I had the same issue with OpenJDK 1.7.0 on CentOS 6.6. I had nss 3.16 and 
upgrading to nss 3.19 fixed the issue.


On Thursday, 11 June 2015 16:08:46 UTC+1, Ari LiVigni wrote:
>
> I am having an issue with Java 1.7 and using self-signed cert it works 
> with Java 1.6 and an official certificate but in some cases we have test 
> Jenkins where we self sign.
>
> Is there a setting in the jenkins config to get around this issue? 
>  Something that can be done with Jetty?
>
> Here are exceptions from the jenkins log and the cli
>
> https://paste.fedoraproject.org/231148/
>
> Exception from Jenkins Log:
>
> Jun 10, 2015 6:06:21 PM org.eclipse.jetty.util.log.JavaUtilLog warn
> WARNING: handle failed
> java.lang.RuntimeException: java.security.KeyException
>       at sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1333)
>       at 
> sun.security.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:519)
>       at sun.security.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:799)
>       at sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:767)
>       at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:624)
>       at org.eclipse.jetty.io.nio.SslConnection.unwrap(SslConnection.java:536)
>       at 
> org.eclipse.jetty.io.nio.SslConnection.process(SslConnection.java:401)
>       at org.eclipse.jetty.io.nio.SslConnection.handle(SslConnection.java:193)
>       at 
> org.eclipse.jetty.io.nio.SelectChannelEndPoint.handle(SelectChannelEndPoint.java:668)
>       at 
> org.eclipse.jetty.io.nio.SelectChannelEndPoint$1.run(SelectChannelEndPoint.java:52)
>       at winstone.BoundedExecutorService$1.run(BoundedExecutorService.java:77)
>       at 
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
>       at 
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
>       at java.lang.Thread.run(Thread.java:745)
> Caused by: java.security.ProviderException: java.security.KeyException
>       at 
> sun.security.ec.ECKeyPairGenerator.generateKeyPair(ECKeyPairGenerator.java:146)
>       at 
> java.security.KeyPairGenerator$Delegate.generateKeyPair(KeyPairGenerator.java:687)
>       at sun.security.ssl.ECDHCrypt.<init>(ECDHCrypt.java:63)
>       at 
> sun.security.ssl.ServerHandshaker.setupEphemeralECDHKeys(ServerHandshaker.java:1316)
>       at 
> sun.security.ssl.ServerHandshaker.trySetCipherSuite(ServerHandshaker.java:1115)
>       at 
> sun.security.ssl.ServerHandshaker.chooseCipherSuite(ServerHandshaker.java:942)
>       at 
> sun.security.ssl.ServerHandshaker.clientHello(ServerHandshaker.java:675)
>       at 
> sun.security.ssl.ServerHandshaker.processMessage(ServerHandshaker.java:213)
>       at sun.security.ssl.Handshaker.processLoop(Handshaker.java:901)
>       at sun.security.ssl.Handshaker$1.run(Handshaker.java:841)
>       at sun.security.ssl.Handshaker$1.run(Handshaker.java:839)
>       at java.security.AccessController.doPrivileged(Native Method)
>       at sun.security.ssl.Handshaker$DelegatedTask.run(Handshaker.java:1273)
>       at 
> org.eclipse.jetty.io.nio.SslConnection.process(SslConnection.java:375)
>       at 
> org.eclipse.jetty.io.nio.SslConnection.access$900(SslConnection.java:48)
>       at 
> org.eclipse.jetty.io.nio.SslConnection$SslEndPoint.fill(SslConnection.java:678)
>       at org.eclipse.jetty.http.HttpParser.fill(HttpParser.java:1044)
>       at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:280)
>       at org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:235)
>       at 
> org.eclipse.jetty.server.AsyncHttpConnection.handle(AsyncHttpConnection.java:82)
>       at org.eclipse.jetty.io.nio.SslConnection.handle(SslConnection.java:196)
>       ... 6 more
> Caused by: java.security.KeyException
>       at sun.security.ec.ECKeyPairGenerator.generateECKeyPair(Native Method)
>       at 
> sun.security.ec.ECKeyPairGenerator.generateKeyPair(ECKeyPairGenerator.java:126)
>       ... 26 more
>
>
> Exception from CLI:
> [root@java16-master-jenkins-https-new ~]# java -jar jenkins-cli.jar -s 
> https://localhost -noCertificateCheck help
> Skipping HTTPS certificate checks altogether. Note that this is not secure at 
> all.
> Exception in thread "main" java.io.IOException: Failed to connect to 
> https://localhost/
>       at hudson.cli.CLI.getCliTcpPort(CLI.java:271)
>       at hudson.cli.CLI.<init>(CLI.java:126)
>       at hudson.cli.CLIConnectionFactory.connect(CLIConnectionFactory.java:72)
>       at hudson.cli.CLI._main(CLI.java:471)
>       at hudson.cli.CLI.main(CLI.java:387)
>       Suppressed: javax.net.ssl.SSLHandshakeException: Remote host closed 
> connection during handshake
>               at 
> sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:953)
>               at 
> sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1332)
>               at 
> sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1359)
>               at 
> sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1343)
>               at 
> sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:563)
>               at 
> sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
>               at 
> sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:1092)
>               at 
> sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(HttpsURLConnectionImpl.java:250)
>               at 
> hudson.cli.FullDuplexHttpStream.<init>(FullDuplexHttpStream.java:77)
>               at hudson.cli.CLI.connectViaHttp(CLI.java:156)
>               at hudson.cli.CLI.<init>(CLI.java:130)
>               ... 3 more
>       Caused by: java.io.EOFException: SSL peer shut down incorrectly
>               at sun.security.ssl.InputRecord.read(InputRecord.java:482)
>               at 
> sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:934)
>               ... 13 more
> Caused by: javax.net.ssl.SSLHandshakeException: Remote host closed connection 
> during handshake
>       at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:953)
>       at 
> sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1332)
>       at 
> sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1359)
>       at 
> sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1343)
>       at 
> sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:563)
>       at 
> sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
>       at 
> sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(HttpsURLConnectionImpl.java:153)
>       at hudson.cli.CLI.getCliTcpPort(CLI.java:269)
>       ... 4 more
> Caused by: java.io.EOFException: SSL peer shut down incorrectly
>       at sun.security.ssl.InputRecord.read(InputRecord.java:482)
>       at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:934)
>       ... 11 more
>
>
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-users/bf796d69-a4d7-4888-a8b3-61713c191f43%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Reply via email to