Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Problem with SSL with Jira after upgrade from 8.0 to 8.1

JFDionne
JFDionne April 12, 2019

Hi, my ssl connection no longer work after I upgrade from 8.0 to 8.1, I got those errors:

12-Apr-2019 19:29:23.203 SEVERE [https-openssl-nio-8443-exec-8] org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun
java.lang.UnsatisfiedLinkError: org.apache.tomcat.jni.SSL.renegotiatePending(J)I
at org.apache.tomcat.jni.SSL.renegotiatePending(Native Method)
at org.apache.tomcat.util.net.openssl.OpenSSLEngine.getHandshakeStatus(OpenSSLEngine.java:1021)
at org.apache.tomcat.util.net.openssl.OpenSSLEngine.wrap(OpenSSLEngine.java:457)
at javax.net.ssl.SSLEngine.wrap(SSLEngine.java:469)
at org.apache.tomcat.util.net.SecureNioChannel.handshakeWrap(SecureNioChannel.java:440)
at org.apache.tomcat.util.net.SecureNioChannel.handshake(SecureNioChannel.java:211)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1475)
at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Thread.java:748)

 

I have double check all my config for my ssl certificat but I still have same error.

there my connector:

<Connector
SSLEnabled="true"
acceptCount="100"
clientAuth="false"
connectionTimeout="20000"
disableUploadTimeout="true"
enableLookups="false"
keyAlias="jira"
keystoreFile="/opt/atlassian/jira.jks"
keystorePass="...."
keystoreType="JKS"
maxHttpHeaderSize="8192"
maxSpareThreads="75"
maxThreads="150"
minSpareThreads="25"
port="8443"
protocol="org.apache.coyote.http11.Http11NioProtocol"
scheme="https"
secure="true"
sslProtocol="TLS"
useBodyEncodingForURI="true"/>

 

and some logs from catalina.out:

12-Apr-2019 19:34:57.108 WARNING [main] org.apache.catalina.startup.SetAllPropertiesRule.begin [SetAllPropertiesRule]{Server/Service/Connector} Setting property 'maxSpareThreads' to '75' did not find a matching property.
12-Apr-2019 19:34:57.111 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Server version: Apache Tomcat/8.5.35
12-Apr-2019 19:34:57.112 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Server built: Nov 3 2018 17:39:20 UTC
12-Apr-2019 19:34:57.112 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Server number: 8.5.35.0
12-Apr-2019 19:34:57.112 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log OS Name: Linux
12-Apr-2019 19:34:57.112 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log OS Version: 3.10.0-957.10.1.el7.x86_64
12-Apr-2019 19:34:57.112 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Architecture: amd64
12-Apr-2019 19:34:57.112 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Java Home: /opt/atlassian/jira/jre
12-Apr-2019 19:34:57.112 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log JVM Version: 1.8.0_181-b13
12-Apr-2019 19:34:57.112 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log JVM Vendor: Oracle Corporation
12-Apr-2019 19:34:57.112 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log CATALINA_BASE: /opt/atlassian/jira
12-Apr-2019 19:34:57.113 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log CATALINA_HOME: /opt/atlassian/jira
12-Apr-2019 19:34:57.113 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Djava.util.logging.config.file=/opt/atlassian/jira/conf/logging.properties
12-Apr-2019 19:34:57.113 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager
12-Apr-2019 19:34:57.113 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Xms484m
12-Apr-2019 19:34:57.113 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Xmx2048m
12-Apr-2019 19:34:57.113 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -XX:InitialCodeCacheSize=32m
12-Apr-2019 19:34:57.113 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -XX:ReservedCodeCacheSize=512m
12-Apr-2019 19:34:57.113 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Djava.awt.headless=true
12-Apr-2019 19:34:57.113 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Datlassian.standalone=JIRA
12-Apr-2019 19:34:57.113 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Dorg.apache.jasper.runtime.BodyContentImpl.LIMIT_BUFFER=true
12-Apr-2019 19:34:57.113 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Dmail.mime.decodeparameters=true
12-Apr-2019 19:34:57.114 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Dorg.dom4j.factory=com.atlassian.core.xml.InterningDocumentFactory
12-Apr-2019 19:34:57.114 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -XX:-OmitStackTraceInFastThrow
12-Apr-2019 19:34:57.114 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Djava.locale.providers=COMPAT
12-Apr-2019 19:34:57.114 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Datlassian.plugins.startup.options=
12-Apr-2019 19:34:57.114 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Djdk.tls.ephemeralDHKeySize=2048
12-Apr-2019 19:34:57.114 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Djava.protocol.handler.pkgs=org.apache.catalina.webresources
12-Apr-2019 19:34:57.114 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Dorg.apache.catalina.security.SecurityListener.UMASK=0027
12-Apr-2019 19:34:57.114 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Xloggc:/opt/atlassian/jira/logs/atlassian-jira-gc-%t.log
12-Apr-2019 19:34:57.114 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -XX:+UseGCLogFileRotation
12-Apr-2019 19:34:57.114 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -XX:NumberOfGCLogFiles=5
12-Apr-2019 19:34:57.114 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -XX:GCLogFileSize=20M
12-Apr-2019 19:34:57.115 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -XX:+PrintGCDetails
12-Apr-2019 19:34:57.115 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -XX:+PrintGCDateStamps
12-Apr-2019 19:34:57.115 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -XX:+PrintGCTimeStamps
12-Apr-2019 19:34:57.115 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -XX:+PrintGCCause
12-Apr-2019 19:34:57.116 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Dignore.endorsed.dirs=
12-Apr-2019 19:34:57.116 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Dcatalina.base=/opt/atlassian/jira
12-Apr-2019 19:34:57.116 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Dcatalina.home=/opt/atlassian/jira
12-Apr-2019 19:34:57.116 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Djava.io.tmpdir=/opt/atlassian/jira/temp
12-Apr-2019 19:34:57.116 INFO [main] org.apache.catalina.core.AprLifecycleListener.lifecycleEvent An older version [1.2.17] of the APR based Apache Tomcat Native library is installed, while Tomcat recommends a minimum version of [1.2.18]
12-Apr-2019 19:34:57.116 INFO [main] org.apache.catalina.core.AprLifecycleListener.lifecycleEvent Loaded APR based Apache Tomcat Native library [1.2.17] using APR version [1.4.8].
12-Apr-2019 19:34:57.116 INFO [main] org.apache.catalina.core.AprLifecycleListener.lifecycleEvent APR capabilities: IPv6 [true], sendfile [true], accept filters [false], random [true].
12-Apr-2019 19:34:57.116 INFO [main] org.apache.catalina.core.AprLifecycleListener.lifecycleEvent APR/OpenSSL configuration: useAprConnector [false], useOpenSSL [true]
12-Apr-2019 19:34:57.119 INFO [main] org.apache.catalina.core.AprLifecycleListener.initializeSSL OpenSSL successfully initialized [OpenSSL 1.0.2k-fips 26 Jan 2017]
12-Apr-2019 19:34:57.263 INFO [main] org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler ["http-nio-8080"]
12-Apr-2019 19:34:57.269 INFO [main] org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler ["https-openssl-nio-8443"]
12-Apr-2019 19:34:57.462 INFO [main] org.apache.tomcat.util.net.NioSelectorPool.getSharedSelector Using a shared selector for servlet write/read
12-Apr-2019 19:34:57.465 INFO [main] org.apache.catalina.startup.Catalina.load Initialization processed in 717 ms
12-Apr-2019 19:34:57.476 INFO [main] org.apache.catalina.core.StandardService.startInternal Starting service [Catalina]
12-Apr-2019 19:34:57.476 INFO [main] org.apache.catalina.core.StandardEngine.startInternal Starting Servlet Engine: Apache Tomcat/8.5.35

 

My certificate is still valid and was working fine just before I upgrade, someone have any idea? 

 

Edit:

It seem 8.1 use tomcat version 8.5.35 and 8.0 was using 8.5.32, if I copy the lib/tomcat-* from 8.5.32 over the new version it's working, but I'm not sure what I'll broke by doing that.

 

Answer
Watch
Like Be the first to like this
2354 views

3 answers

1 vote
Frank Steiner
Frank Steiner
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
July 18, 2019

I could solve it by upgrading the tomcat native library to 1.2.21.

Reply
0 votes
Frank Steiner
Frank Steiner
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
July 18, 2019

Same problem here after we upgraded from 7.13.1 to 8.2.3. I seems to be related to the tomcat-native library (libtcnative-1.so). If we remove it, jira SSL works. Unfortunately we need it for other apps, sot that's not a solution. Looks like a bug in several tomcat versions, see also https://bugzilla.redhat.com/show_bug.cgi?id=1690651

 

cu,

Frank

Reply
0 votes
Gonchik Tsymzhitov
Gonchik Tsymzhitov
Community Champion
April 12, 2019

Hi! 

Could you change protocol="HTTP/1.1" instead of protocol="org.apache.coyote.http11.Http11NioProtocol", please? 

View More Comments
JFDionne
JFDionne April 12, 2019

Hi, I just try, and I got the same error (I restored the lib directory)

Like
Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Terms Security
    Welcome illustration

    Welcome to the new Atlassian Community

    Online forums and learning are now in one easy-to-use experience.

    By continuing, you accept the updated Community Terms of Use and acknowledge the Privacy Policy. Your public name, photo, and achievements may be publicly visible and available in search engines.