Karl Wirth added a comment - 2020-08-25 08:31 The new version of the plugin upgraded the base TLS version used. From the release notes:     https://github.com/jenkinsci/p4-plugin/blob/master/RELEASE.md           P4Java now defaults to TLSv1.2 for SSL connections (previously TLSv1) to use an older version please refer to our KB article . Its possible that your P4D server does not support TLSv1.2 or has been fixed at TSLv1 so you may need to try the workaround mention in the KB article to downgrade the version of TLS used by P4Jenkins.

Karl Wirth added a comment - 2020-08-26 08:36 - edited Additional note. TLS 1.2 support was added in Perforce in 2016.2   2018.1 (See Paul's comment below): Bugs fixed in 2016.2 Patch 2 #1481077, #1481305, #1483342 (Bugs #89051, #90160) * ** *** SSL connections now allow use of TLSv1.1 and TLSv1.2 in addition to the existing support for TLSv1.0. Clients and servers will choose the highest TLS version supported by both ends of the connection; thus old clients and old servers will always use TLSv1.0, and by default new clients connecting to new servers will use TLSv1.2. Two new configurables are provided to restrict the allowed TLS versions when a new client connnects to a new server: ssl.tls.version.min [ default =10] ssl.tls.version.max [ default =12] These default settings allow TLSv1.0, TLSv1.1, and TLSv1.2. Each of these configurables can take one of the following values: 10 specifies TLSv1.0 11 specifies TLSv1.1 12 specifies TLSv1.2 ssl.tls.version.min specifies the lowest TLS version that will be accepted, and ssl.tls.version.max specifies the highest TLS version that will be accepted. Changes to these configurables on a server will not take effect until the server is restarted. Thus, to force use of a new client, the server can set ssl.tls.version.min=11 (or 12) because old clients support only TLSv1.0. To force the use of TLSv1.1, set ssl.tls.version.min=11 ssl.tls.version.max=11 To force the use of TLSv1.2, set ssl.tls.version.min=12 ssl.tls.version.max=12 To allow TLSv1.1 or TLSv1.2 but exclude TLSv1.0, set ssl.tls.version.min=11 ssl.tls.version.max=12 These configurables are designed to allow the server to restrict the set of allowed TLS protocol versions, but they can be used by clients as well; this is probably useful mostly for testing, although it can be use to prevent connecting to potentially vulnerable servers. When used by a client these configurables specify the lowest and highest TLS versions that will be offered. Values of either configurable outside of the legal range will be treated as if they were pinned to the nearest end of the range. Thus values below 10 will be treated as 10; values above 12 will be treated as 12. Be careful not to set ssl.tls.version.min > ssl.tls.version.max because then no clients will be able to connect. In this case you will need to change these settings on the command line, e.g.: p4d -c "set ssl.tls.version.min=10" p4d -c "set ssl.tls.version.max=12" and then restart the server. Note that if there are no allowed TLS versions common to the client and the server, or if the server is not using SSL, then the client will get an error similar to this : Perforce client error: SSL connect to ssl:host:1666 failed (Connection reset by peer). Remove SSL protocol prefix from P4PORT or fix the TLS settings. If the client or server does not offer any protocol versions (eg, because the client set ssl.tls.version.min > ssl.tls.version.max) then the client will get an error similar to this : Perforce client error: SSL protocol: error:14077102:SSL routines: SSL23_GET_SERVER_HELLO:unsupported protocol: There are only two lines in this error message; the actual error has the "SSL protocol:" line and the "GET_SERVER_HELLO" line on a single line, but they are split here for readability. End of standard maintenance support for P4D 2016.2 was Nov 8, 2018:    https://www.perforce.com/maintenance-support  

Kevin Dethoor added a comment - 2020-08-26 10:19 Hi, I found this issue from JENKINS-26176 . As I originally posted there, I encountered the same problems testing SSL connections in Jenkins P4 credential page with Java JRE 1.8.0_261, Jenkins 2.235.5 installed from the war file, P4 Plugin 1.11.0 and a Perforce server 2018.1 (TLS min: 1.0, TLS max: 1.2). I tried the solutions on the KB page, but they didn't work for me. Eventually, downgrading both Jenkins (2.235.5 -> 2.235.1) and the P4 Plugin (1.11.0 -> 1.10.4) did the trick and allowed me to establish a connection. Hope this information helps.

Paul Allen added a comment - 2020-08-26 12:24 You need a P4D Server 18.1 or greater with the patch version greater than 1805524 #1805524 (Job #97669) * ** *** **** SSL connections that negotiated with TLS 1.1 and above handshakes were rejected as plaintext. This has been fixed. Note that successful negotiation would still result in the use up to TLS 1.2 regardless of the version used for negotiation.

Kevin Dethoor added a comment - 2020-08-27 05:13 Hi Paul and Karl, Thank you very much for your help. It was indeed an issue with our server version (2018.1 patch 1715250). I was able to establish a connection using Java 1.8.0_261, Jenkins 2.235.5, P4 Plugin 1.11.0 and adding -DsecureSocketEnabledProtocols=TLSv1 to my Java arguments as prescribed in Perforce Knowledgebase ( https://community.perforce.com/s/article/2620 ). I thought I had tried that previously but I made the mistake of specifying TLSv1.0 instead of TLSv1. With TLSv1, everything works as expected. Many thanks again.  

Karl Wirth added a comment - 2020-08-27 07:54 Hi Kevin Dethoor ,   Thanks and happy to help. Also this has highlighted a problem with our older release notes so we've got the developers investigating so thanks again.   Regards, Karl