Hello everyone, I've inherited a project using GoCD v18.9.0 with agents running on Windows server. Our security team has asked us to disable TLS v1.0 and v1.1 on the servers, however, when we do so, the agent returns the following error when attempting a deployment:
- Error: Could not complete the request to remote agent URL 'https://127.0.0.1:8172/msdeploy.axd?site=RL-Dev'. - Error: The request was aborted: Could not create SSL/TLS secure channel. - Error count: 1. Looking at the 18.9 documentation <https://docs.gocd.org/18.9.0/installation/ssl_tls/setting_up_ciphers.html> TLS v1.2 should be the default, I'm also not seeing any overriding configuration in our files. When I do try to override and force TLSv1.2 via: wrapper.java.additional.2="-Dgo.ssl.agent.protocol='TLSv1.2'" We get the following error in the go-agent-launcher.log file: ERROR [WrapperJarAppMain] ServerBinaryDownloader:80 - Couldn't update admin/agent-launcher.jar. Sleeping for 1m. Error: java.security.NoSuchAlgorithmException: 'TLSv1.2' SSLContext not available at sun.security.jca.GetInstance.getInstance(GetInstance.java:159) at javax.net.ssl.SSLContext.getInstance(SSLContext.java:156) at org.apache.http.ssl.SSLContextBuilder.build(SSLContextBuilder.java:389) at com.thoughtworks.go.agent.common.ssl.GoAgentServerHttpClientBuilder.build(GoAgentServerHttpClientBuilder.java:68) at com.thoughtworks.go.agent.launcher.ServerBinaryDownloader.fetchUpdateCheckHeaders(ServerBinaryDownloader.java:95) at com.thoughtworks.go.agent.launcher.ServerBinaryDownloader.downloadIfNecessary(ServerBinaryDownloader.java:72) at com.thoughtworks.go.agent.launcher.AgentLauncherImpl.doLaunch(AgentLauncherImpl.java:90) at com.thoughtworks.go.agent.launcher.AgentLauncherImpl.lambda$launch$0(AgentLauncherImpl.java:68) at com.thoughtworks.go.logging.LogConfigurator.runWithLogger(LogConfigurator.java:62) at com.thoughtworks.go.agent.launcher.AgentLauncherImpl.launch(AgentLauncherImpl.java:68) at com.thoughtworks.go.agent.bootstrapper.AgentBootstrapper.go(AgentBootstrapper.java:79) at com.thoughtworks.go.agent.bootstrapper.AgentBootstrapper.lambda$main$0(AgentBootstrapper.java:60) at com.thoughtworks.go.logging.LogConfigurator.runWithLogger(LogConfigurator.java:53) at com.thoughtworks.go.agent.bootstrapper.AgentBootstrapper.main(AgentBootstrapper.java:60) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at com.thoughtworks.gocd.Boot.run(Boot.java:111) at com.thoughtworks.gocd.Boot.main(Boot.java:57) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at org.tanukisoftware.wrapper.WrapperJarApp.run(WrapperJarApp.java:427) at java.lang.Thread.run(Thread.java:745) Checking the Java version: C:\Go Agent\jre\bin>java -version java version "1.8.0_102" Java(TM) SE Runtime Environment (build 1.8.0_102-b14) Java HotSpot(TM) 64-Bit Server VM (build 25.102-b14, mixed mode) We've also tried adding "-Dhttps.protocols=TLSv1.2" in the startup parameters, but that doesn't help (or throw any errors) either. When we re-enable TLS v1.0 and v1.1, then deployment is successful again. Any ideas as to why TLSv1.2 isn't working in this case? -- You received this message because you are subscribed to the Google Groups "go-cd" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/go-cd/6f7c915c-c52c-4ee5-898e-773202ac2673n%40googlegroups.com.
