Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Disabling SSLv3 JIRA 6.2.7

FabienA
FabienA March 12, 2015

Hi,

I follow the documentation https://confluence.atlassian.com/display/JIRA/How+To+Disable+SSLv3+to+Mitigate+Against+POODLE+Exploit+for+JIRA to disable the SSLv3 because of poodle fail.

But when I restart my JIRA I get in my catalina.out the following issues:

SEVERE: Failed to initialize end point associated with ProtocolHandler ["http-bio-444"]
java.io.IOException: TLSv1,TLSv1.1 SSLContext not available
    at org.apache.tomcat.util.net.jsse.JSSESocketFactory.init(JSSESocketFactory.java:459)
    at org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESocketFactory.java:181)
    at org.apache.tomcat.util.net.JIoEndpoint.bind(JIoEndpoint.java:394)
    at org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:623)
    at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:434)
    at org.apache.coyote.http11.AbstractHttp11JsseProtocol.init(AbstractHttp11JsseProtocol.java:119)
    at org.apache.catalina.connector.Connector.initInternal(Connector.java:981)
    at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
    at org.apache.catalina.core.StandardService.initInternal(StandardService.java:559)
    at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
    at org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:814)
    at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
    at org.apache.catalina.startup.Catalina.load(Catalina.java:640)
    at org.apache.catalina.startup.Catalina.load(Catalina.java:665)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
    at java.lang.reflect.Method.invoke(Unknown Source)
    at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:281)
    at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:455)
Caused by: java.security.NoSuchAlgorithmException: TLSv1,TLSv1.1 SSLContext not available
    at sun.security.jca.GetInstance.getInstance(Unknown Source)
    at javax.net.ssl.SSLContext.getInstance(Unknown Source)
    at org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSSLContext(JSSESocketFactory.java:472)
    at org.apache.tomcat.util.net.jsse.JSSESocketFactory.init(JSSESocketFactory.java:433)
    ... 19 more

Mar 12, 2015 4:50:57 PM org.apache.catalina.core.StandardService initInternal
SEVERE: Failed to initialize connector [Connector[HTTP/1.1-444]]
org.apache.catalina.LifecycleException: Failed to initialize component [Connector[HTTP/1.1-444]]
    at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:106)
    at org.apache.catalina.core.StandardService.initInternal(StandardService.java:559)
    at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
    at org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:814)
    at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
    at org.apache.catalina.startup.Catalina.load(Catalina.java:640)
    at org.apache.catalina.startup.Catalina.load(Catalina.java:665)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
    at java.lang.reflect.Method.invoke(Unknown Source)
    at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:281)
    at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:455)
Caused by: org.apache.catalina.LifecycleException: Protocol handler initialization failed
    at org.apache.catalina.connector.Connector.initInternal(Connector.java:983)
    at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
    ... 12 more
Caused by: java.io.IOException: TLSv1,TLSv1.1 SSLContext not available
    at org.apache.tomcat.util.net.jsse.JSSESocketFactory.init(JSSESocketFactory.java:459)
    at org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESocketFactory.java:181)
    at org.apache.tomcat.util.net.JIoEndpoint.bind(JIoEndpoint.java:394)
    at org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:623)
    at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:434)
    at org.apache.coyote.http11.AbstractHttp11JsseProtocol.init(AbstractHttp11JsseProtocol.java:119)
    at org.apache.catalina.connector.Connector.initInternal(Connector.java:981)
    ... 13 more
Caused by: java.security.NoSuchAlgorithmException: TLSv1,TLSv1.1 SSLContext not available
    at sun.security.jca.GetInstance.getInstance(Unknown Source)
    at javax.net.ssl.SSLContext.getInstance(Unknown Source)
    at org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSSLContext(JSSESocketFactory.java:472)
    at org.apache.tomcat.util.net.jsse.JSSESocketFactory.init(JSSESocketFactory.java:433)
    ... 19 more

Mar 12, 2015 4:50:57 PM org.apache.catalina.startup.Catalina load
INFO: Initialization processed in 992 ms
Mar 12, 2015 4:50:57 PM org.apache.catalina.core.StandardService startInternal
INFO: Starting service Catalina
Mar 12, 2015 4:50:57 PM org.apache.catalina.core.StandardEngine startInternal
INFO: Starting Servlet Engine: Apache Tomcat/7.0.47
2015-03-12 16:51:07,019 localhost-startStop-1 INFO      [atlassian.jira.startup.JiraStartupLogger]

 

And JIRA is unavailable then.

Please thanks to advise.

Best.

 

Answer
Watch
Like Be the first to like this
937 views

6 answers

0 votes
FabienA
FabienA March 13, 2015

Hi thanks for your feedback. Unfortunately I can't test from outside, it's an internal use.

Reply
0 votes
David Di Blasio
David Di Blasio
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
March 13, 2015

Hi Fabien,

I get the same type of results when I test as well. Try testing your site with https://www.ssllabs.com/ssltest/ and see what your results look like. 

Reply
0 votes
FabienA
FabienA March 13, 2015

I made the modifications you provided. I haven't the warning message. And now when i test for vulnerability I do:

openssl s_client -connect myserver:8443 -ssl3

and get:

CONNECTED(00000003)
140010307163976:error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number:s3_pkt.c:339:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 5 bytes and written 7 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : SSLv3
    Cipher    : 0000
    Session-ID:
    Session-ID-ctx:
    Master-Key:
    Key-Arg   : None
    Krb5 Principal: None
    PSK identity: None
    PSK identity hint: None
    Start Time: 1426258928
    Timeout   : 7200 (sec)
    Verify return code: 0 (ok)
---

Is it ok to stop the POODLE vulnerability?

 

 

Reply
0 votes
David Di Blasio
David Di Blasio
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
March 13, 2015

Hi Fabien, 

I did a bunch of testing and was able to get this to work with the following example connector:

<Connector SSLEnabled="true" acceptCount="100" clientAuth="false" connectionTimeout="20000" disableUploadTimeout="true" enableLookups="false" keyAlias="jira" keystoreFile="jira.jks" keystorePass="xxxxx" keystoreType="JKS" maxHttpHeaderSize="8192" maxThreads="150" minSpareThreads="25" port="8443" protocol="org.apache.coyote.http11.Http11Protocol" scheme="https" secure="true" sslEnabledProtocols="TLSv1,TLSv1.1,TLSv1.2" useBodyEncodingForURI="true"/>

Try modifying this with your keystore information and see if you can connect on port 8443.

Reply
0 votes
FabienA
FabienA March 12, 2015

Hi I'just checked that I forget to add the "s" to sslProtocols

I added it but now I get in my catalinat.out:

Mar 12, 2015 9:31:49 PM org.apache.catalina.core.AprLifecycleListener init
INFO: The APR based Apache Tomcat Native library which allows optimal performance in production environments was not found on the java.library.path: /usr/java/packages/lib/amd64:/usr/lib64:/lib64:/lib:/usr/lib
Mar 12, 2015 9:31:49 PM org.apache.catalina.startup.SetAllPropertiesRule begin
WARNING: [SetAllPropertiesRule]{Server/Service/Connector} Setting property 'maxSpareThreads' to '75' did not find a matching property.
Mar 12, 2015 9:31:49 PM org.apache.catalina.startup.SetAllPropertiesRule begin
WARNING: [SetAllPropertiesRule]{Server/Service/Connector} Setting property 'sslProtocols' to 'TLSv1,TLSv1.1,TLSv1.2' did not find a matching property.
Mar 12, 2015 9:31:49 PM org.apache.coyote.AbstractProtocol init
INFO: Initializing ProtocolHandler ["http-bio-444"]
Mar 12, 2015 9:31:50 PM org.apache.catalina.startup.Catalina load
INFO: Initialization processed in 1026 ms
Mar 12, 2015 9:31:50 PM org.apache.catalina.core.StandardService startInternal
INFO: Starting service Catalina
Mar 12, 2015 9:31:50 PM org.apache.catalina.core.StandardEngine startInternal
INFO: Starting Servlet Engine: Apache Tomcat/7.0.47
2015-03-12 21:31:59,051 localhost-startStop-1 INFO      [atlassian.jira.startup.JiraStartupLogger]

Reply
0 votes
David Di Blasio
David Di Blasio
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
March 12, 2015

Hi Fabien, 

Can you share your server.xml with us so we can get a better sense of what you config looks like? You'll want to make sure you remove your keystore password. 

Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Terms Security
    Welcome illustration

    Welcome to the new Atlassian Community

    Online forums and learning are now in one easy-to-use experience.

    By continuing, you accept the updated Community Terms of Use and acknowledge the Privacy Policy. Your public name, photo, and achievements may be publicly visible and available in search engines.