subject:"\[jira\] \(MNG\-5363\) Regression for SSLv3"

[jira] (MNG-5363) Regression for SSLv3

2013-01-22 Thread James Kionka (JIRA)

[
https://jira.codehaus.org/browse/MNG-5363?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=317745#comment-317745
]

James Kionka commented on MNG-5363:
---

Gili, the link in your comment on 23/Dec/12 2:26 PM is correct. Hendy, I agree,
all the SSL error messages I've seen are pretty terrible.

This ticket is more or less independent of deploying to oss.sonatype.org. Based
on the error description and attempted fixes on the stackoverflow page, it
sounds almost exactly like this problem. The one part that does not make sense
is that their deployments failed only sometimes. Our problem is repeatable. I
figured their problem was intermittent from a load balancer which was sometimes
sent the client to an SSLv3 server. However, based on Roberto's comments and
the current evidence, these problems are not related as it originally seemed.

Our team at work was able to handle the Java SSLv3 issues for
java.net.URLConnection using:
-Dhttps.protocols=SSLv3
or
System.setProperty(https.protocols, SSLv3);
This how we worked out the issue before Maven made the switch to HttpClient in
3.0.4. HttpClient does not respect this setting.

When we use HttpClient in our other projects, we have a method named
getSslv3SocketFactory() which creates a generic SocketFactory with the method
on it.
private void setSslv3Protocol(SSLSocket sslSocket) {
sslSocket.setEnabledProtocols(new String[] { SSLv3 });
}
We then create ThreadSafeClientConnManager using our SocketFactory.
(Apparently, it is now called PoolingClientConnectionManager.)

How to create that object is explained in 2.8.4. Pooling connection manager:
https://hc.apache.org/httpcomponents-client-ga/tutorial/html/connmgmt.html
Javadoc for PoolingClientConnectionManager:
https://hc.apache.org/httpcomponents-client-ga/httpclient/apidocs/org/apache/http/impl/conn/PoolingClientConnectionManager.html

This is obviously a frustrating solution, but there were no other options. Part
of life is that web browsers handle SSL better than Java, and HttpClient did
not feel like this was something they'd like to make easy.

Some more background is available at:
http://stackoverflow.com/questions/2159586/jsse-handshake-failure-on-public-https-web-site
http://docs.oracle.com/javase/1.4.2/docs/guide/plugin/developer_guide/faq/troubleshooting.html
http://httpcomponents.10934.n7.nabble.com/Fwd-Httpclient-sslv3-amp-bad-record-mac-error-td16136.html#a21999553

Maven could really use a way to specify what https protocols to respect, one
way or another, since there is currently no way to do so as of 3.0.4. This
could be done in a lot of different ways, but respecting the System Property
seems like a clean solution to me at this time.

Regression for SSLv3

Key: MNG-5363
URL: https://jira.codehaus.org/browse/MNG-5363
Project: Maven 2 3
Issue Type: Bug
Components: Errors
Affects Versions: 3.0.4
Environment: Operation system independent, but tested on Macbook Pro
with 10.6 and Red Hat Enterprise Linux 6 on a virtual machine.
Reporter: James Kionka
Priority: Critical

When attempting to access a Maven repository which uses SSLv3, you get the
following error, javax.net.ssl.SSLException: Received fatal alert:
bad_record_mac.
Earlier versions of Maven used java.net.URLConnection which respects the
https.protocols system property. This allowed us to set it to SSLv3, which is
what our Maven repository uses. However, HttpClient ignores that property. In
other situations, we programmatically tell HttpClient to use SSLv3, which we
cannot do from our end.
You can find another person in the same situation here:
http://stackoverflow.com/questions/12787657/received-fatal-alert-bad-record-mac-when-deploying-to-sonatype

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://jira.codehaus.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

[jira] (MNG-5363) Regression for SSLv3

2013-01-22 Thread Gili (JIRA)

[
https://jira.codehaus.org/browse/MNG-5363?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=317767#comment-317767
]

Gili commented on MNG-5363:
---

This issue makes me so frustrated I don't know where to begin :)

# Yes, Maven should provide a consistent mechanism for specifying what https
protocols to respect regardless of the underlying implementation it decides to
use (JDK or HttpClient).
# We need to get this fixed in the JDK! The only way to do this is getting an
easily reproducible testcase. Any idea on how to do this (ideally using a local
server instance?) We need to avoid intermittent failures.

Regression for SSLv3

[jira] (MNG-5363) Regression for SSLv3

2013-01-21 Thread Olivier Lamy (JIRA)


[ 
https://jira.codehaus.org/browse/MNG-5363?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=317713#comment-317713
 ] 

Olivier Lamy commented on MNG-5363:
---

Can I exactly know the env needed to reproduce this issue ?
I just deployed a project to https://oss.sonatype.org
My env
{code}
Apache Maven 3.1-SNAPSHOT (57d9c68e56a4bc8d825c7615534023eeda52b9c0; 2013-01-05 
00:17:48+0100)
Maven home: /Users/olamy/softs/maven/trunk
Java version: 1.7.0_10, vendor: Oracle Corporation
Java home: /Library/Java/JavaVirtualMachines/jdk1.7.0_10.jdk/Contents/Home/jre
Default locale: fr_FR, platform encoding: UTF-8
OS name: mac os x, version: 10.8.2, arch: x86_64, family: mac
{code}

{code}
Downloading: 
https://oss.sonatype.org/content/repositories/snapshots/com/google/code/maven-scm-provider-svnjava/maven-scm-provider-svnjava/2.0.6-SNAPSHOT/maven-metadata.xml
Uploading: 
https://oss.sonatype.org/content/repositories/snapshots/com/google/code/maven-scm-provider-svnjava/maven-scm-provider-svnjava/2.0.6-SNAPSHOT/maven-scm-provider-svnjava-2.0.6-20130119.211246-1.jar
Uploaded: 
https://oss.sonatype.org/content/repositories/snapshots/com/google/code/maven-scm-provider-svnjava/maven-scm-provider-svnjava/2.0.6-SNAPSHOT/maven-scm-provider-svnjava-2.0.6-20130119.211246-1.jar
 (57 KB at 14.0 KB/sec)
Uploading: 
https://oss.sonatype.org/content/repositories/snapshots/com/google/code/maven-scm-provider-svnjava/maven-scm-provider-svnjava/2.0.6-SNAPSHOT/maven-scm-provider-svnjava-2.0.6-20130119.211246-1.pom
Uploaded: 
https://oss.sonatype.org/content/repositories/snapshots/com/google/code/maven-scm-provider-svnjava/maven-scm-provider-svnjava/2.0.6-SNAPSHOT/maven-scm-provider-svnjava-2.0.6-20130119.211246-1.pom
 (10 KB at 1.1 KB/sec)
Downloading: 
https://oss.sonatype.org/content/repositories/snapshots/com/google/code/maven-scm-provider-svnjava/maven-scm-provider-svnjava/maven-metadata.xml
Downloaded: 
https://oss.sonatype.org/content/repositories/snapshots/com/google/code/maven-scm-provider-svnjava/maven-scm-provider-svnjava/maven-metadata.xml
 (328 B at 0.1 KB/sec)
Uploading: 
https://oss.sonatype.org/content/repositories/snapshots/com/google/code/maven-scm-provider-svnjava/maven-scm-provider-svnjava/2.0.6-SNAPSHOT/maven-metadata.xml
Uploaded: 
https://oss.sonatype.org/content/repositories/snapshots/com/google/code/maven-scm-provider-svnjava/maven-scm-provider-svnjava/2.0.6-SNAPSHOT/maven-metadata.xml
 (818 B at 0.2 KB/sec)
Uploading: 
https://oss.sonatype.org/content/repositories/snapshots/com/google/code/maven-scm-provider-svnjava/maven-scm-provider-svnjava/maven-metadata.xml
Uploaded: 
https://oss.sonatype.org/content/repositories/snapshots/com/google/code/maven-scm-provider-svnjava/maven-scm-provider-svnjava/maven-metadata.xml
 (368 B at 0.1 KB/sec)
[INFO] 
[INFO] BUILD SUCCESS
[INFO] 
{code}

 Regression for SSLv3
 

 Key: MNG-5363
 URL: https://jira.codehaus.org/browse/MNG-5363
 Project: Maven 2  3
  Issue Type: Bug
  Components: Errors
Affects Versions: 3.0.4
 Environment: Operation system independent, but tested on Macbook Pro 
 with 10.6 and Red Hat Enterprise Linux 6 on a virtual machine.
Reporter: James Kionka
Priority: Critical

 When attempting to access a Maven repository which uses SSLv3, you get the 
 following error, javax.net.ssl.SSLException: Received fatal alert: 
 bad_record_mac.
 Earlier versions of Maven used java.net.URLConnection which respects the 
 https.protocols system property. This allowed us to set it to SSLv3, which is 
 what our Maven repository uses. However, HttpClient ignores that property. In 
 other situations, we programmatically tell HttpClient to use SSLv3, which we 
 cannot do from our end.
 You can find another person in the same situation here: 
 http://stackoverflow.com/questions/12787657/received-fatal-alert-bad-record-mac-when-deploying-to-sonatype

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: 
https://jira.codehaus.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

[jira] (MNG-5363) Regression for SSLv3

2013-01-21 Thread Gili (JIRA)

[
https://jira.codehaus.org/browse/MNG-5363?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=317715#comment-317715
]

Gili commented on MNG-5363:
---

Olivier,

Try deploying a project with many sub-modules such TrueVFS, the one mentioned
by Roberto or http://code.google.com/p/boost-maven-project/ which I own.
TrueVFS is probably the best one to investigate because it has the most modules
and doesn't use native code like boost-maven-project does.

Regression for SSLv3

[jira] (MNG-5363) Regression for SSLv3

2013-01-21 Thread Harald Wellmann (JIRA)


[ 
https://jira.codehaus.org/browse/MNG-5363?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=317718#comment-317718
 ] 

Harald Wellmann commented on MNG-5363:
--

FYI, the bad_record_mac issue with Sonatype OSS might have been caused by 
misconfiguration in Sonatype OSS Nexus, see 
https://issues.sonatype.org/browse/OSSRH-5165, which appears to be resolved now.


 Regression for SSLv3
 

 Key: MNG-5363
 URL: https://jira.codehaus.org/browse/MNG-5363
 Project: Maven 2  3
  Issue Type: Bug
  Components: Errors
Affects Versions: 3.0.4
 Environment: Operation system independent, but tested on Macbook Pro 
 with 10.6 and Red Hat Enterprise Linux 6 on a virtual machine.
Reporter: James Kionka
Priority: Critical

 When attempting to access a Maven repository which uses SSLv3, you get the 
 following error, javax.net.ssl.SSLException: Received fatal alert: 
 bad_record_mac.
 Earlier versions of Maven used java.net.URLConnection which respects the 
 https.protocols system property. This allowed us to set it to SSLv3, which is 
 what our Maven repository uses. However, HttpClient ignores that property. In 
 other situations, we programmatically tell HttpClient to use SSLv3, which we 
 cannot do from our end.
 You can find another person in the same situation here: 
 http://stackoverflow.com/questions/12787657/received-fatal-alert-bad-record-mac-when-deploying-to-sonatype

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: 
https://jira.codehaus.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

[jira] (MNG-5363) Regression for SSLv3

2013-01-21 Thread Olivier Lamy (JIRA)

[
https://jira.codehaus.org/browse/MNG-5363?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=317719#comment-317719
]

Olivier Lamy commented on MNG-5363:
---

good to know.
Thanks for sharing the information.

Regression for SSLv3

[jira] (MNG-5363) Regression for SSLv3

2013-01-21 Thread Gili (JIRA)


[ 
https://jira.codehaus.org/browse/MNG-5363?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=317720#comment-317720
 ] 

Gili commented on MNG-5363:
---

I'm going to retest on my end and get back to you. It'll take a couple of days 
to be sure.

