support for TLS v1.2

[Finkregh]

Hi, i try to connect to a mattermost-host which only supports TLS v1.1/v1.2 and i always get a javax.net.ssl.SSLException: Received fatal alert: protocol_version

Adding -Ddeployment.security.SSLv2Hello=false -Ddeployment.security.SSLv3=false -Ddeployment.security.TLSv1=false -Ddeployment.security.TLSv1.1=true -Ddeployment.security.TLSv1.2=true to jenkins' java-cmd did not help. Adding -Dhttps.protocols=TLSv1.2 to the global MAVEN_OPTS did also not fix anything.

Any idea?

[jovandeginste]

What version of Java are you using?

I see some other possible parameters, as in http://stackoverflow.com/a/37425048/4508078

If I understand correctly, TLSv1 is potentially equivalent to TLSv1.* (so you may need to be explicit about TLSv1.0)

[Finkregh]

# java -version
java version "1.7.0_111"
OpenJDK Runtime Environment (IcedTea 2.6.7) (7u111-2.6.7-1~deb8u1)
OpenJDK 64-Bit Server VM (build 24.111-b01, mixed mode)

I added -Djdk.tls.client.protocols=TLSv1 to jenkins' options and still have the same error... Btw, i use caddy as TLS-proxy.

[Jipos]

java 7 uses TLSv1 as it's default TLS protocol. This doesn't match the protocols supported by your mattermost host. You could try to override this default using: -Dhttps.protocols=TLSv1.1,TLSv1.2

Ref: https://blogs.oracle.com/java-platform-group/entry/diagnosing_tls_ssl_and_https

[jovandeginste]

@Finkregh did you have any progress here?

[jovandeginste]

I will close this now for lack of information. If anything new comes up, feel free to reopen!