Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-53029

Does anyone know if Jenkins supports IBM J9 plus TLSv1.2 ?

    Details

    • Type: Bug
    • Status: Open (View Workflow)
    • Priority: Major
    • Resolution: Unresolved
    • Component/s: core
    • Labels:
    • Environment:
    • Similar Issues:

      Description

      Previously I used Jenkins+Oracle JRE 1.8, it works with TLSv1.2, but when I run the Jenkins jobs from UCD, it shows the java version is not compatible. So I switched java to IBM J9 JRE 1.8, generated and imported the certificate on Jenkins keystore and java keystore. The jenkins can be started with the argument "--httpsKeyManagerType=IbmX509", but the SSL (TLSv1.2) is not working , so the https url cannot be accessed.

      Below is some error information from Jenkins server command:
      openssl s_client -connect my_jenkins_host :8443
      CONNECTED(00000003)
      140241296922440:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure:s23_clnt.c:744:

      no peer certificate available

      No client certificate CA names sent

      SSL handshake has read 7 bytes and written 247 bytes

      New, (NONE), Cipher is (NONE)
      Secure Renegotiation IS NOT supported
      Compression: NONE
      Expansion: NONE

      java -jar jenkins-cli.jar -s https://my_jenkins_host:8443 build df_test -s -v --username me_admin --password tivoli4u
      javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
      at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
      at sun.security.ssl.Alerts.getSSLException(Alerts.java:154)
      at sun.security.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:2033)
      at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1135)
      at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1385)
      at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1413)
      at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1397)
      at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:559)
      at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
      at sun.net.www.protocol.http.HttpURLConnection.getOutputStream0(HttpURLConnection.java:1334)
      at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:1309)
      at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(HttpsURLConnectionImpl.java:259)
      at hudson.cli.FullDuplexHttpStream.<init>(FullDuplexHttpStream.java:100)
      at hudson.cli.CLI.plainHttpConnection(CLI.java:652)
      at hudson.cli.CLI._main(CLI.java:612)
      at hudson.cli.CLI.main(CLI.java:426)

        Attachments

          Activity

          Hide
          oleg_nenashev Oleg Nenashev added a comment -

          Technically it does. Practically - not sure about this particular issue

          Show
          oleg_nenashev Oleg Nenashev added a comment - Technically it does. Practically - not sure about this particular issue
          Hide
          jackybie2028 Jacky Bie added a comment -

          Oleg Nenashev Thanks for your comments ! Do you have any suggestion on how to fix this issue ?

          Show
          jackybie2028 Jacky Bie added a comment - Oleg Nenashev Thanks for your comments ! Do you have any suggestion on how to fix this issue ?
          Hide
          oleg_nenashev Oleg Nenashev added a comment -

          For starters, which versions of Jwnkins CLI and Jenkins do you use?

          Show
          oleg_nenashev Oleg Nenashev added a comment - For starters, which versions of Jwnkins CLI and Jenkins do you use?
          Hide
          jackybie2028 Jacky Bie added a comment -

          Hello Oleg,

          The Jenkins version we used is: 2.121.1

          Show
          jackybie2028 Jacky Bie added a comment - Hello Oleg, The Jenkins version we used is: 2.121.1
          Hide
          markewaite Mark Waite added a comment -

          Wouldn't it be better to define an IBM J9 JDK as a tool that can be used for the jobs which need the J9 JDK? That will avoid you being on the "cutting edge" of determining all the ways that the IBM J9 JDK surprises Jenkins.

          Show
          markewaite Mark Waite added a comment - Wouldn't it be better to define an IBM J9 JDK as a tool that can be used for the jobs which need the J9 JDK? That will avoid you being on the "cutting edge" of determining all the ways that the IBM J9 JDK surprises Jenkins.
          Hide
          jackybie2028 Jacky Bie added a comment -

          Could you please provide us the details on how to define an IBM J9 JDK as a tool that can be used for the jobs which need the J9 JDK ? Thanks in advance !

          Show
          jackybie2028 Jacky Bie added a comment - Could you please provide us the details on how to define an IBM J9 JDK as a tool that can be used for the jobs which need the J9 JDK ? Thanks in advance !
          Hide
          markewaite Mark Waite added a comment - - edited

          The jenkins.io documentation includes a tutorial that shows how to use a Docker image inside a Pipeline to access a specific tool (like Maven). If IBM J9 JDK is available as a Docker image, that tutorial might be one technique to do it.

          Another technique is to open "Manage Jenkins" -> "Global Tool Configuration" and press the "JDK" button. That opens a section of the UI so that you can provide a zip or tar.gz file that will be unpacked on the agent when a tool of that label is used by a Freestyle or Pipeline job. If IBM J9 is provided as a zip or tar.gz, you could use that technique. Unfortunately, I did not find a tutorial that shows the technique.

          Show
          markewaite Mark Waite added a comment - - edited The jenkins.io documentation includes a tutorial that shows how to use a Docker image inside a Pipeline to access a specific tool (like Maven). If IBM J9 JDK is available as a Docker image, that tutorial might be one technique to do it. Another technique is to open "Manage Jenkins" -> "Global Tool Configuration" and press the "JDK" button. That opens a section of the UI so that you can provide a zip or tar.gz file that will be unpacked on the agent when a tool of that label is used by a Freestyle or Pipeline job. If IBM J9 is provided as a zip or tar.gz, you could use that technique. Unfortunately, I did not find a tutorial that shows the technique.

            People

            • Assignee:
              Unassigned
              Reporter:
              jackybie2028 Jacky Bie
            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated: