+1 ! This post saved me hours of troubleshooting. I had a similar problem on CentOS 6.5 and NSS 3.15 - I was using the Github Authenticator plugin for Global Security on Jenkins and had this exception - Upgrading NSS to 3.19 solved the problem.
On Monday, December 21, 2015 at 11:38:47 PM UTC-8, Michael Massey wrote: > > I had the same issue with OpenJDK 1.7.0 on CentOS 6.5. Upgrading to nss > 3.19 fixed the issue. > Thanks for the inputs everyone. Thanks Lukasz. > > On Tuesday, October 27, 2015 at 7:50:02 PM UTC+5:30, Łukasz Korzybski > wrote: >> >> >> I had the same issue with OpenJDK 1.7.0 on CentOS 6.6. I had nss 3.16 and >> upgrading to nss 3.19 fixed the issue. >> >> >> On Thursday, 11 June 2015 16:08:46 UTC+1, Ari LiVigni wrote: >>> >>> I am having an issue with Java 1.7 and using self-signed cert it works >>> with Java 1.6 and an official certificate but in some cases we have test >>> Jenkins where we self sign. >>> >>> Is there a setting in the jenkins config to get around this issue? >>> Something that can be done with Jetty? >>> >>> Here are exceptions from the jenkins log and the cli >>> >>> https://paste.fedoraproject.org/231148/ >>> >>> Exception from Jenkins Log: >>> >>> Jun 10, 2015 6:06:21 PM org.eclipse.jetty.util.log.JavaUtilLog warn >>> WARNING: handle failed >>> java.lang.RuntimeException: java.security.KeyException >>> at sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1333) >>> at >>> sun.security.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:519) >>> at sun.security.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:799) >>> at sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:767) >>> at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:624) >>> at org.eclipse.jetty.io.nio.SslConnection.unwrap(SslConnection.java:536) >>> at >>> org.eclipse.jetty.io.nio.SslConnection.process(SslConnection.java:401) >>> at org.eclipse.jetty.io.nio.SslConnection.handle(SslConnection.java:193) >>> at >>> org.eclipse.jetty.io.nio.SelectChannelEndPoint.handle(SelectChannelEndPoint.java:668) >>> at >>> org.eclipse.jetty.io.nio.SelectChannelEndPoint$1.run(SelectChannelEndPoint.java:52) >>> at winstone.BoundedExecutorService$1.run(BoundedExecutorService.java:77) >>> at >>> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) >>> at >>> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) >>> at java.lang.Thread.run(Thread.java:745) >>> Caused by: java.security.ProviderException: java.security.KeyException >>> at >>> sun.security.ec.ECKeyPairGenerator.generateKeyPair(ECKeyPairGenerator.java:146) >>> at >>> java.security.KeyPairGenerator$Delegate.generateKeyPair(KeyPairGenerator.java:687) >>> at sun.security.ssl.ECDHCrypt.<init>(ECDHCrypt.java:63) >>> at >>> sun.security.ssl.ServerHandshaker.setupEphemeralECDHKeys(ServerHandshaker.java:1316) >>> at >>> sun.security.ssl.ServerHandshaker.trySetCipherSuite(ServerHandshaker.java:1115) >>> at >>> sun.security.ssl.ServerHandshaker.chooseCipherSuite(ServerHandshaker.java:942) >>> at >>> sun.security.ssl.ServerHandshaker.clientHello(ServerHandshaker.java:675) >>> at >>> sun.security.ssl.ServerHandshaker.processMessage(ServerHandshaker.java:213) >>> at sun.security.ssl.Handshaker.processLoop(Handshaker.java:901) >>> at sun.security.ssl.Handshaker$1.run(Handshaker.java:841) >>> at sun.security.ssl.Handshaker$1.run(Handshaker.java:839) >>> at java.security.AccessController.doPrivileged(Native Method) >>> at sun.security.ssl.Handshaker$DelegatedTask.run(Handshaker.java:1273) >>> at >>> org.eclipse.jetty.io.nio.SslConnection.process(SslConnection.java:375) >>> at >>> org.eclipse.jetty.io.nio.SslConnection.access$900(SslConnection.java:48) >>> at >>> org.eclipse.jetty.io.nio.SslConnection$SslEndPoint.fill(SslConnection.java:678) >>> at org.eclipse.jetty.http.HttpParser.fill(HttpParser.java:1044) >>> at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:280) >>> at org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:235) >>> at >>> org.eclipse.jetty.server.AsyncHttpConnection.handle(AsyncHttpConnection.java:82) >>> at org.eclipse.jetty.io.nio.SslConnection.handle(SslConnection.java:196) >>> ... 6 more >>> Caused by: java.security.KeyException >>> at sun.security.ec.ECKeyPairGenerator.generateECKeyPair(Native Method) >>> at >>> sun.security.ec.ECKeyPairGenerator.generateKeyPair(ECKeyPairGenerator.java:126) >>> ... 26 more >>> >>> >>> Exception from CLI: >>> [root@java16-master-jenkins-https-new ~]# java -jar jenkins-cli.jar -s >>> https://localhost -noCertificateCheck help >>> Skipping HTTPS certificate checks altogether. Note that this is not secure >>> at all. >>> Exception in thread "main" java.io.IOException: Failed to connect to >>> https://localhost/ >>> at hudson.cli.CLI.getCliTcpPort(CLI.java:271) >>> at hudson.cli.CLI.<init>(CLI.java:126) >>> at hudson.cli.CLIConnectionFactory.connect(CLIConnectionFactory.java:72) >>> at hudson.cli.CLI._main(CLI.java:471) >>> at hudson.cli.CLI.main(CLI.java:387) >>> Suppressed: javax.net.ssl.SSLHandshakeException: Remote host closed >>> connection during handshake >>> at >>> sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:953) >>> at >>> sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1332) >>> at >>> sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1359) >>> at >>> sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1343) >>> at >>> sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:563) >>> at >>> sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185) >>> at >>> sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:1092) >>> at >>> sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(HttpsURLConnectionImpl.java:250) >>> at >>> hudson.cli.FullDuplexHttpStream.<init>(FullDuplexHttpStream.java:77) >>> at hudson.cli.CLI.connectViaHttp(CLI.java:156) >>> at hudson.cli.CLI.<init>(CLI.java:130) >>> ... 3 more >>> Caused by: java.io.EOFException: SSL peer shut down incorrectly >>> at sun.security.ssl.InputRecord.read(InputRecord.java:482) >>> at >>> sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:934) >>> ... 13 more >>> Caused by: javax.net.ssl.SSLHandshakeException: Remote host closed >>> connection during handshake >>> at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:953) >>> at >>> sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1332) >>> at >>> sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1359) >>> at >>> sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1343) >>> at >>> sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:563) >>> at >>> sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185) >>> at >>> sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(HttpsURLConnectionImpl.java:153) >>> at hudson.cli.CLI.getCliTcpPort(CLI.java:269) >>> ... 4 more >>> Caused by: java.io.EOFException: SSL peer shut down incorrectly >>> at sun.security.ssl.InputRecord.read(InputRecord.java:482) >>> at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:934) >>> ... 11 more >>> >>> >>> >>> -- You received this message because you are subscribed to the Google Groups "Jenkins Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/75c7233e-eff5-4217-9540-b9f066b14a9a%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
