Status: Closed (View Workflow)
P4 plugin 1.0.23
I am looking for central configuration for all p4 variables and using credentials plugin to provide all the values.
When I click on 'Test Connection' it gives me this error.
Unable to connect to: p4javassl://10.219.131.157:1666
Error occurred during the SSL handshake: invalid SSL session
Can you please suggest?
Thanks in advance
you need to update your jre/lib/security to get unlimited encryption policy. Here is link to oracle jre 7 http://www.oracle.com/technetwork/java/javase/downloads/jce-7-download-432124.html
Thanks, for the link. I noticed a warning when I started up Jenkins, but thought that it was the Jenkins build server that needed updating. Still I have updated my local Java security.
Just commenting in case anyone bangs their head against the wall receiving this message from a slave: You still need the JCE extensions on the Jenkins box itself.
Hi, what if I still have the same issue even if I tried all above?
My jenkins version is 2.235.1, I got Java 8.261, that should support 256 encryption by default.
I'm working on Windows 7 and trying to connect to an edge ssl server.
Is there a log I can see?
Possibly setting the JVM environment: -DsecureSocketEnabledProtocols=TLSv1.2 is required
The next release of P4Java will default to TLSv1.2 (compatibility with P4D 19.1 and greater)
Thanks for the fast reply.
I finally understood what I was missing. I didn't know that Jenkins has its own Jre.
So I downloaded the JCE from [link here|https://www.oracle.com/java/technologies/javase-jce-all-downloads.html] and replaced into Java_home\jre folder. Not in the default java installation.
Probably these arguments aren't needed.
<arguments>-DsecureSocketEnabledProtocols=TLSv1.2 -Xrs -Xmx256m -Dhudson.lifecycle=hudson.lifecycle.WindowsServiceLifecycle -Dmail.smtp.starttls.enable=true -jar "%BASE%\jenkins.war" --httpPort=8080 --webroot="%BASE%\war"</arguments>
I am using jdk 1.8.0_261 and I am having the same issue I have done all you mentioned before, the only thing is that I have not been able to find the own jenkins jre folder that Emanuele mentioned, where is that folder supposed to be? I have installed Jenkins from the war file and the installed it as a service. I have a .jenkins folder in my user folder but there is no jre folder at all. Thanks!
Jenkins can be installed/deployed in many different ways. Please take a look at the guide https://www.jenkins.io/doc/book/installing/ to find out how you installed it. For example: a package install on Ubuntu - the JAVA_ARGS can be modified in /etc/default/jenkins
I have been encountering the same issue while trying to establish a SSL connection with a Perforce server (v2018.1) running Jenkins on Windows using JRE 1.8.0_261 (build 1.8.0_261).
Jenkins version 2.235.5 is installed in %USERPROFILE%\.jenkins with the suggested plugins as well as P4 Plugin - the installation was done using the .war file as described on Jenkins installation page. The above JRE is the only JRE/JDK installed on the machine. P4 and P4V are also installed on the machine and they can successfully establish a connection.
On the server side, the min and max TLS versions that have been configured are respectively TLSv1.0 and TLSv1.2 (ssl.tls.version.min:10 (default) and ssl.tls.version.min:12 (default)).
As far as my understanding goes, this setup should not require to overwrite the crypto policies from the JRE using the JCE, since JRE 1.8.0_261 include and use the unlimited policies by default.
Moreover, with this setup, one should not have to pass as arguments -DsecureSocketEnabledProtocols=TLSv1.2 either (done in %USERPROFILE%\.jenkins\jenkins.xml) since TLSv1.2 is being used in the latest plugin version and it matches what is accepted on the server side.
Nevertheless, every time I fill a new credential (or update an existing one) and hit the Test connection button, the connection fails. I tried installing the JCE8 anyway (in C:\Program Files\Java\jre1.8.0_261\lib\security), but in vain. I encountered the same issue when passing -DsecureSocketEnabledProtocols=TLSv1.2 or -DsecureSocketEnabledProtocols=TLSv1.1 as arguments. And again the same one when using both at the same time.
Would you have any idea of what the issue could be here?
even if you say that JRE 1.8.0_261 (build 1.8.0_261) is the only one installed in your machine, I suggest you to double check the folder 'jre' in your %USERPROFILE%\.jenkins folder. I just upgraded to your very same version and I verified that inside my jenkins installation there is a folder named 'jre' whose file named 'release' says the version is 1.8.0_144, not 261 .
So if this is the case for you as well you have to install the policies inside that folder.
Hope that helps
Thank you for the reply.
I just double-checked and I couldn't find any jre folder in my %USERPROFILE%\.jenkins... I'll keep searching for it. If it helps, I have also tried to ensure the JRE 1.8.0_261 is used by specifying it as my java executable in %USERPROFILE%\.jenkins\jenkins.xml _(it is set to _C:\Program Files\Java\jre1.8.0_261\bin\java.exe). As a result java.home appears as such in Jenkins' System Information page. However, it doesn't solve the connection issue...
I tried as well to force the Java version as you did and got the same error. If you want to be 100% sure you may try to uninstall java from your PC completely.
If jenkins will be still working, as I expect, that means that it's not using your jre, but its.
Thanks a lot Emanuele, I hadn't thought of uninstalling my own Java installation to check for a local one in Jenkins. Unfortunately, after performing that step and canceling my changes in %USERPROFILE%\.jenkins\jenkins.xml, the Jenkins service does not start anymore (The Jenkins service could not be started. The service did not report an error_)._ I also performed some searches in the %USERPROFILE\.jenkins folder, but I could not find a jre directory or a java.exe executable file.
Since my last comment I also tried with a new installation of Jenkins (steps: installation of Java JRE 1.8.0_261 > download and launch of jenkins.war > installation of Jenkins as a service > installation of P4 plugin > test of SSL connection) on a clean machine, but the results were the same: no jre directory in %USERPROFILE%\.jenkins and same invalid SSL session error.
After downgrading both Jenkins (2.235.5 -> 2.235.1) and P4 Plugin (1.11.0 -> 1.10.4), I finally managed to establish an SSL connection to our server. Downgrading only one of them didn't work. My issue appears to be similar to this issue with Docker (
Hope this helps and many thanks for the replies until now!
Thanks a lot, this is very helpful, because I have 235.1 too, and now I know that I won't upgrade
I have made sure I have no other Jre installed too, I have Jenkins 2.235.5 and P4 plugin 1.11.0 but how can I downgrade or get an older version if I have not had it before?
Thanks a lot!
Actually, as highlighted by Paul and Karl in
JENKINS-63489, it might be due to your server not working properly with TLSv1.2 while P4Java uses it by default in P4 plugin 1.11.0 - it was the case for me as the version of our server is 2018.1 patch 1715250, which is older than the requirements set at 2018.1 patch 1805524 or greater.
You might want to force the TLS version to be TLSv1 as explained in https://community.perforce.com/s/article/2620. In other words, you might want to use -DsecureSocketEnabledProtocols=TLSv1 (not TLSv1.0, but TLSv1!) in your Java arguments, which for me have to be specified in %USERPROFILE%\jenkins.xml.
As I mentioned in the earlier ticket (https://issues.jenkins-ci.org/browse/JENKINS-63489?focusedCommentId=396376&page=com.atlassian.jira.plugin.system.issuetabpanels%3Acomment-tabpanel#comment-396376), I managed to use the latest versions of Java JRE, Jenkins and P4 plugin to establish a connection that way.
It should not be necessary as explained here above, and most likely not recommended, but in case you still want to use older versions of Jenkins and P4 plugin, here is where you can find them:
Jenkins past versions:https://get.jenkins.io/war-stable/
P4 Plugin past versions:https://updates.jenkins.io/download/plugins/p4/]. To install the past version of the plugin, you need to go into Manage Jenkins > Manage Plugins > Advanced > Upload plugin and upload it.
It is working now!, thanks a lot for taking the time to answer and explain everyting in detail, usually most of the people take for granted I have 10+ years of experience which is not the case (I have been using, or trying to use, jenkins for 2 weeks).
Your answer sorted all my doubts and jenkins is working now
Please check if your Perforce server has SSL enabled. The error suggests otherwise.
Run a p4 info and look for 'Server encryption: encrypted'. If the line is not present then you can't use SSL, just untick the box and try 'Test Connection'.