Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-53029

Does anyone know if Jenkins supports IBM J9 plus TLSv1.2 ?

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Won't Fix
    • Icon: Major Major
    • core

      Previously I used Jenkins+Oracle JRE 1.8, it works with TLSv1.2, but when I run the Jenkins jobs from UCD, it shows the java version is not compatible. So I switched java to IBM J9 JRE 1.8, generated and imported the certificate on Jenkins keystore and java keystore. The jenkins can be started with the argument "--httpsKeyManagerType=IbmX509", but the SSL (TLSv1.2) is not working , so the https url cannot be accessed.

      Below is some error information from Jenkins server command:
      openssl s_client -connect my_jenkins_host :8443
      CONNECTED(00000003)
      140241296922440:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure:s23_clnt.c:744:

      no peer certificate available

      No client certificate CA names sent

      SSL handshake has read 7 bytes and written 247 bytes

      New, (NONE), Cipher is (NONE)
      Secure Renegotiation IS NOT supported
      Compression: NONE
      Expansion: NONE

      java -jar jenkins-cli.jar -s https://my_jenkins_host:8443 build df_test -s -v --username me_admin --password tivoli4u
      javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
      at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
      at sun.security.ssl.Alerts.getSSLException(Alerts.java:154)
      at sun.security.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:2033)
      at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1135)
      at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1385)
      at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1413)
      at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1397)
      at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:559)
      at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
      at sun.net.www.protocol.http.HttpURLConnection.getOutputStream0(HttpURLConnection.java:1334)
      at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:1309)
      at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(HttpsURLConnectionImpl.java:259)
      at hudson.cli.FullDuplexHttpStream.<init>(FullDuplexHttpStream.java:100)
      at hudson.cli.CLI.plainHttpConnection(CLI.java:652)
      at hudson.cli.CLI._main(CLI.java:612)
      at hudson.cli.CLI.main(CLI.java:426)

          [JENKINS-53029] Does anyone know if Jenkins supports IBM J9 plus TLSv1.2 ?

          Oleg Nenashev added a comment -

          Technically it does. Practically - not sure about this particular issue

          Oleg Nenashev added a comment - Technically it does. Practically - not sure about this particular issue

          Jacky Bie added a comment -

          oleg_nenashev Thanks for your comments ! Do you have any suggestion on how to fix this issue ?

          Jacky Bie added a comment - oleg_nenashev Thanks for your comments ! Do you have any suggestion on how to fix this issue ?

          Oleg Nenashev added a comment -

          For starters, which versions of Jwnkins CLI and Jenkins do you use?

          Oleg Nenashev added a comment - For starters, which versions of Jwnkins CLI and Jenkins do you use?

          Jacky Bie added a comment -

          Hello Oleg,

          The Jenkins version we used is: 2.121.1

          Jacky Bie added a comment - Hello Oleg, The Jenkins version we used is: 2.121.1

          Mark Waite added a comment -

          Wouldn't it be better to define an IBM J9 JDK as a tool that can be used for the jobs which need the J9 JDK? That will avoid you being on the "cutting edge" of determining all the ways that the IBM J9 JDK surprises Jenkins.

          Mark Waite added a comment - Wouldn't it be better to define an IBM J9 JDK as a tool that can be used for the jobs which need the J9 JDK? That will avoid you being on the "cutting edge" of determining all the ways that the IBM J9 JDK surprises Jenkins.

          Jacky Bie added a comment -

          Could you please provide us the details on how to define an IBM J9 JDK as a tool that can be used for the jobs which need the J9 JDK ? Thanks in advance !

          Jacky Bie added a comment - Could you please provide us the details on how to define an IBM J9 JDK as a tool that can be used for the jobs which need the J9 JDK ? Thanks in advance !

          Mark Waite added a comment - - edited

          The jenkins.io documentation includes a tutorial that shows how to use a Docker image inside a Pipeline to access a specific tool (like Maven). If IBM J9 JDK is available as a Docker image, that tutorial might be one technique to do it.

          Another technique is to open "Manage Jenkins" -> "Global Tool Configuration" and press the "JDK" button. That opens a section of the UI so that you can provide a zip or tar.gz file that will be unpacked on the agent when a tool of that label is used by a Freestyle or Pipeline job. If IBM J9 is provided as a zip or tar.gz, you could use that technique. Unfortunately, I did not find a tutorial that shows the technique.

          Mark Waite added a comment - - edited The jenkins.io documentation includes a tutorial that shows how to use a Docker image inside a Pipeline to access a specific tool (like Maven). If IBM J9 JDK is available as a Docker image, that tutorial might be one technique to do it. Another technique is to open "Manage Jenkins" -> "Global Tool Configuration" and press the "JDK" button. That opens a section of the UI so that you can provide a zip or tar.gz file that will be unpacked on the agent when a tool of that label is used by a Freestyle or Pipeline job. If IBM J9 is provided as a zip or tar.gz, you could use that technique. Unfortunately, I did not find a tutorial that shows the technique.

          Mark Waite added a comment -

          We've removed OpenJ9 images from the Jenkins Docker images so that we can focus our efforts on the Java 11 Hotspot JVM on multiple platforms. Beginning with Jenkins 2.307, the Jenkins controller Docker image supports s390x, ppc64le, arm64, and amd64.

          Mark Waite added a comment - We've removed OpenJ9 images from the Jenkins Docker images so that we can focus our efforts on the Java 11 Hotspot JVM on multiple platforms. Beginning with Jenkins 2.307, the Jenkins controller Docker image supports s390x, ppc64le, arm64, and amd64.

            Unassigned Unassigned
            jackybie2028 Jacky Bie
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated:
              Resolved: