: http://stackoverflow.com/questions/12787657/received-fatal-alert-bad-record-mac-when-deploying-to-sonatype -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://jira.codehaus.org/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] (MNG-5363) Regression for SSLv3
[ https://jira.codehaus.org/browse/MNG-5363?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=316181#comment-316181 ] Hendy Irawan commented on MNG-5363: --- +1... Regression for SSLv3 Key: MNG-5363 URL: https://jira.codehaus.org/browse/MNG-5363 Project: Maven 2 3 Issue Type: Bug Components: Errors Affects Versions: 3.0.4 Environment: Operation system independent, but tested on Macbook Pro with 10.6 and Red Hat Enterprise Linux 6 on a virtual machine. Reporter: James Kionka When attempting to access a Maven repository which uses SSLv3, you get the following error, javax.net.ssl.SSLException: Received fatal alert: bad_record_mac. Earlier versions of Maven used java.net.URLConnection which respects the https.protocols system property. This allowed us to set it to SSLv3, which is what our Maven repository uses. However, HttpClient ignores that property. In other situations, we programmatically tell HttpClient to use SSLv3, which we cannot do from our end. You can find another person in the same situation here: http://stackoverflow.com/questions/12787657/received-fatal-alert-bad-record-mac-when-deploying-to-sonatype -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://jira.codehaus.org/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] (MNG-5363) Regression for SSLv3
[ https://jira.codehaus.org/browse/MNG-5363?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=316185#comment-316185 ] Gili commented on MNG-5363: --- See http://yuriytkach.blogspot.ca/2011/10/javaxnetsslsslexception-badrecordmac.html for a related discussion. Regression for SSLv3 Key: MNG-5363 URL: https://jira.codehaus.org/browse/MNG-5363 Project: Maven 2 3 Issue Type: Bug Components: Errors Affects Versions: 3.0.4 Environment: Operation system independent, but tested on Macbook Pro with 10.6 and Red Hat Enterprise Linux 6 on a virtual machine. Reporter: James Kionka When attempting to access a Maven repository which uses SSLv3, you get the following error, javax.net.ssl.SSLException: Received fatal alert: bad_record_mac. Earlier versions of Maven used java.net.URLConnection which respects the https.protocols system property. This allowed us to set it to SSLv3, which is what our Maven repository uses. However, HttpClient ignores that property. In other situations, we programmatically tell HttpClient to use SSLv3, which we cannot do from our end. You can find another person in the same situation here: http://stackoverflow.com/questions/12787657/received-fatal-alert-bad-record-mac-when-deploying-to-sonatype -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://jira.codehaus.org/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] (MNG-5363) Regression for SSLv3
[ https://jira.codehaus.org/browse/MNG-5363?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=316186#comment-316186 ] Christian Schlichtherle commented on MNG-5363: -- I was using maven-release-plugin for some multi-module projects (TrueZIP, TrueVFS etc) successfully in the past. At some point in time it stopped working reliably however. TrueVFS consists of more than twenty submodules. It's effectively impossible to do a release:perform on this project because it almost always stops at any random submodule due to this failure! Pleaaase fix this showstopper. Regression for SSLv3 Key: MNG-5363 URL: https://jira.codehaus.org/browse/MNG-5363 Project: Maven 2 3 Issue Type: Bug Components: Errors Affects Versions: 3.0.4 Environment: Operation system independent, but tested on Macbook Pro with 10.6 and Red Hat Enterprise Linux 6 on a virtual machine. Reporter: James Kionka When attempting to access a Maven repository which uses SSLv3, you get the following error, javax.net.ssl.SSLException: Received fatal alert: bad_record_mac. Earlier versions of Maven used java.net.URLConnection which respects the https.protocols system property. This allowed us to set it to SSLv3, which is what our Maven repository uses. However, HttpClient ignores that property. In other situations, we programmatically tell HttpClient to use SSLv3, which we cannot do from our end. You can find another person in the same situation here: http://stackoverflow.com/questions/12787657/received-fatal-alert-bad-record-mac-when-deploying-to-sonatype -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://jira.codehaus.org/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] (MNG-5363) Regression for SSLv3
[ https://jira.codehaus.org/browse/MNG-5363?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=316159#comment-316159 ] Gili commented on MNG-5363: --- Please increase the priority of this problem. It is critical and should be fixed ASAP. Regression for SSLv3 Key: MNG-5363 URL: https://jira.codehaus.org/browse/MNG-5363 Project: Maven 2 3 Issue Type: Bug Components: Errors Affects Versions: 3.0.4 Environment: Operation system independent, but tested on Macbook Pro with 10.6 and Red Hat Enterprise Linux 6 on a virtual machine. Reporter: James Kionka When attempting to access a Maven repository which uses SSLv3, you get the following error, javax.net.ssl.SSLException: Received fatal alert: bad_record_mac. Earlier versions of Maven used java.net.URLConnection which respects the https.protocols system property. This allowed us to set it to SSLv3, which is what our Maven repository uses. However, HttpClient ignores that property. In other situations, we programmatically tell HttpClient to use SSLv3, which we cannot do from our end. You can find another person in the same situation here: http://stackoverflow.com/questions/12787657/received-fatal-alert-bad-record-mac-when-deploying-to-sonatype -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://jira.codehaus.org/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] (MNG-5363) Regression for SSLv3
[ https://jira.codehaus.org/browse/MNG-5363?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=315972#comment-315972 ] David Phillips commented on MNG-5363: - This also occurs with 3.0.3: {noformat} Apache Maven 3.0.3 (r1075438; 2011-02-28 09:31:09-0800) Maven home: /usr/share/maven Java version: 1.7.0_07, vendor: Oracle Corporation Java home: /Library/Java/JavaVirtualMachines/jdk1.7.0_07.jdk/Contents/Home/jre Default locale: en_US, platform encoding: UTF-8 OS name: mac os x, version: 10.8.2, arch: x86_64, family: mac {noformat} Regression for SSLv3 Key: MNG-5363 URL: https://jira.codehaus.org/browse/MNG-5363 Project: Maven 2 3 Issue Type: Bug Components: Errors Affects Versions: 3.0.4 Environment: Operation system independent, but tested on Macbook Pro with 10.6 and Red Hat Enterprise Linux 6 on a virtual machine. Reporter: James Kionka When attempting to access a Maven repository which uses SSLv3, you get the following error, javax.net.ssl.SSLException: Received fatal alert: bad_record_mac. Earlier versions of Maven used java.net.URLConnection which respects the https.protocols system property. This allowed us to set it to SSLv3, which is what our Maven repository uses. However, HttpClient ignores that property. In other situations, we programmatically tell HttpClient to use SSLv3, which we cannot do from our end. You can find another person in the same situation here: http://stackoverflow.com/questions/12787657/received-fatal-alert-bad-record-mac-when-deploying-to-sonatype -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://jira.codehaus.org/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] (MNG-5363) Regression for SSLv3
[ https://jira.codehaus.org/browse/MNG-5363?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=312750#comment-312750 ] Johannes Schneider commented on MNG-5363: - This is a major problem. A lot of guys are deploying to oss.sonatype.org these days. The problem is well known and documented there: https://support.sonatype.com/entries/22070546-deploy-fails-with-received-fatal-alert-bad-record-mac Unfortunately this workaround does *not* work with Maven 3.0.4. Therefore nobody is able to release multi module projects to oss.sonatype.org reliably. I think this is a blocker Regression for SSLv3 Key: MNG-5363 URL: https://jira.codehaus.org/browse/MNG-5363 Project: Maven 2 3 Issue Type: Bug Components: Errors Affects Versions: 3.0.4 Environment: Operation system independent, but tested on Macbook Pro with 10.6 and Red Hat Enterprise Linux 6 on a virtual machine. Reporter: James Kionka When attempting to access a Maven repository which uses SSLv3, you get the following error, javax.net.ssl.SSLException: Received fatal alert: bad_record_mac. Earlier versions of Maven used java.net.URLConnection which respects the https.protocols system property. This allowed us to set it to SSLv3, which is what our Maven repository uses. However, HttpClient ignores that property. In other situations, we programmatically tell HttpClient to use SSLv3, which we cannot do from our end. You can find another person in the same situation here: http://stackoverflow.com/questions/12787657/received-fatal-alert-bad-record-mac-when-deploying-to-sonatype -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://jira.codehaus.org/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] (MNG-5363) Regression for SSLv3
James Kionka created MNG-5363: - Summary: Regression for SSLv3 Key: MNG-5363 URL: https://jira.codehaus.org/browse/MNG-5363 Project: Maven 2 3 Issue Type: Bug Components: Errors Affects Versions: 3.0.4 Environment: Operation system independent, but tested on Macbook Pro with 10.6 and Red Hat Enterprise Linux 6 on a virtual machine. Reporter: James Kionka When attempting to access a Maven repository which uses SSLv3, you get the following error, javax.net.ssl.SSLException: Received fatal alert: bad_record_mac. Earlier versions of Maven used java.net.URLConnection which respects the https.protocols system property. This allowed us to set it to SSLv3, which is what our Maven repository uses. However, HttpClient ignores that property. In other situations, we programmatically tell HttpClient to use SSLv3, which we cannot do from our end. You can find another person in the same situation here: http://stackoverflow.com/questions/12787657/received-fatal-alert-bad-record-mac-when-deploying-to-sonatype -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://jira.codehaus.org/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira