Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-25619

The connection was interrupted - issue with TSL

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Minor Minor
    • core
    • None
    • Jenkins: 1.583
      Server: Windows Server 2013 R2
      container: jetty
      Installed: as a service
      Web browser: IE10, Firefox 32.0
      JAVA: Oracle JRE 1.7.0_60

      I'm running Jenkins directly (via jetty) and have some problem with a SSL connection. I have signed Jenkins.crt certificate.
      I've imported it to keystore with a following command:

      keytool -keystore keystore -import -alias jetty -file Jenkins.crt -trustcacerts

      In jenkins.xml I use created keystore:

      --httpsKeyStore="keystore" --httpsKeyStorePassword="xxx" --httpPort=8080 --httpsPort=443

      Unfortunately SSL connection doesn't work, since it works fine with http.
      IE shows error message 'This page can't be displayed' and Firefox complains as well 'The connection was interrupted'.

      Jenkins doesn't show valuable information in the jenkins.err.log file:

      INFO: Loaded all jobs
Nov 14, 2014 2:36:29 PM org.springframework.web.context.support.StaticWebApplicationContext prepareRefresh
INFO: Refreshing org.springframework.web.context.support.StaticWebApplicationContext@5962f7ac: display name [Root WebApplicationContext]; startup date [Fri Nov 14 14:36:29 CET 2014]; root of context hierarchy
Nov 14, 2014 2:36:29 PM org.springframework.web.context.support.StaticWebApplicationContext obtainFreshBeanFactory
INFO: Bean factory for application context [org.springframework.web.context.support.StaticWebApplicationContext@5962f7ac]: org.springframework.beans.factory.support.DefaultListableBeanFactory@7123f24f
Nov 14, 2014 2:36:29 PM org.springframework.beans.factory.support.DefaultListableBeanFactory preInstantiateSingletons
INFO: Pre-instantiating singletons in org.springframework.beans.factory.support.DefaultListableBeanFactory@7123f24f: defining beans [authenticationManager]; root of factory hierarchy
Nov 14, 2014 2:36:29 PM org.springframework.web.context.support.StaticWebApplicationContext prepareRefresh
INFO: Refreshing org.springframework.web.context.support.StaticWebApplicationContext@7f02e185: display name [Root WebApplicationContext]; startup date [Fri Nov 14 14:36:29 CET 2014]; root of context hierarchy
Nov 14, 2014 2:36:29 PM org.springframework.web.context.support.StaticWebApplicationContext obtainFreshBeanFactory
INFO: Bean factory for application context [org.springframework.web.context.support.StaticWebApplicationContext@7f02e185]: org.springframework.beans.factory.support.DefaultListableBeanFactory@1ffbb0ba
Nov 14, 2014 2:36:29 PM org.springframework.beans.factory.support.DefaultListableBeanFactory preInstantiateSingletons
INFO: Pre-instantiating singletons in org.springframework.beans.factory.support.DefaultListableBeanFactory@1ffbb0ba: defining beans [filter,legacy]; root of factory hierarchy

      It looks like some error with SSL in Jenkins.
      I've tried to investigate it a little bit, so I saw that connection doesn't work with TLS1:

      >openssl s_client   -connect 1.2.3.4:443 -state -debug -prexit
Loading 'screen' into random state - done
CONNECTED(00000154)
SSL_connect:before/connect initialization
write to 0x1f21d90 [0x1f21dd8] (108 bytes => 108 (0x6C))
0000 - 80 6a 01 03 01 00 51 00-00 00 10 00 00 39 00 00   .j....Q......9..
0010 - 38 00 00 35 00 00 16 00-00 13 00 00 0a 07 00 c0   8..5............
0020 - 00 00 33 00 00 32 00 00-2f 00 00 07 05 00 80 03   ..3..2../.......
0030 - 00 80 00 00 05 00 00 04-01 00 80 00 00 15 00 00   ................
0040 - 12 00 00 09 06 00 40 00-00 14 00 00 11 00 00 08   ......@.........
0050 - 00 00 06 04 00 80 00 00-03 02 00 80 51 bc 7a 43   ............Q.zC
0060 - 23 10 48 4d 7a 4f 21 72-9c 4b a8 30               #.HMzO!r.K.0
SSL_connect:SSLv2/v3 write client hello A
read from 0x1f21d90 [0x1f27338] (7 bytes => 0 (0x0))
7944:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:./ssl/s23_lib.c:188:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and written 108 bytes
---
New, (NONE), Cipher is (NONE)
Compression: NONE
Expansion: NONE

      With a DTLS1 different error occurs:

      openssl s_client   -connect 1.2.3.4:443 -dtls1 -prexit
Loading 'screen' into random state - done
CONNECTED(000001DC)
write:errno=10054
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and written 0 bytes
---
New, (NONE), Cipher is (NONE)
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : unknown
    Cipher    : 0000
    Session-ID:
    Session-ID-ctx:
    Master-Key:
    Key-Arg   : None
    Start Time: 1415973203
    Timeout   : 7200 (sec)
    Verify return code: 0 (ok)
---

            Unassigned Unassigned
            pawelgrz Pawel Grzegrzolka
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated: