-
Bug
-
Resolution: Unresolved
-
Major
-
Jenkins ver. 2.170
Linux, Chrome 73.0.3683.86, IE 11.112.17134.0, Firefox 67.0b4 (64-bit)
Running from shell:
java -jar jenkins.war --httpPort=-1 --httpsPort=8443 --httpsKeyStore=jenkin.jks --httpsKeyStorePassword=TopSecret
Opening from Browser getting an error:
Chrome: ERR_SSL_VERSION_OR_CIPHER_MISMATCH
FireFox: Error code: SSL_ERROR_NO_CYPHER_OVERLAP
IE: Your TLS security settings aren’t set to the defaults
[JENKINS-56747] Error: ERR_SSL_VERSION_OR_CIPHER_MISMATCH
Component/s | New: core [ 15593 ] | |
Component/s | Original: security-inspector-plugin [ 21938 ] |
Labels | Original: security | New: regression security |
Description |
Original:
[Jenkins ver. 2.168|https://jenkins.io/] Running from shell: java -jar jenkins.war --httpPort=-1 --httpsPort=8443 --httpsKeyStore=jenkin.jks --httpsKeyStorePassword=TopSecret Opening from Browser getting an error: Chrome: ERR_SSL_VERSION_OR_CIPHER_MISMATCH FireFox: Error code: SSL_ERROR_NO_CYPHER_OVERLAP IE: Your TLS security settings aren’t set to the defaults |
New:
[Jenkins ver. 2.170|https://jenkins.io/] Running from shell: java -jar jenkins.war --httpPort=-1 --httpsPort=8443 --httpsKeyStore=jenkin.jks --httpsKeyStorePassword=TopSecret Opening from Browser getting an error: Chrome: ERR_SSL_VERSION_OR_CIPHER_MISMATCH FireFox: Error code: SSL_ERROR_NO_CYPHER_OVERLAP IE: Your TLS security settings aren’t set to the defaults |
Environment |
Original:
Jenkins ver. 2.168 Linux, Chrome 73.0.3683.86, IE 11.112.17134.0, Firefox 67.0b4 (64-bit) |
New:
Jenkins ver. 2.170 Linux, Chrome 73.0.3683.86, IE 11.112.17134.0, Firefox 67.0b4 (64-bit) |
Assignee | Original: Gil Br [ gberesta71 ] | New: Olivier Lamy [ olamy ] |
Attachment | Original: IE_SSL_HTTPS.jpg [ 46555 ] |
Attachment | Original: FF_SSL_HTTPS.jpg [ 46556 ] |
Attachment | Original: Chrome_SSL_HTTPS.jpg [ 46557 ] |
Comment |
[ h2. Running: java -jar jenkins.war --httpPort=-1 --httpsPort=8443 I get the Error: {color:#FF0000}*NET::ERR_CERT_AUTHORITY_INVALID*{color} Subject: Test site Issuer: Test site Expires on: 2 באפר׳ 2029 Current date: 5 באפר׳ 2019 PEM encoded chain:-----BEGIN CERTIFICATE----- <Lines Removed> -----END CERTIFICATE----- h2. Running: *keytool -list -v -keystore* key.jks Keystore type: JKS Keystore provider: SUN Your keystore contains 1 entry Alias name: rtcbuild_jenkins Creation date: Mar 19, 2019 Entry type: trustedCertEntry Owner: CN=rtcbuild.orbotech.org, OU=FPD, O=Orbotech.org, L=Yavne, ST=Israel, C=IL Issuer: CN=subcait-isl, DC=orbotech, DC=org Valid from: Tue Mar 19 15:30:37 IST 2019 until: Sun Mar 17 15:30:37 IST 2024 Signature algorithm name: SHA256withRSA Version: 3 SubjectAlternativeName [ DNSName: rtcbuild.orbotech.org ] CRLDistributionPoints [ [DistributionPoint: [URIName: ldap:///CN=subcait-isl,CN=subcait-isl,CN=CDP,CN=Public%20Key%20Services,CN=Services,CN=Configuration,DC=orbotech,DC=org?certificateRevocationList?base?objectClass=cRLDistributionPoint, URIName: http://orb-crl1.orbotech.com/crl/subcait-isl.crl, URIName: http://orb-crl2.orbotech.com/crl/subcait-isl.crl] ]] AuthorityInfoAccess [ [ accessMethod: caIssuers accessLocation: URIName: ldap:///CN=subcait-isl,CN=AIA,CN=Public%20Key%20Services,CN=Services,CN=Configuration,DC=orbotech,DC=org?cACertificate?base?objectClass=certificationAuthority , accessMethod: ocsp accessLocation: URIName: http://orb-crl1.orbotech.com/crl/subcait-isl.orbotech.org_subcait-isl(1).crt , accessMethod: ocsp accessLocation: URIName: http://orb-crl2.orbotech.com/crl/subcait-isl.orbotech.org_subcait-isl(1).crt ] ] _________ Please advise ] |