RTC / Jenkins connection over SSL
We have new Jenkins install (1.587) with the 1.1.9 team concert plugin. We are using an RTC server which is at level 4.0.6 (I do not administer the RTC server).
I have Jenkins working fine over SSL - it's just a basic installation using Winstone (no Apache, Tomcat etc). I can configure a job in Jenkins and validate the RTC Build definition (so there is some communication that works) but I can't get the Jenkins Build Engine working in RTC. This fails when I try the connection test:
The error is: Connection test requested.
Connecting to: https://aegir.ssd.hursley.ibm.com:9445
Exception: javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection? Test connection FAILED!
This looks similar to https://jazz.net/forum/questions/163603/how-to-create-rtc-build-engine-with-jenkins-using-ssl but I think that Dan had already got further than I have.
I suspect I have done/not done something obvious, can anyone see what it is?
5 answers
curl -k --SSLv2 --request GET 'https://aegir.ssd.hursley.ibm.com:9445'
curl: (35) SSL connect error
curl -k --SSLv3 --request GET 'https://aegir.ssd.hursley.ibm.com:9445'
curl: (35) SSL connect error
curl -k --TLSv1 --request GET 'https://aegir.ssd.hursley.ibm.com:9445'
..gets what looks like the Jenkins home page.
What protocol does RTC 4.0.6 use? Could the 'plain text response' just be the error message?
Comments
More slow progress. We fixed an issue with a firewall rule and got as far as this error from RTC:
Connection test requested.
Connecting to: https://aegir.ssd.hursley.ibm.com:9445
Exception: javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake Test connection FAILED!
From memory this is identical to the problem linked to above.
Hi.
We are using (almost) latest Jenkins 1.592, on a Window r2008 V2 server, with builtin winstone web server, and Team concert Plugin 1.1.9. RTC Server is at 4.07, and we had this connection working for a couple a weeks until today, the https connection has stopped working. We get the "Exception: javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake" message. We revert to http connection, and it is fine.
where is jenkins running? under tomcat or jetty?
Comments
where is your RTC running? Tomcat or Websphere? that is where the config has to be done.
see here
https://jazz.net/help-dev/clm/index.jsp?re=1&topic=/com.ibm.jazz.install.doc/topics/t_enable_tls1.2_was.html&scope=null
Thanks Sam - unfortunately I don't have any access to the RTC systems - they are run by a central DevOps group and all I can do is raise and issue with them and wait till they have time to look at it. I'm sure they know how to configure it.
https://issues.jenkins-ci.org/browse/JENKINS-25169. I have opened a helpdesk request in our location as well to see what security protocol RTC is using, and whether it can be changed..
we see the same issue on RTC 5.0.0 running on tomcat.
until Jenknis 1.584 the test connection on the build engine dialog returns
Connection test requested.
Connecting to: https://xyz:9443/
Found header: X-Jenkins - 1.584
Found header: X-Hudson - 1.395
Test connection SUCCESSFUL!
with Jenknis 1.585 the result is
Connection test requested.
Connecting to: https://xyz:9443/
Exception: javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake Test connection FAILED!
comparing the Jenkins 1.584 and 1.585 startup log
1.584:
INFO: Enabled Protocols [SSLv2Hello, SSLv3, TLSv1] of [SSLv2Hello, SSLv3, TLSv1]
1.585:
INFO: Enabled Protocols [TLSv1] of [SSLv2Hello, SSLv3, TLSv1]
it looks like Jenkins 1.585 and later only supports TLSv1.
Is there a description how to configure RTC 5.0.0 for TLSv1?
Thanx, Steffen