-
Bug
-
Resolution: Unresolved
-
Minor
-
None
-
Jenkins: 1.583
Server: Windows Server 2013 R2
container: jetty
Installed: as a service
Web browser: IE10, Firefox 32.0
JAVA: Oracle JRE 1.7.0_60
I'm running Jenkins directly (via jetty) and have some problem with a SSL connection. I have signed Jenkins.crt certificate.
I've imported it to keystore with a following command:
keytool -keystore keystore -import -alias jetty -file Jenkins.crt -trustcacerts
In jenkins.xml I use created keystore:
--httpsKeyStore="keystore" --httpsKeyStorePassword="xxx" --httpPort=8080 --httpsPort=443
Unfortunately SSL connection doesn't work, since it works fine with http.
IE shows error message 'This page can't be displayed' and Firefox complains as well 'The connection was interrupted'.
Jenkins doesn't show valuable information in the jenkins.err.log file:
INFO: Loaded all jobs Nov 14, 2014 2:36:29 PM org.springframework.web.context.support.StaticWebApplicationContext prepareRefresh INFO: Refreshing org.springframework.web.context.support.StaticWebApplicationContext@5962f7ac: display name [Root WebApplicationContext]; startup date [Fri Nov 14 14:36:29 CET 2014]; root of context hierarchy Nov 14, 2014 2:36:29 PM org.springframework.web.context.support.StaticWebApplicationContext obtainFreshBeanFactory INFO: Bean factory for application context [org.springframework.web.context.support.StaticWebApplicationContext@5962f7ac]: org.springframework.beans.factory.support.DefaultListableBeanFactory@7123f24f Nov 14, 2014 2:36:29 PM org.springframework.beans.factory.support.DefaultListableBeanFactory preInstantiateSingletons INFO: Pre-instantiating singletons in org.springframework.beans.factory.support.DefaultListableBeanFactory@7123f24f: defining beans [authenticationManager]; root of factory hierarchy Nov 14, 2014 2:36:29 PM org.springframework.web.context.support.StaticWebApplicationContext prepareRefresh INFO: Refreshing org.springframework.web.context.support.StaticWebApplicationContext@7f02e185: display name [Root WebApplicationContext]; startup date [Fri Nov 14 14:36:29 CET 2014]; root of context hierarchy Nov 14, 2014 2:36:29 PM org.springframework.web.context.support.StaticWebApplicationContext obtainFreshBeanFactory INFO: Bean factory for application context [org.springframework.web.context.support.StaticWebApplicationContext@7f02e185]: org.springframework.beans.factory.support.DefaultListableBeanFactory@1ffbb0ba Nov 14, 2014 2:36:29 PM org.springframework.beans.factory.support.DefaultListableBeanFactory preInstantiateSingletons INFO: Pre-instantiating singletons in org.springframework.beans.factory.support.DefaultListableBeanFactory@1ffbb0ba: defining beans [filter,legacy]; root of factory hierarchy
It looks like some error with SSL in Jenkins.
I've tried to investigate it a little bit, so I saw that connection doesn't work with TLS1:
>openssl s_client -connect 1.2.3.4:443 -state -debug -prexit Loading 'screen' into random state - done CONNECTED(00000154) SSL_connect:before/connect initialization write to 0x1f21d90 [0x1f21dd8] (108 bytes => 108 (0x6C)) 0000 - 80 6a 01 03 01 00 51 00-00 00 10 00 00 39 00 00 .j....Q......9.. 0010 - 38 00 00 35 00 00 16 00-00 13 00 00 0a 07 00 c0 8..5............ 0020 - 00 00 33 00 00 32 00 00-2f 00 00 07 05 00 80 03 ..3..2../....... 0030 - 00 80 00 00 05 00 00 04-01 00 80 00 00 15 00 00 ................ 0040 - 12 00 00 09 06 00 40 00-00 14 00 00 11 00 00 08 ......@......... 0050 - 00 00 06 04 00 80 00 00-03 02 00 80 51 bc 7a 43 ............Q.zC 0060 - 23 10 48 4d 7a 4f 21 72-9c 4b a8 30 #.HMzO!r.K.0 SSL_connect:SSLv2/v3 write client hello A read from 0x1f21d90 [0x1f27338] (7 bytes => 0 (0x0)) 7944:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:./ssl/s23_lib.c:188: --- no peer certificate available --- No client certificate CA names sent --- SSL handshake has read 0 bytes and written 108 bytes --- New, (NONE), Cipher is (NONE) Compression: NONE Expansion: NONE
With a DTLS1 different error occurs:
openssl s_client -connect 1.2.3.4:443 -dtls1 -prexit Loading 'screen' into random state - done CONNECTED(000001DC) write:errno=10054 --- no peer certificate available --- No client certificate CA names sent --- SSL handshake has read 0 bytes and written 0 bytes --- New, (NONE), Cipher is (NONE) Compression: NONE Expansion: NONE SSL-Session: Protocol : unknown Cipher : 0000 Session-ID: Session-ID-ctx: Master-Key: Key-Arg : None Start Time: 1415973203 Timeout : 7200 (sec) Verify return code: 0 (ok) ---