PS: If this was really caused by a server misconfiguration then Maven needs to 
be a lot more specific about what actually went wrong. The existing error 
message is extremely vague. There are no less than 4 different explanations 
out in the wild with strong community backing. It's not clear which, if any of 
them, is correct.

 Regression for SSLv3
 

 Key: MNG-5363
 URL: https://jira.codehaus.org/browse/MNG-5363
 Project: Maven 2  3
  Issue Type: Bug
  Components: Errors
Affects Versions: 3.0.4
 Environment: Operation system independent, but tested on Macbook Pro 
 with 10.6 and Red Hat Enterprise Linux 6 on a virtual machine.
Reporter: James Kionka
Priority: Critical

 When attempting to access a Maven repository which uses SSLv3, you get the 
 following error, javax.net.ssl.SSLException: Received fatal alert: 
 bad_record_mac.
 Earlier versions of Maven used java.net.URLConnection which respects the 
 https.protocols system property. This allowed us to set it to SSLv3, which is 
 what our Maven repository uses. However, HttpClient ignores that property. In 
 other situations, we programmatically tell HttpClient to use SSLv3, which we 
 cannot do from our end.
 You can find another person in the same situation here: 
 http://stackoverflow.com/questions/12787657/received-fatal-alert-bad-record-mac-when-deploying-to-sonatype

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: 
https://jira.codehaus.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

[jira] (MNG-5363) Regression for SSLv3

2013-01-19 Thread Gili (JIRA)

[
https://jira.codehaus.org/browse/MNG-5363?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=317616#comment-317616
]

Gili commented on MNG-5363:
---

NOTE: The workaround of downgrading to 3.0.3 is not really an option. Having
downgraded to 3.0.3 you will then run against this other major bug:
MRELEASE-742 and I'm sure there are others.

Please schedule this issue for an upcoming release.

Regression for SSLv3

[jira] (MNG-5363) Regression for SSLv3

2013-01-15 Thread Gili (JIRA)

[
https://jira.codehaus.org/browse/MNG-5363?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=317374#comment-317374
]

Gili commented on MNG-5363:
---

Is the component on this bug report correct? Shouldn't this be fixed against
Maven core or the release plugin?

Regression for SSLv3

[jira] (MNG-5363) Regression for SSLv3

2013-01-15 Thread Robert Scholte (JIRA)


 [ 
https://jira.codehaus.org/browse/MNG-5363?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Robert Scholte updated MNG-5363:


Priority: Critical  (was: Major)

 Regression for SSLv3
 

 Key: MNG-5363
 URL: https://jira.codehaus.org/browse/MNG-5363
 Project: Maven 2  3
  Issue Type: Bug
  Components: Errors
Affects Versions: 3.0.4
 Environment: Operation system independent, but tested on Macbook Pro 
 with 10.6 and Red Hat Enterprise Linux 6 on a virtual machine.
Reporter: James Kionka
Priority: Critical

 When attempting to access a Maven repository which uses SSLv3, you get the 
 following error, javax.net.ssl.SSLException: Received fatal alert: 
 bad_record_mac.
 Earlier versions of Maven used java.net.URLConnection which respects the 
 https.protocols system property. This allowed us to set it to SSLv3, which is 
 what our Maven repository uses. However, HttpClient ignores that property. In 
 other situations, we programmatically tell HttpClient to use SSLv3, which we 
 cannot do from our end.
 You can find another person in the same situation here: 
 http://stackoverflow.com/questions/12787657/received-fatal-alert-bad-record-mac-when-deploying-to-sonatype

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: 
https://jira.codehaus.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

[jira] (MNG-5363) Regression for SSLv3

2012-12-24 Thread Roberto Tyley (JIRA)

[
https://jira.codehaus.org/browse/MNG-5363?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=316204#comment-316204
]

Roberto Tyley commented on MNG-5363:

I was getting this problem consistently with Maven 3.0.4 deploying a 14-module
project to oss.sonatype.org. Downgrading to Maven 3.0.3 and trying again worked
first time.

http://stackoverflow.com/a/13078665/438886 recommends adding
MAVEN_OPTS=-Dhttps.protocols=SSLv3 -Dforce.http.jre.executor=true, but this
was not necessary for me - just the downgrade to Maven 3.0.3.

Regression for SSLv3

[jira] (MNG-5363) Regression for SSLv3

2012-12-23 Thread Hendy Irawan (JIRA)


[ 
https://jira.codehaus.org/browse/MNG-5363?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=316181#comment-316181
 ] 

Hendy Irawan commented on MNG-5363:
---

+1...

 Regression for SSLv3
 

 Key: MNG-5363
 URL: https://jira.codehaus.org/browse/MNG-5363
 Project: Maven 2  3
  Issue Type: Bug
  Components: Errors
Affects Versions: 3.0.4
 Environment: Operation system independent, but tested on Macbook Pro 
 with 10.6 and Red Hat Enterprise Linux 6 on a virtual machine.
Reporter: James Kionka

 When attempting to access a Maven repository which uses SSLv3, you get the 
 following error, javax.net.ssl.SSLException: Received fatal alert: 
 bad_record_mac.
 Earlier versions of Maven used java.net.URLConnection which respects the 
 https.protocols system property. This allowed us to set it to SSLv3, which is 
 what our Maven repository uses. However, HttpClient ignores that property. In 
 other situations, we programmatically tell HttpClient to use SSLv3, which we 
 cannot do from our end.
 You can find another person in the same situation here: 
 http://stackoverflow.com/questions/12787657/received-fatal-alert-bad-record-mac-when-deploying-to-sonatype

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: 
https://jira.codehaus.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

[jira] (MNG-5363) Regression for SSLv3

2012-12-23 Thread Gili (JIRA)

[
https://jira.codehaus.org/browse/MNG-5363?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=316185#comment-316185
]

Gili commented on MNG-5363:
---

See
http://yuriytkach.blogspot.ca/2011/10/javaxnetsslsslexception-badrecordmac.html
for a related discussion.

Regression for SSLv3

[jira] (MNG-5363) Regression for SSLv3

2012-12-23 Thread Christian Schlichtherle (JIRA)

[
https://jira.codehaus.org/browse/MNG-5363?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=316186#comment-316186
]

Christian Schlichtherle commented on MNG-5363:
--

I was using maven-release-plugin for some multi-module projects (TrueZIP,
TrueVFS etc) successfully in the past. At some point in time it stopped working
reliably however.

TrueVFS consists of more than twenty submodules. It's effectively impossible to
do a release:perform on this project because it almost always stops at any
random submodule due to this failure!

Pleaaase fix this showstopper.

Regression for SSLv3

[jira] (MNG-5363) Regression for SSLv3

2012-12-22 Thread Gili (JIRA)

[
https://jira.codehaus.org/browse/MNG-5363?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=316159#comment-316159
]

Gili commented on MNG-5363:
---

Please increase the priority of this problem. It is critical and should be
fixed ASAP.

Regression for SSLv3

[jira] (MNG-5363) Regression for SSLv3

2012-12-19 Thread David Phillips (JIRA)


[ 
https://jira.codehaus.org/browse/MNG-5363?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=315972#comment-315972
 ] 

David Phillips commented on MNG-5363:
-

This also occurs with 3.0.3:

{noformat}
Apache Maven 3.0.3 (r1075438; 2011-02-28 09:31:09-0800)
Maven home: /usr/share/maven
Java version: 1.7.0_07, vendor: Oracle Corporation
Java home: /Library/Java/JavaVirtualMachines/jdk1.7.0_07.jdk/Contents/Home/jre
Default locale: en_US, platform encoding: UTF-8
OS name: mac os x, version: 10.8.2, arch: x86_64, family: mac
{noformat}

 Regression for SSLv3
 

 Key: MNG-5363
 URL: https://jira.codehaus.org/browse/MNG-5363
 Project: Maven 2  3
  Issue Type: Bug
  Components: Errors
Affects Versions: 3.0.4
 Environment: Operation system independent, but tested on Macbook Pro 
 with 10.6 and Red Hat Enterprise Linux 6 on a virtual machine.
Reporter: James Kionka

 When attempting to access a Maven repository which uses SSLv3, you get the 
 following error, javax.net.ssl.SSLException: Received fatal alert: 
 bad_record_mac.
 Earlier versions of Maven used java.net.URLConnection which respects the 
 https.protocols system property. This allowed us to set it to SSLv3, which is 
 what our Maven repository uses. However, HttpClient ignores that property. In 
 other situations, we programmatically tell HttpClient to use SSLv3, which we 
 cannot do from our end.
 You can find another person in the same situation here: 
 http://stackoverflow.com/questions/12787657/received-fatal-alert-bad-record-mac-when-deploying-to-sonatype

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: 
https://jira.codehaus.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

[jira] (MNG-5363) Regression for SSLv3

2012-11-01 Thread Johannes Schneider (JIRA)

[
https://jira.codehaus.org/browse/MNG-5363?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=312750#comment-312750
]

Johannes Schneider commented on MNG-5363:
-

This is a major problem.

A lot of guys are deploying to oss.sonatype.org these days.
The problem is well known and documented there:

https://support.sonatype.com/entries/22070546-deploy-fails-with-received-fatal-alert-bad-record-mac

Unfortunately this workaround does *not* work with Maven 3.0.4. Therefore
nobody is able to release multi module projects to oss.sonatype.org reliably.

I think this is a blocker

Regression for SSLv3

[jira] (MNG-5363) Regression for SSLv3

2012-10-25 Thread James Kionka (JIRA)

James Kionka created MNG-5363:
-

 Summary: Regression for SSLv3
 Key: MNG-5363
 URL: https://jira.codehaus.org/browse/MNG-5363
 Project: Maven 2  3
  Issue Type: Bug
  Components: Errors
Affects Versions: 3.0.4
 Environment: Operation system independent, but tested on Macbook Pro 
with 10.6 and Red Hat Enterprise Linux 6 on a virtual machine.
Reporter: James Kionka


When attempting to access a Maven repository which uses SSLv3, you get the 
following error, javax.net.ssl.SSLException: Received fatal alert: 
bad_record_mac.

Earlier versions of Maven used java.net.URLConnection which respects the 
https.protocols system property. This allowed us to set it to SSLv3, which is 
what our Maven repository uses. However, HttpClient ignores that property. In 
other situations, we programmatically tell HttpClient to use SSLv3, which we 
cannot do from our end.

You can find another person in the same situation here: 
http://stackoverflow.com/questions/12787657/received-fatal-alert-bad-record-mac-when-deploying-to-sonatype

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: 
https://jira.codehaus.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

[jira] (MNG-5363) Regression for SSLv3

[jira] (MNG-5363) Regression for SSLv3

[jira] (MNG-5363) Regression for SSLv3

[jira] (MNG-5363) Regression for SSLv3

[jira] (MNG-5363) Regression for SSLv3

[jira] (MNG-5363) Regression for SSLv3

[jira] (MNG-5363) Regression for SSLv3

[jira] (MNG-5363) Regression for SSLv3

[jira] (MNG-5363) Regression for SSLv3

[jira] (MNG-5363) Regression for SSLv3

[jira] (MNG-5363) Regression for SSLv3

[jira] (MNG-5363) Regression for SSLv3

[jira] (MNG-5363) Regression for SSLv3

[jira] (MNG-5363) Regression for SSLv3

[jira] (MNG-5363) Regression for SSLv3

[jira] (MNG-5363) Regression for SSLv3

[jira] (MNG-5363) Regression for SSLv3

[jira] (MNG-5363) Regression for SSLv3

18 matches

Site Navigation

Mail list logo

Footer information