-
Bug
-
Resolution: Fixed
-
Major
-
None
-
Jenkins 1.580.1
JRE 1.7
P4 plugin 1.0.23
Ubuntu 12.04
I am looking for central configuration for all p4 variables and using credentials plugin to provide all the values.
When I click on 'Test Connection' it gives me this error.
Unable to connect to: p4javassl://10.219.131.157:1666
Error occurred during the SSL handshake: invalid SSL session
Can you please suggest?
Thanks in advance
Manohar
[JENKINS-26176] P4 plugin: Error Error occurred during the SSL handshake: invalid SSL session
Emanuele Russo
added a comment - Hi,
even if you say that JRE 1.8.0_261 (build 1.8.0_261) is the only one installed in your machine, I suggest you to double check the folder 'jre' in your %USERPROFILE%\.jenkins folder. I just upgraded to your very same version and I verified that inside my jenkins installation there is a folder named 'jre' whose file named 'release' says the version is 1.8.0_144, not 261 .
So if this is the case for you as well you have to install the policies inside that folder.
Hope that helps
Emanuele Russo
added a comment - Hi,
even if you say that JRE 1.8.0_261 (build 1.8.0_261) is the only one installed in your machine, I suggest you to double check the folder 'jre' in your %USERPROFILE%\.jenkins folder. I just upgraded to your very same version and I verified that inside my jenkins installation there is a folder named 'jre' whose file named 'release' says the version is 1.8.0_144, not 261 .
So if this is the case for you as well you have to install the policies inside that folder.
Hope that helps 
Kevin Dethoor
added a comment - Hi Emanuele,
Thank you for the reply.
I just double-checked and I couldn't find any jre folder in my %USERPROFILE%\.jenkins... I'll keep searching for it. If it helps, I have also tried to ensure the JRE 1.8.0_261 is used by specifying it as my java executable in %USERPROFILE%\.jenkins\jenkins.xml _(it is set to _C:\Program Files\Java\jre1.8.0_261\bin\java.exe). As a result java.home appears as such in Jenkins' System Information page. However, it doesn't solve the connection issue...
Kevin Dethoor
added a comment - Hi Emanuele,
Thank you for the reply.
I just double-checked and I couldn't find any jre folder in my %USERPROFILE%\.jenkins ... I'll keep searching for it. If it helps, I have also tried to ensure the JRE 1.8.0_261 is used by specifying it as my java executable in %USERPROFILE%\.jenkins\jenkins.xml _( it is set to _C:\Program Files\Java\jre1.8.0_261\bin\java.exe ). As a result java.home appears as such in Jenkins' System Information page. However, it doesn't solve the connection issue... Emanuele Russo
added a comment - I tried as well to force the Java version as you did and got the same error. If you want to be 100% sure you may try to uninstall java from your PC completely.
If jenkins will be still working, as I expect, that means that it's not using your jre, but its.
Emanuele Russo
added a comment - I tried as well to force the Java version as you did and got the same error. If you want to be 100% sure you may try to uninstall java from your PC completely.
If jenkins will be still working, as I expect, that means that it's not using your jre, but its. Kevin Dethoor
added a comment - Thanks a lot Emanuele, I hadn't thought of uninstalling my own Java installation to check for a local one in Jenkins. Unfortunately, after performing that step and canceling my changes in %USERPROFILE%\.jenkins\jenkins.xml, the Jenkins service does not start anymore (The Jenkins service could not be started. The service did not report an error_)._ I also performed some searches in the %USERPROFILE\.jenkins folder, but I could not find a jre directory or a java.exe executable file.
Since my last comment I also tried with a new installation of Jenkins (steps: installation of Java JRE 1.8.0_261 > download and launch of jenkins.war > installation of Jenkins as a service > installation of P4 plugin > test of SSL connection) on a clean machine, but the results were the same: no jre directory in %USERPROFILE%\.jenkins and same invalid SSL session error.
Kevin Dethoor
added a comment - Thanks a lot Emanuele, I hadn't thought of uninstalling my own Java installation to check for a local one in Jenkins. Unfortunately, after performing that step and canceling my changes in %USERPROFILE%\.jenkins\jenkins.xml , the Jenkins service does not start anymore (The Jenkins service could not be started. The service did not report an error_)._ I also performed some searches in the %USERPROFILE\.jenkins folder, but I could not find a jre directory or a java.exe executable file.
Since my last comment I also tried with a new installation of Jenkins (steps: installation of Java JRE 1.8.0_261 > download and launch of jenkins.war > installation of Jenkins as a service > installation of P4 plugin > test of SSL connection) on a clean machine, but the results were the same: no jre directory in %USERPROFILE%\.jenkins and same invalid SSL session error . Kevin Dethoor
added a comment - After downgrading both Jenkins (2.235.5 -> 2.235.1) and P4 Plugin (1.11.0 -> 1.10.4), I finally managed to establish an SSL connection to our server. Downgrading only one of them didn't work. My issue appears to be similar to this issue with Docker (JENKINS-63489).
Hope this helps and many thanks for the replies until now!
Kevin Dethoor
added a comment - After downgrading both Jenkins (2.235.5 -> 2.235.1) and P4 Plugin (1.11.0 -> 1.10.4), I finally managed to establish an SSL connection to our server. Downgrading only one of them didn't work. My issue appears to be similar to this issue with Docker ( JENKINS-63489 ).
Hope this helps and many thanks for the replies until now! Emanuele Russo
added a comment - Thanks a lot, this is very helpful, because I have 235.1 too, and now I know that I won't upgrade 
Emanuele Russo
added a comment - Thanks a lot, this is very helpful, because I have 235.1 too, and now I know that I won't upgrade I have made sure I have no other Jre installed too, I have Jenkins 2.235.5 and P4 plugin 1.11.0 but how can I downgrade or get an older version if I have not had it before?
Thanks a lot!
jesus fernandez
added a comment - - edited I have made sure I have no other Jre installed too, I have Jenkins 2.235.5 and P4 plugin 1.11.0 but how can I downgrade or get an older version if I have not had it before?
Thanks a lot! Hi Jesus,
Actually, as highlighted by Paul and Karl in JENKINS-63489, it might be due to your server not working properly with TLSv1.2 while P4Java uses it by default in P4 plugin 1.11.0 - it was the case for me as the version of our server is 2018.1 patch 1715250, which is older than the requirements set at 2018.1 patch 1805524 or greater.
You might want to force the TLS version to be TLSv1 as explained in https://community.perforce.com/s/article/2620. In other words, you might want to use -DsecureSocketEnabledProtocols=TLSv1 (not TLSv1.0, but TLSv1!) in your Java arguments, which for me have to be specified in %USERPROFILE%\jenkins.xml.
As I mentioned in the earlier ticket (https://issues.jenkins-ci.org/browse/JENKINS-63489?focusedCommentId=396376&page=com.atlassian.jira.plugin.system.issuetabpanels%3Acomment-tabpanel#comment-396376), I managed to use the latest versions of Java JRE, Jenkins and P4 plugin to establish a connection that way.
It should not be necessary as explained here above, and most likely not recommended, but in case you still want to use older versions of Jenkins and P4 plugin, here is where you can find them:
Jenkins past versions:https://get.jenkins.io/war-stable/
P4 Plugin past versions:https://updates.jenkins.io/download/plugins/p4/]. To install the past version of the plugin, you need to go into Manage Jenkins > Manage Plugins > Advanced > Upload plugin and upload it.
Kevin Dethoor
added a comment - - edited Hi Jesus,
Actually, as highlighted by Paul and Karl in JENKINS-63489 , it might be due to your server not working properly with TLSv1.2 while P4Java uses it by default in P4 plugin 1.11.0 - it was the case for me as the version of our server is 2018.1 patch 1715250, which is older than the requirements set at 2018.1 patch 1805524 or greater.
You might want to force the TLS version to be TLSv1 as explained in https://community.perforce.com/s/article/2620. In other words, you might want to use -DsecureSocketEnabledProtocols=TLSv1 (not TLSv1.0, but TLSv1!) in your Java arguments, which for me have to be specified in %USERPROFILE%\jenkins.xml .
As I mentioned in the earlier ticket ( https://issues.jenkins-ci.org/browse/JENKINS-63489?focusedCommentId=396376&page=com.atlassian.jira.plugin.system.issuetabpanels%3Acomment-tabpanel#comment-396376 ), I managed to use the latest versions of Java JRE, Jenkins and P4 plugin to establish a connection that way.
It should not be necessary as explained here above, and most likely not recommended, but in case you still want to use older versions of Jenkins and P4 plugin, here is where you can find them:
Jenkins past versions: https://get.jenkins.io/war-stable/
P4 Plugin past versions :https://updates.jenkins.io/download/plugins/p4/ ]. To install the past version of the plugin, you need to go into Manage Jenkins > Manage Plugins > Advanced > Upload plugin and upload it. Hi Kevin.
It is working now!, thanks a lot for taking the time to answer and explain everyting in detail, usually most of the people take for granted I have 10+ years of experience which is not the case (I have been using, or trying to use, jenkins for 2 weeks).
Your answer sorted all my doubts and jenkins is working now
jesus fernandez
added a comment - - edited Hi Kevin.
It is working now!, thanks a lot for taking the time to answer and explain everyting in detail, usually most of the people take for granted I have 10+ years of experience which is not the case (I have been using, or trying to use, jenkins for 2 weeks).
Your answer sorted all my doubts and jenkins is working now 
Hi,
I have been encountering the same issue while trying to establish a SSL connection with a Perforce server (v2018.1) running Jenkins on Windows using JRE 1.8.0_261 (build 1.8.0_261).
Jenkins version 2.235.5 is installed in %USERPROFILE%\.jenkins with the suggested plugins as well as P4 Plugin - the installation was done using the .war file as described on Jenkins installation page. The above JRE is the only JRE/JDK installed on the machine. P4 and P4V are also installed on the machine and they can successfully establish a connection.
On the server side, the min and max TLS versions that have been configured are respectively TLSv1.0 and TLSv1.2 (ssl.tls.version.min:10 (default) and ssl.tls.version.min:12 (default)).
As far as my understanding goes, this setup should not require to overwrite the crypto policies from the JRE using the JCE, since JRE 1.8.0_261 include and use the unlimited policies by default.
Moreover, with this setup, one should not have to pass as arguments -DsecureSocketEnabledProtocols=TLSv1.2 either (done in %USERPROFILE%\.jenkins\jenkins.xml) since TLSv1.2 is being used in the latest plugin version and it matches what is accepted on the server side.
Nevertheless, every time I fill a new credential (or update an existing one) and hit the Test connection button, the connection fails. I tried installing the JCE8 anyway (in C:\Program Files\Java\jre1.8.0_261\lib\security), but in vain. I encountered the same issue when passing -DsecureSocketEnabledProtocols=TLSv1.2 or -DsecureSocketEnabledProtocols=TLSv1.1 as arguments. And again the same one when using both at the same time.
Would you have any idea of what the issue could be here?
Many thanks!