Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-60512

ssl connection error on el8 during p4sync

    Details

    • Type: Bug
    • Status: Open (View Workflow)
    • Priority: Major
    • Resolution: Unresolved
    • Component/s: p4-plugin
    • Labels:
      None
    • Environment:
      OS for agent: RHEL8
      Jenkins version: 2.176.2
      p4 plugin version: 1.10.7
    • Similar Issues:

      Description

      We are trying to upgrade to RHEL 8.x jenkins agents.

      We are encountering the following error:

      18:23:39 (p4):stop:10
      18:23:39 P4: builds: 335577
      18:24:56 P4: Connection retry: 1
      18:24:59 P4: Connection retry: 2
      18:24:59 P4: Connection retry: 3
      [Pipeline] }
      [Pipeline] // node
      [Pipeline] }
      [Pipeline] // timestamps
      [Pipeline] End of Pipeline
      ERROR: P4: Task Exception: Error occurred during the SSL handshake: invalid SSL session

      The Jenkinsfile is:

      timestamps {
        node('brhel8') {
        p4sync credential: 'xxx.prod', populate: autoClean(delete: true), source: streamSource('//scratch_stream/main')
        }
      }

        Attachments

          Issue Links

            Activity

            Hide
            mrose Michael Rose added a comment -

            We were able to get this to work by running the following command on the agent:

            update-crypto-policies --set LEGACY

            Found in RHEL8 documentation
            https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/considerations_in_adopting_rhel_8/security_considerations-in-adopting-rhel-8#tls-v10-v11_security

            Show
            mrose Michael Rose added a comment - We were able to get this to work by running the following command on the agent: update-crypto-policies --set LEGACY Found in RHEL8 documentation https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/considerations_in_adopting_rhel_8/security_considerations-in-adopting-rhel-8#tls-v10-v11_security
            Hide
            mrose Michael Rose added a comment -

            Paul Allen or Karl Wirth: Is there a better solution than rolling back security improvements in RHEL8?

            Show
            mrose Michael Rose added a comment - Paul Allen or Karl Wirth : Is there a better solution than rolling back security improvements in RHEL8?
            Hide
            joel_brown Joel Brown added a comment - - edited

            You can force the p4 plugin (i.e., P4Java) connection to use a higher TLS version  by starting your JVM (master and slaves) with

            -DsecureSocketEnabledProtocols=TLSv1.2

             Edit:   for that to work to need later versions of p4d server.  I know the  latest 18.2, 19.1, and 19.2 patch releases work.  

            A bit more info here:  https://community.perforce.com/s/article/2620

            Show
            joel_brown Joel Brown added a comment - - edited You can force the p4 plugin (i.e., P4Java) connection to use a higher TLS version  by starting your JVM (master and slaves) with -DsecureSocketEnabledProtocols=TLSv1.2  Edit:   for that to work to need later versions of p4d server.  I know the  latest 18.2, 19.1, and 19.2 patch releases work.   A bit more info here:   https://community.perforce.com/s/article/2620

              People

              • Assignee:
                Unassigned
                Reporter:
                mrose Michael Rose
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated: