You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@maven.apache.org by "James Kionka (JIRA)" <ji...@codehaus.org> on 2012/10/25 23:13:13 UTC
[jira] (MNG-5363) Regression for SSLv3
James Kionka created MNG-5363:
---------------------------------
Summary: Regression for SSLv3
Key: MNG-5363
URL: https://jira.codehaus.org/browse/MNG-5363
Project: Maven 2 & 3
Issue Type: Bug
Components: Errors
Affects Versions: 3.0.4
Environment: Operation system independent, but tested on Macbook Pro with 10.6 and Red Hat Enterprise Linux 6 on a virtual machine.
Reporter: James Kionka
When attempting to access a Maven repository which uses SSLv3, you get the following error, "javax.net.ssl.SSLException: Received fatal alert: bad_record_mac".
Earlier versions of Maven used java.net.URLConnection which respects the https.protocols system property. This allowed us to set it to SSLv3, which is what our Maven repository uses. However, HttpClient ignores that property. In other situations, we programmatically tell HttpClient to use SSLv3, which we cannot do from our end.
You can find another person in the same situation here: http://stackoverflow.com/questions/12787657/received-fatal-alert-bad-record-mac-when-deploying-to-sonatype
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://jira.codehaus.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] (WAGON-383) Regression for SSLv3
Posted by "Olivier Lamy (JIRA)" <ji...@codehaus.org>.
[ https://jira.codehaus.org/browse/WAGON-383?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Olivier Lamy moved MNG-5363 to WAGON-383:
-----------------------------------------
Complexity: (was: Intermediate)
Component/s: (was: Errors)
wagon-http
Affects Version/s: (was: 3.0.4)
2.3
2.2
Key: WAGON-383 (was: MNG-5363)
Project: Maven Wagon (was: Maven 2 & 3)
> Regression for SSLv3
> --------------------
>
> Key: WAGON-383
> URL: https://jira.codehaus.org/browse/WAGON-383
> Project: Maven Wagon
> Issue Type: Bug
> Components: wagon-http
> Affects Versions: 2.2, 2.3
> Environment: Operation system independent, but tested on Macbook Pro with 10.6 and Red Hat Enterprise Linux 6 on a virtual machine.
> Reporter: James Kionka
> Priority: Critical
>
> When attempting to access a Maven repository which uses SSLv3, you get the following error, "javax.net.ssl.SSLException: Received fatal alert: bad_record_mac".
> Earlier versions of Maven used java.net.URLConnection which respects the https.protocols system property. This allowed us to set it to SSLv3, which is what our Maven repository uses. However, HttpClient ignores that property. In other situations, we programmatically tell HttpClient to use SSLv3, which we cannot do from our end.
> You can find another person in the same situation here: http://stackoverflow.com/questions/12787657/received-fatal-alert-bad-record-mac-when-deploying-to-sonatype
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://jira.codehaus.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] (WAGON-383) Regression for SSLv3
Posted by "Olivier Lamy (JIRA)" <ji...@codehaus.org>.
[ https://jira.codehaus.org/browse/WAGON-383?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Olivier Lamy updated WAGON-383:
-------------------------------
Fix Version/s: 2.4
> Regression for SSLv3
> --------------------
>
> Key: WAGON-383
> URL: https://jira.codehaus.org/browse/WAGON-383
> Project: Maven Wagon
> Issue Type: Bug
> Components: wagon-http
> Affects Versions: 2.2, 2.3
> Environment: Operation system independent, but tested on Macbook Pro with 10.6 and Red Hat Enterprise Linux 6 on a virtual machine.
> Reporter: James Kionka
> Priority: Critical
> Fix For: 2.4
>
>
> When attempting to access a Maven repository which uses SSLv3, you get the following error, "javax.net.ssl.SSLException: Received fatal alert: bad_record_mac".
> Earlier versions of Maven used java.net.URLConnection which respects the https.protocols system property. This allowed us to set it to SSLv3, which is what our Maven repository uses. However, HttpClient ignores that property. In other situations, we programmatically tell HttpClient to use SSLv3, which we cannot do from our end.
> You can find another person in the same situation here: http://stackoverflow.com/questions/12787657/received-fatal-alert-bad-record-mac-when-deploying-to-sonatype
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://jira.codehaus.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] (MNG-5363) Regression for SSLv3
Posted by "Gili (JIRA)" <ji...@codehaus.org>.
[ https://jira.codehaus.org/browse/MNG-5363?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=317616#comment-317616 ]
Gili commented on MNG-5363:
---------------------------
NOTE: The workaround of downgrading to 3.0.3 is not really an option. Having downgraded to 3.0.3 you will then run against this other major bug: MRELEASE-742 and I'm sure there are others.
Please schedule this issue for an upcoming release.
> Regression for SSLv3
> --------------------
>
> Key: MNG-5363
> URL: https://jira.codehaus.org/browse/MNG-5363
> Project: Maven 2 & 3
> Issue Type: Bug
> Components: Errors
> Affects Versions: 3.0.4
> Environment: Operation system independent, but tested on Macbook Pro with 10.6 and Red Hat Enterprise Linux 6 on a virtual machine.
> Reporter: James Kionka
> Priority: Critical
>
> When attempting to access a Maven repository which uses SSLv3, you get the following error, "javax.net.ssl.SSLException: Received fatal alert: bad_record_mac".
> Earlier versions of Maven used java.net.URLConnection which respects the https.protocols system property. This allowed us to set it to SSLv3, which is what our Maven repository uses. However, HttpClient ignores that property. In other situations, we programmatically tell HttpClient to use SSLv3, which we cannot do from our end.
> You can find another person in the same situation here: http://stackoverflow.com/questions/12787657/received-fatal-alert-bad-record-mac-when-deploying-to-sonatype
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://jira.codehaus.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] (MNG-5363) Regression for SSLv3
Posted by "David Phillips (JIRA)" <ji...@codehaus.org>.
[ https://jira.codehaus.org/browse/MNG-5363?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=315972#comment-315972 ]
David Phillips commented on MNG-5363:
-------------------------------------
This also occurs with 3.0.3:
{noformat}
Apache Maven 3.0.3 (r1075438; 2011-02-28 09:31:09-0800)
Maven home: /usr/share/maven
Java version: 1.7.0_07, vendor: Oracle Corporation
Java home: /Library/Java/JavaVirtualMachines/jdk1.7.0_07.jdk/Contents/Home/jre
Default locale: en_US, platform encoding: UTF-8
OS name: "mac os x", version: "10.8.2", arch: "x86_64", family: "mac"
{noformat}
> Regression for SSLv3
> --------------------
>
> Key: MNG-5363
> URL: https://jira.codehaus.org/browse/MNG-5363
> Project: Maven 2 & 3
> Issue Type: Bug
> Components: Errors
> Affects Versions: 3.0.4
> Environment: Operation system independent, but tested on Macbook Pro with 10.6 and Red Hat Enterprise Linux 6 on a virtual machine.
> Reporter: James Kionka
>
> When attempting to access a Maven repository which uses SSLv3, you get the following error, "javax.net.ssl.SSLException: Received fatal alert: bad_record_mac".
> Earlier versions of Maven used java.net.URLConnection which respects the https.protocols system property. This allowed us to set it to SSLv3, which is what our Maven repository uses. However, HttpClient ignores that property. In other situations, we programmatically tell HttpClient to use SSLv3, which we cannot do from our end.
> You can find another person in the same situation here: http://stackoverflow.com/questions/12787657/received-fatal-alert-bad-record-mac-when-deploying-to-sonatype
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://jira.codehaus.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] (WAGON-383) Regression for SSLv3
Posted by "Olivier Lamy (JIRA)" <ji...@codehaus.org>.
[ https://jira.codehaus.org/browse/WAGON-383?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Olivier Lamy closed WAGON-383.
------------------------------
Resolution: Fixed
Assignee: Olivier Lamy
> Regression for SSLv3
> --------------------
>
> Key: WAGON-383
> URL: https://jira.codehaus.org/browse/WAGON-383
> Project: Maven Wagon
> Issue Type: Bug
> Components: wagon-http
> Affects Versions: 2.2, 2.3
> Environment: Operation system independent, but tested on Macbook Pro with 10.6 and Red Hat Enterprise Linux 6 on a virtual machine.
> Reporter: James Kionka
> Assignee: Olivier Lamy
> Priority: Critical
> Fix For: 2.4
>
>
> When attempting to access a Maven repository which uses SSLv3, you get the following error, "javax.net.ssl.SSLException: Received fatal alert: bad_record_mac".
> Earlier versions of Maven used java.net.URLConnection which respects the https.protocols system property. This allowed us to set it to SSLv3, which is what our Maven repository uses. However, HttpClient ignores that property. In other situations, we programmatically tell HttpClient to use SSLv3, which we cannot do from our end.
> You can find another person in the same situation here: http://stackoverflow.com/questions/12787657/received-fatal-alert-bad-record-mac-when-deploying-to-sonatype
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://jira.codehaus.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] (WAGON-383) Regression for SSLv3
Posted by "Olivier Lamy (JIRA)" <ji...@codehaus.org>.
[ https://jira.codehaus.org/browse/WAGON-383?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=317770#comment-317770 ]
Olivier Lamy commented on WAGON-383:
------------------------------------
adding support of -Dhttps.protocols="SSLv3"
You can replace your wagon jar in $M2_HOME/lib/wagon-http-x.x-shaded.jar
With the last snapshot from https://repository.apache.org/content/groups/snapshots/org/apache/maven/wagon/wagon-http/2.4-SNAPSHOT/
build number must be >= 156.
And let me know if that work better.
Thanks
> Regression for SSLv3
> --------------------
>
> Key: WAGON-383
> URL: https://jira.codehaus.org/browse/WAGON-383
> Project: Maven Wagon
> Issue Type: Bug
> Components: wagon-http
> Affects Versions: 2.2, 2.3
> Environment: Operation system independent, but tested on Macbook Pro with 10.6 and Red Hat Enterprise Linux 6 on a virtual machine.
> Reporter: James Kionka
> Priority: Critical
>
> When attempting to access a Maven repository which uses SSLv3, you get the following error, "javax.net.ssl.SSLException: Received fatal alert: bad_record_mac".
> Earlier versions of Maven used java.net.URLConnection which respects the https.protocols system property. This allowed us to set it to SSLv3, which is what our Maven repository uses. However, HttpClient ignores that property. In other situations, we programmatically tell HttpClient to use SSLv3, which we cannot do from our end.
> You can find another person in the same situation here: http://stackoverflow.com/questions/12787657/received-fatal-alert-bad-record-mac-when-deploying-to-sonatype
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://jira.codehaus.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] (MNG-5363) Regression for SSLv3
Posted by "Robert Scholte (JIRA)" <ji...@codehaus.org>.
[ https://jira.codehaus.org/browse/MNG-5363?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Robert Scholte updated MNG-5363:
--------------------------------
Priority: Critical (was: Major)
> Regression for SSLv3
> --------------------
>
> Key: MNG-5363
> URL: https://jira.codehaus.org/browse/MNG-5363
> Project: Maven 2 & 3
> Issue Type: Bug
> Components: Errors
> Affects Versions: 3.0.4
> Environment: Operation system independent, but tested on Macbook Pro with 10.6 and Red Hat Enterprise Linux 6 on a virtual machine.
> Reporter: James Kionka
> Priority: Critical
>
> When attempting to access a Maven repository which uses SSLv3, you get the following error, "javax.net.ssl.SSLException: Received fatal alert: bad_record_mac".
> Earlier versions of Maven used java.net.URLConnection which respects the https.protocols system property. This allowed us to set it to SSLv3, which is what our Maven repository uses. However, HttpClient ignores that property. In other situations, we programmatically tell HttpClient to use SSLv3, which we cannot do from our end.
> You can find another person in the same situation here: http://stackoverflow.com/questions/12787657/received-fatal-alert-bad-record-mac-when-deploying-to-sonatype
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://jira.codehaus.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] (MNG-5363) Regression for SSLv3
Posted by "James Kionka (JIRA)" <ji...@codehaus.org>.
[ https://jira.codehaus.org/browse/MNG-5363?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=317745#comment-317745 ]
James Kionka commented on MNG-5363:
-----------------------------------
Gili, the link in your comment on 23/Dec/12 2:26 PM is correct. Hendy, I agree, all the SSL error messages I've seen are pretty terrible.
This ticket is more or less independent of deploying to oss.sonatype.org. Based on the error description and attempted fixes on the stackoverflow page, it sounds almost exactly like this problem. The one part that does not make sense is that their deployments failed only sometimes. Our problem is repeatable. I figured their problem was intermittent from a load balancer which was sometimes sent the client to an SSLv3 server. However, based on Roberto's comments and the current evidence, these problems are not related as it originally seemed.
Our team at work was able to handle the Java SSLv3 issues for java.net.URLConnection using:
-Dhttps.protocols="SSLv3"
or
System.setProperty("https.protocols", "SSLv3");
This how we worked out the issue before Maven made the switch to HttpClient in 3.0.4. HttpClient does not respect this setting.
When we use HttpClient in our other projects, we have a method named getSslv3SocketFactory() which creates a generic SocketFactory with the method on it.
private void setSslv3Protocol(SSLSocket sslSocket) {
sslSocket.setEnabledProtocols(new String[] { "SSLv3" });
}
We then create ThreadSafeClientConnManager using our SocketFactory. (Apparently, it is now called PoolingClientConnectionManager.)
How to create that object is explained in "2.8.4. Pooling connection manager":
https://hc.apache.org/httpcomponents-client-ga/tutorial/html/connmgmt.html
Javadoc for PoolingClientConnectionManager:
https://hc.apache.org/httpcomponents-client-ga/httpclient/apidocs/org/apache/http/impl/conn/PoolingClientConnectionManager.html
This is obviously a frustrating solution, but there were no other options. Part of life is that web browsers handle SSL better than Java, and HttpClient did not feel like this was something they'd like to make easy.
Some more background is available at:
http://stackoverflow.com/questions/2159586/jsse-handshake-failure-on-public-https-web-site
http://docs.oracle.com/javase/1.4.2/docs/guide/plugin/developer_guide/faq/troubleshooting.html
http://httpcomponents.10934.n7.nabble.com/Fwd-Httpclient-sslv3-amp-bad-record-mac-error-td16136.html#a21999553
Maven could really use a way to specify what https protocols to respect, one way or another, since there is currently no way to do so as of 3.0.4. This could be done in a lot of different ways, but respecting the System Property seems like a clean solution to me at this time.
> Regression for SSLv3
> --------------------
>
> Key: MNG-5363
> URL: https://jira.codehaus.org/browse/MNG-5363
> Project: Maven 2 & 3
> Issue Type: Bug
> Components: Errors
> Affects Versions: 3.0.4
> Environment: Operation system independent, but tested on Macbook Pro with 10.6 and Red Hat Enterprise Linux 6 on a virtual machine.
> Reporter: James Kionka
> Priority: Critical
>
> When attempting to access a Maven repository which uses SSLv3, you get the following error, "javax.net.ssl.SSLException: Received fatal alert: bad_record_mac".
> Earlier versions of Maven used java.net.URLConnection which respects the https.protocols system property. This allowed us to set it to SSLv3, which is what our Maven repository uses. However, HttpClient ignores that property. In other situations, we programmatically tell HttpClient to use SSLv3, which we cannot do from our end.
> You can find another person in the same situation here: http://stackoverflow.com/questions/12787657/received-fatal-alert-bad-record-mac-when-deploying-to-sonatype
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://jira.codehaus.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] (WAGON-383) Regression for SSLv3
Posted by "Jesse Glick (JIRA)" <ji...@codehaus.org>.
[ https://jira.codehaus.org/browse/WAGON-383?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=317776#comment-317776 ]
Jesse Glick commented on WAGON-383:
-----------------------------------
Even assuming that Wagon/HttpClient is made to respect {{https.protocols}}, this is hardly friendly. Is it possible for Wagon to detect the probable symptoms of this error and automatically retry the connection while forcing SSLv3 handshakes, rather than making the user spend an hour with Google finding the workaround?
> Regression for SSLv3
> --------------------
>
> Key: WAGON-383
> URL: https://jira.codehaus.org/browse/WAGON-383
> Project: Maven Wagon
> Issue Type: Bug
> Components: wagon-http
> Affects Versions: 2.2, 2.3
> Environment: Operation system independent, but tested on Macbook Pro with 10.6 and Red Hat Enterprise Linux 6 on a virtual machine.
> Reporter: James Kionka
> Priority: Critical
>
> When attempting to access a Maven repository which uses SSLv3, you get the following error, "javax.net.ssl.SSLException: Received fatal alert: bad_record_mac".
> Earlier versions of Maven used java.net.URLConnection which respects the https.protocols system property. This allowed us to set it to SSLv3, which is what our Maven repository uses. However, HttpClient ignores that property. In other situations, we programmatically tell HttpClient to use SSLv3, which we cannot do from our end.
> You can find another person in the same situation here: http://stackoverflow.com/questions/12787657/received-fatal-alert-bad-record-mac-when-deploying-to-sonatype
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://jira.codehaus.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] (MNG-5363) Regression for SSLv3
Posted by "Christian Schlichtherle (JIRA)" <ji...@codehaus.org>.
[ https://jira.codehaus.org/browse/MNG-5363?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=316186#comment-316186 ]
Christian Schlichtherle commented on MNG-5363:
----------------------------------------------
I was using maven-release-plugin for some multi-module projects (TrueZIP, TrueVFS etc) successfully in the past. At some point in time it stopped working reliably however.
TrueVFS consists of more than twenty submodules. It's effectively impossible to do a release:perform on this project because it almost always stops at any random submodule due to this failure!
Pleaaase fix this showstopper.
> Regression for SSLv3
> --------------------
>
> Key: MNG-5363
> URL: https://jira.codehaus.org/browse/MNG-5363
> Project: Maven 2 & 3
> Issue Type: Bug
> Components: Errors
> Affects Versions: 3.0.4
> Environment: Operation system independent, but tested on Macbook Pro with 10.6 and Red Hat Enterprise Linux 6 on a virtual machine.
> Reporter: James Kionka
>
> When attempting to access a Maven repository which uses SSLv3, you get the following error, "javax.net.ssl.SSLException: Received fatal alert: bad_record_mac".
> Earlier versions of Maven used java.net.URLConnection which respects the https.protocols system property. This allowed us to set it to SSLv3, which is what our Maven repository uses. However, HttpClient ignores that property. In other situations, we programmatically tell HttpClient to use SSLv3, which we cannot do from our end.
> You can find another person in the same situation here: http://stackoverflow.com/questions/12787657/received-fatal-alert-bad-record-mac-when-deploying-to-sonatype
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://jira.codehaus.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] (WAGON-383) Regression for SSLv3
Posted by "Olivier Lamy (JIRA)" <ji...@codehaus.org>.
[ https://jira.codehaus.org/browse/WAGON-383?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=318414#comment-318414 ]
Olivier Lamy commented on WAGON-383:
------------------------------------
bin.zip or bin.tar.gz available for testing here https://builds.apache.org/view/M-R/view/Maven/job/maven-3.x/
> Regression for SSLv3
> --------------------
>
> Key: WAGON-383
> URL: https://jira.codehaus.org/browse/WAGON-383
> Project: Maven Wagon
> Issue Type: Bug
> Components: wagon-http
> Affects Versions: 2.2, 2.3
> Environment: Operation system independent, but tested on Macbook Pro with 10.6 and Red Hat Enterprise Linux 6 on a virtual machine.
> Reporter: James Kionka
> Priority: Critical
> Fix For: 2.4
>
>
> When attempting to access a Maven repository which uses SSLv3, you get the following error, "javax.net.ssl.SSLException: Received fatal alert: bad_record_mac".
> Earlier versions of Maven used java.net.URLConnection which respects the https.protocols system property. This allowed us to set it to SSLv3, which is what our Maven repository uses. However, HttpClient ignores that property. In other situations, we programmatically tell HttpClient to use SSLv3, which we cannot do from our end.
> You can find another person in the same situation here: http://stackoverflow.com/questions/12787657/received-fatal-alert-bad-record-mac-when-deploying-to-sonatype
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://jira.codehaus.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] (MNG-5363) Regression for SSLv3
Posted by "Olivier Lamy (JIRA)" <ji...@codehaus.org>.
[ https://jira.codehaus.org/browse/MNG-5363?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=317719#comment-317719 ]
Olivier Lamy commented on MNG-5363:
-----------------------------------
good to know.
Thanks for sharing the information.
> Regression for SSLv3
> --------------------
>
> Key: MNG-5363
> URL: https://jira.codehaus.org/browse/MNG-5363
> Project: Maven 2 & 3
> Issue Type: Bug
> Components: Errors
> Affects Versions: 3.0.4
> Environment: Operation system independent, but tested on Macbook Pro with 10.6 and Red Hat Enterprise Linux 6 on a virtual machine.
> Reporter: James Kionka
> Priority: Critical
>
> When attempting to access a Maven repository which uses SSLv3, you get the following error, "javax.net.ssl.SSLException: Received fatal alert: bad_record_mac".
> Earlier versions of Maven used java.net.URLConnection which respects the https.protocols system property. This allowed us to set it to SSLv3, which is what our Maven repository uses. However, HttpClient ignores that property. In other situations, we programmatically tell HttpClient to use SSLv3, which we cannot do from our end.
> You can find another person in the same situation here: http://stackoverflow.com/questions/12787657/received-fatal-alert-bad-record-mac-when-deploying-to-sonatype
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://jira.codehaus.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] (MNG-5363) Regression for SSLv3
Posted by "Gili (JIRA)" <ji...@codehaus.org>.
[ https://jira.codehaus.org/browse/MNG-5363?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=316185#comment-316185 ]
Gili commented on MNG-5363:
---------------------------
See http://yuriytkach.blogspot.ca/2011/10/javaxnetsslsslexception-badrecordmac.html for a related discussion.
> Regression for SSLv3
> --------------------
>
> Key: MNG-5363
> URL: https://jira.codehaus.org/browse/MNG-5363
> Project: Maven 2 & 3
> Issue Type: Bug
> Components: Errors
> Affects Versions: 3.0.4
> Environment: Operation system independent, but tested on Macbook Pro with 10.6 and Red Hat Enterprise Linux 6 on a virtual machine.
> Reporter: James Kionka
>
> When attempting to access a Maven repository which uses SSLv3, you get the following error, "javax.net.ssl.SSLException: Received fatal alert: bad_record_mac".
> Earlier versions of Maven used java.net.URLConnection which respects the https.protocols system property. This allowed us to set it to SSLv3, which is what our Maven repository uses. However, HttpClient ignores that property. In other situations, we programmatically tell HttpClient to use SSLv3, which we cannot do from our end.
> You can find another person in the same situation here: http://stackoverflow.com/questions/12787657/received-fatal-alert-bad-record-mac-when-deploying-to-sonatype
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://jira.codehaus.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] (MNG-5363) Regression for SSLv3
Posted by "Gili (JIRA)" <ji...@codehaus.org>.
[ https://jira.codehaus.org/browse/MNG-5363?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=317715#comment-317715 ]
Gili commented on MNG-5363:
---------------------------
Olivier,
Try deploying a project with many sub-modules such TrueVFS, the one mentioned by Roberto or http://code.google.com/p/boost-maven-project/ which I own. TrueVFS is probably the best one to investigate because it has the most modules and doesn't use native code like boost-maven-project does.
> Regression for SSLv3
> --------------------
>
> Key: MNG-5363
> URL: https://jira.codehaus.org/browse/MNG-5363
> Project: Maven 2 & 3
> Issue Type: Bug
> Components: Errors
> Affects Versions: 3.0.4
> Environment: Operation system independent, but tested on Macbook Pro with 10.6 and Red Hat Enterprise Linux 6 on a virtual machine.
> Reporter: James Kionka
> Priority: Critical
>
> When attempting to access a Maven repository which uses SSLv3, you get the following error, "javax.net.ssl.SSLException: Received fatal alert: bad_record_mac".
> Earlier versions of Maven used java.net.URLConnection which respects the https.protocols system property. This allowed us to set it to SSLv3, which is what our Maven repository uses. However, HttpClient ignores that property. In other situations, we programmatically tell HttpClient to use SSLv3, which we cannot do from our end.
> You can find another person in the same situation here: http://stackoverflow.com/questions/12787657/received-fatal-alert-bad-record-mac-when-deploying-to-sonatype
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://jira.codehaus.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] (MNG-5363) Regression for SSLv3
Posted by "Johannes Schneider (JIRA)" <ji...@codehaus.org>.
[ https://jira.codehaus.org/browse/MNG-5363?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=312750#comment-312750 ]
Johannes Schneider commented on MNG-5363:
-----------------------------------------
This is a major problem.
A lot of guys are deploying to oss.sonatype.org these days.
The problem is well known and documented there:
https://support.sonatype.com/entries/22070546-deploy-fails-with-received-fatal-alert-bad-record-mac
Unfortunately this workaround does *not* work with Maven 3.0.4. Therefore nobody is able to release multi module projects to oss.sonatype.org reliably.
I think this is a blocker....
> Regression for SSLv3
> --------------------
>
> Key: MNG-5363
> URL: https://jira.codehaus.org/browse/MNG-5363
> Project: Maven 2 & 3
> Issue Type: Bug
> Components: Errors
> Affects Versions: 3.0.4
> Environment: Operation system independent, but tested on Macbook Pro with 10.6 and Red Hat Enterprise Linux 6 on a virtual machine.
> Reporter: James Kionka
>
> When attempting to access a Maven repository which uses SSLv3, you get the following error, "javax.net.ssl.SSLException: Received fatal alert: bad_record_mac".
> Earlier versions of Maven used java.net.URLConnection which respects the https.protocols system property. This allowed us to set it to SSLv3, which is what our Maven repository uses. However, HttpClient ignores that property. In other situations, we programmatically tell HttpClient to use SSLv3, which we cannot do from our end.
> You can find another person in the same situation here: http://stackoverflow.com/questions/12787657/received-fatal-alert-bad-record-mac-when-deploying-to-sonatype
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://jira.codehaus.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] (WAGON-383) Regression for SSLv3
Posted by "Jesse Glick (JIRA)" <ji...@codehaus.org>.
[ https://jira.codehaus.org/browse/WAGON-383?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=317818#comment-317818 ]
Jesse Glick commented on WAGON-383:
-----------------------------------
{{e instanceof SSLException && e.toString().contains("bad_record_mac")}} is pretty specific.
> Regression for SSLv3
> --------------------
>
> Key: WAGON-383
> URL: https://jira.codehaus.org/browse/WAGON-383
> Project: Maven Wagon
> Issue Type: Bug
> Components: wagon-http
> Affects Versions: 2.2, 2.3
> Environment: Operation system independent, but tested on Macbook Pro with 10.6 and Red Hat Enterprise Linux 6 on a virtual machine.
> Reporter: James Kionka
> Priority: Critical
>
> When attempting to access a Maven repository which uses SSLv3, you get the following error, "javax.net.ssl.SSLException: Received fatal alert: bad_record_mac".
> Earlier versions of Maven used java.net.URLConnection which respects the https.protocols system property. This allowed us to set it to SSLv3, which is what our Maven repository uses. However, HttpClient ignores that property. In other situations, we programmatically tell HttpClient to use SSLv3, which we cannot do from our end.
> You can find another person in the same situation here: http://stackoverflow.com/questions/12787657/received-fatal-alert-bad-record-mac-when-deploying-to-sonatype
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://jira.codehaus.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] (MNG-5363) Regression for SSLv3
Posted by "Olivier Lamy (JIRA)" <ji...@codehaus.org>.
[ https://jira.codehaus.org/browse/MNG-5363?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=317713#comment-317713 ]
Olivier Lamy commented on MNG-5363:
-----------------------------------
Can I exactly know the env needed to reproduce this issue ?
I just deployed a project to https://oss.sonatype.org
My env
{code}
Apache Maven 3.1-SNAPSHOT (57d9c68e56a4bc8d825c7615534023eeda52b9c0; 2013-01-05 00:17:48+0100)
Maven home: /Users/olamy/softs/maven/trunk
Java version: 1.7.0_10, vendor: Oracle Corporation
Java home: /Library/Java/JavaVirtualMachines/jdk1.7.0_10.jdk/Contents/Home/jre
Default locale: fr_FR, platform encoding: UTF-8
OS name: "mac os x", version: "10.8.2", arch: "x86_64", family: "mac"
{code}
{code}
Downloading: https://oss.sonatype.org/content/repositories/snapshots/com/google/code/maven-scm-provider-svnjava/maven-scm-provider-svnjava/2.0.6-SNAPSHOT/maven-metadata.xml
Uploading: https://oss.sonatype.org/content/repositories/snapshots/com/google/code/maven-scm-provider-svnjava/maven-scm-provider-svnjava/2.0.6-SNAPSHOT/maven-scm-provider-svnjava-2.0.6-20130119.211246-1.jar
Uploaded: https://oss.sonatype.org/content/repositories/snapshots/com/google/code/maven-scm-provider-svnjava/maven-scm-provider-svnjava/2.0.6-SNAPSHOT/maven-scm-provider-svnjava-2.0.6-20130119.211246-1.jar (57 KB at 14.0 KB/sec)
Uploading: https://oss.sonatype.org/content/repositories/snapshots/com/google/code/maven-scm-provider-svnjava/maven-scm-provider-svnjava/2.0.6-SNAPSHOT/maven-scm-provider-svnjava-2.0.6-20130119.211246-1.pom
Uploaded: https://oss.sonatype.org/content/repositories/snapshots/com/google/code/maven-scm-provider-svnjava/maven-scm-provider-svnjava/2.0.6-SNAPSHOT/maven-scm-provider-svnjava-2.0.6-20130119.211246-1.pom (10 KB at 1.1 KB/sec)
Downloading: https://oss.sonatype.org/content/repositories/snapshots/com/google/code/maven-scm-provider-svnjava/maven-scm-provider-svnjava/maven-metadata.xml
Downloaded: https://oss.sonatype.org/content/repositories/snapshots/com/google/code/maven-scm-provider-svnjava/maven-scm-provider-svnjava/maven-metadata.xml (328 B at 0.1 KB/sec)
Uploading: https://oss.sonatype.org/content/repositories/snapshots/com/google/code/maven-scm-provider-svnjava/maven-scm-provider-svnjava/2.0.6-SNAPSHOT/maven-metadata.xml
Uploaded: https://oss.sonatype.org/content/repositories/snapshots/com/google/code/maven-scm-provider-svnjava/maven-scm-provider-svnjava/2.0.6-SNAPSHOT/maven-metadata.xml (818 B at 0.2 KB/sec)
Uploading: https://oss.sonatype.org/content/repositories/snapshots/com/google/code/maven-scm-provider-svnjava/maven-scm-provider-svnjava/maven-metadata.xml
Uploaded: https://oss.sonatype.org/content/repositories/snapshots/com/google/code/maven-scm-provider-svnjava/maven-scm-provider-svnjava/maven-metadata.xml (368 B at 0.1 KB/sec)
[INFO] ------------------------------------------------------------------------
[INFO] BUILD SUCCESS
[INFO] ------------------------------------------------------------------------
{code}
> Regression for SSLv3
> --------------------
>
> Key: MNG-5363
> URL: https://jira.codehaus.org/browse/MNG-5363
> Project: Maven 2 & 3
> Issue Type: Bug
> Components: Errors
> Affects Versions: 3.0.4
> Environment: Operation system independent, but tested on Macbook Pro with 10.6 and Red Hat Enterprise Linux 6 on a virtual machine.
> Reporter: James Kionka
> Priority: Critical
>
> When attempting to access a Maven repository which uses SSLv3, you get the following error, "javax.net.ssl.SSLException: Received fatal alert: bad_record_mac".
> Earlier versions of Maven used java.net.URLConnection which respects the https.protocols system property. This allowed us to set it to SSLv3, which is what our Maven repository uses. However, HttpClient ignores that property. In other situations, we programmatically tell HttpClient to use SSLv3, which we cannot do from our end.
> You can find another person in the same situation here: http://stackoverflow.com/questions/12787657/received-fatal-alert-bad-record-mac-when-deploying-to-sonatype
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://jira.codehaus.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] (WAGON-383) Regression for SSLv3
Posted by "Olivier Lamy (JIRA)" <ji...@codehaus.org>.
[ https://jira.codehaus.org/browse/WAGON-383?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=317811#comment-317811 ]
Olivier Lamy commented on WAGON-383:
------------------------------------
maybe but how ?
The jdk doesn't provide correct exception to know the cause of the issue.
I don't really like the idea about if exception.getMessage().contains("Received fatal alert") :-).
> Regression for SSLv3
> --------------------
>
> Key: WAGON-383
> URL: https://jira.codehaus.org/browse/WAGON-383
> Project: Maven Wagon
> Issue Type: Bug
> Components: wagon-http
> Affects Versions: 2.2, 2.3
> Environment: Operation system independent, but tested on Macbook Pro with 10.6 and Red Hat Enterprise Linux 6 on a virtual machine.
> Reporter: James Kionka
> Priority: Critical
>
> When attempting to access a Maven repository which uses SSLv3, you get the following error, "javax.net.ssl.SSLException: Received fatal alert: bad_record_mac".
> Earlier versions of Maven used java.net.URLConnection which respects the https.protocols system property. This allowed us to set it to SSLv3, which is what our Maven repository uses. However, HttpClient ignores that property. In other situations, we programmatically tell HttpClient to use SSLv3, which we cannot do from our end.
> You can find another person in the same situation here: http://stackoverflow.com/questions/12787657/received-fatal-alert-bad-record-mac-when-deploying-to-sonatype
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://jira.codehaus.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] (MNG-5363) Regression for SSLv3
Posted by "Gili (JIRA)" <ji...@codehaus.org>.
[ https://jira.codehaus.org/browse/MNG-5363?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=317767#comment-317767 ]
Gili commented on MNG-5363:
---------------------------
This issue makes me so frustrated I don't know where to begin :)
# Yes, Maven should provide a consistent mechanism for specifying what https protocols to respect regardless of the underlying implementation it decides to use (JDK or HttpClient).
# We need to get this fixed in the JDK! The only way to do this is getting an easily reproducible testcase. Any idea on how to do this (ideally using a local server instance?) We need to avoid intermittent failures.
> Regression for SSLv3
> --------------------
>
> Key: MNG-5363
> URL: https://jira.codehaus.org/browse/MNG-5363
> Project: Maven 2 & 3
> Issue Type: Bug
> Components: Errors
> Affects Versions: 3.0.4
> Environment: Operation system independent, but tested on Macbook Pro with 10.6 and Red Hat Enterprise Linux 6 on a virtual machine.
> Reporter: James Kionka
> Priority: Critical
>
> When attempting to access a Maven repository which uses SSLv3, you get the following error, "javax.net.ssl.SSLException: Received fatal alert: bad_record_mac".
> Earlier versions of Maven used java.net.URLConnection which respects the https.protocols system property. This allowed us to set it to SSLv3, which is what our Maven repository uses. However, HttpClient ignores that property. In other situations, we programmatically tell HttpClient to use SSLv3, which we cannot do from our end.
> You can find another person in the same situation here: http://stackoverflow.com/questions/12787657/received-fatal-alert-bad-record-mac-when-deploying-to-sonatype
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://jira.codehaus.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] (MNG-5363) Regression for SSLv3
Posted by "Harald Wellmann (JIRA)" <ji...@codehaus.org>.
[ https://jira.codehaus.org/browse/MNG-5363?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=317718#comment-317718 ]
Harald Wellmann commented on MNG-5363:
--------------------------------------
FYI, the bad_record_mac issue with Sonatype OSS might have been caused by misconfiguration in Sonatype OSS Nexus, see https://issues.sonatype.org/browse/OSSRH-5165, which appears to be resolved now.
> Regression for SSLv3
> --------------------
>
> Key: MNG-5363
> URL: https://jira.codehaus.org/browse/MNG-5363
> Project: Maven 2 & 3
> Issue Type: Bug
> Components: Errors
> Affects Versions: 3.0.4
> Environment: Operation system independent, but tested on Macbook Pro with 10.6 and Red Hat Enterprise Linux 6 on a virtual machine.
> Reporter: James Kionka
> Priority: Critical
>
> When attempting to access a Maven repository which uses SSLv3, you get the following error, "javax.net.ssl.SSLException: Received fatal alert: bad_record_mac".
> Earlier versions of Maven used java.net.URLConnection which respects the https.protocols system property. This allowed us to set it to SSLv3, which is what our Maven repository uses. However, HttpClient ignores that property. In other situations, we programmatically tell HttpClient to use SSLv3, which we cannot do from our end.
> You can find another person in the same situation here: http://stackoverflow.com/questions/12787657/received-fatal-alert-bad-record-mac-when-deploying-to-sonatype
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://jira.codehaus.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] (MNG-5363) Regression for SSLv3
Posted by "Gili (JIRA)" <ji...@codehaus.org>.
[ https://jira.codehaus.org/browse/MNG-5363?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=316159#comment-316159 ]
Gili commented on MNG-5363:
---------------------------
Please increase the priority of this problem. It is critical and should be fixed ASAP.
> Regression for SSLv3
> --------------------
>
> Key: MNG-5363
> URL: https://jira.codehaus.org/browse/MNG-5363
> Project: Maven 2 & 3
> Issue Type: Bug
> Components: Errors
> Affects Versions: 3.0.4
> Environment: Operation system independent, but tested on Macbook Pro with 10.6 and Red Hat Enterprise Linux 6 on a virtual machine.
> Reporter: James Kionka
>
> When attempting to access a Maven repository which uses SSLv3, you get the following error, "javax.net.ssl.SSLException: Received fatal alert: bad_record_mac".
> Earlier versions of Maven used java.net.URLConnection which respects the https.protocols system property. This allowed us to set it to SSLv3, which is what our Maven repository uses. However, HttpClient ignores that property. In other situations, we programmatically tell HttpClient to use SSLv3, which we cannot do from our end.
> You can find another person in the same situation here: http://stackoverflow.com/questions/12787657/received-fatal-alert-bad-record-mac-when-deploying-to-sonatype
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://jira.codehaus.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] (MNG-5363) Regression for SSLv3
Posted by "Hendy Irawan (JIRA)" <ji...@codehaus.org>.
[ https://jira.codehaus.org/browse/MNG-5363?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=316181#comment-316181 ]
Hendy Irawan commented on MNG-5363:
-----------------------------------
+1...
> Regression for SSLv3
> --------------------
>
> Key: MNG-5363
> URL: https://jira.codehaus.org/browse/MNG-5363
> Project: Maven 2 & 3
> Issue Type: Bug
> Components: Errors
> Affects Versions: 3.0.4
> Environment: Operation system independent, but tested on Macbook Pro with 10.6 and Red Hat Enterprise Linux 6 on a virtual machine.
> Reporter: James Kionka
>
> When attempting to access a Maven repository which uses SSLv3, you get the following error, "javax.net.ssl.SSLException: Received fatal alert: bad_record_mac".
> Earlier versions of Maven used java.net.URLConnection which respects the https.protocols system property. This allowed us to set it to SSLv3, which is what our Maven repository uses. However, HttpClient ignores that property. In other situations, we programmatically tell HttpClient to use SSLv3, which we cannot do from our end.
> You can find another person in the same situation here: http://stackoverflow.com/questions/12787657/received-fatal-alert-bad-record-mac-when-deploying-to-sonatype
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://jira.codehaus.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] (MNG-5363) Regression for SSLv3
Posted by "Roberto Tyley (JIRA)" <ji...@codehaus.org>.
[ https://jira.codehaus.org/browse/MNG-5363?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=316204#comment-316204 ]
Roberto Tyley commented on MNG-5363:
------------------------------------
I was getting this problem consistently with Maven 3.0.4 deploying a 14-module project to oss.sonatype.org. Downgrading to Maven 3.0.3 and trying again worked first time.
http://stackoverflow.com/a/13078665/438886 recommends adding MAVEN_OPTS="-Dhttps.protocols=SSLv3 -Dforce.http.jre.executor=true", but this was not necessary for me - just the downgrade to Maven 3.0.3.
> Regression for SSLv3
> --------------------
>
> Key: MNG-5363
> URL: https://jira.codehaus.org/browse/MNG-5363
> Project: Maven 2 & 3
> Issue Type: Bug
> Components: Errors
> Affects Versions: 3.0.4
> Environment: Operation system independent, but tested on Macbook Pro with 10.6 and Red Hat Enterprise Linux 6 on a virtual machine.
> Reporter: James Kionka
>
> When attempting to access a Maven repository which uses SSLv3, you get the following error, "javax.net.ssl.SSLException: Received fatal alert: bad_record_mac".
> Earlier versions of Maven used java.net.URLConnection which respects the https.protocols system property. This allowed us to set it to SSLv3, which is what our Maven repository uses. However, HttpClient ignores that property. In other situations, we programmatically tell HttpClient to use SSLv3, which we cannot do from our end.
> You can find another person in the same situation here: http://stackoverflow.com/questions/12787657/received-fatal-alert-bad-record-mac-when-deploying-to-sonatype
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://jira.codehaus.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] (MNG-5363) Regression for SSLv3
Posted by "Gili (JIRA)" <ji...@codehaus.org>.
[ https://jira.codehaus.org/browse/MNG-5363?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=317720#comment-317720 ]
Gili commented on MNG-5363:
---------------------------
I'm going to retest on my end and get back to you. It'll take a couple of days to be sure.
PS: If this was really caused by a server misconfiguration then Maven needs to be a lot more specific about what actually went wrong. The existing error message is extremely vague. There are no less than 4 different "explanations" out in the wild with strong community backing. It's not clear which, if any of them, is correct.
> Regression for SSLv3
> --------------------
>
> Key: MNG-5363
> URL: https://jira.codehaus.org/browse/MNG-5363
> Project: Maven 2 & 3
> Issue Type: Bug
> Components: Errors
> Affects Versions: 3.0.4
> Environment: Operation system independent, but tested on Macbook Pro with 10.6 and Red Hat Enterprise Linux 6 on a virtual machine.
> Reporter: James Kionka
> Priority: Critical
>
> When attempting to access a Maven repository which uses SSLv3, you get the following error, "javax.net.ssl.SSLException: Received fatal alert: bad_record_mac".
> Earlier versions of Maven used java.net.URLConnection which respects the https.protocols system property. This allowed us to set it to SSLv3, which is what our Maven repository uses. However, HttpClient ignores that property. In other situations, we programmatically tell HttpClient to use SSLv3, which we cannot do from our end.
> You can find another person in the same situation here: http://stackoverflow.com/questions/12787657/received-fatal-alert-bad-record-mac-when-deploying-to-sonatype
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://jira.codehaus.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] (MNG-5363) Regression for SSLv3
Posted by "Gili (JIRA)" <ji...@codehaus.org>.
[ https://jira.codehaus.org/browse/MNG-5363?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=317374#comment-317374 ]
Gili commented on MNG-5363:
---------------------------
Is the "component" on this bug report correct? Shouldn't this be fixed against Maven core or the release plugin?
> Regression for SSLv3
> --------------------
>
> Key: MNG-5363
> URL: https://jira.codehaus.org/browse/MNG-5363
> Project: Maven 2 & 3
> Issue Type: Bug
> Components: Errors
> Affects Versions: 3.0.4
> Environment: Operation system independent, but tested on Macbook Pro with 10.6 and Red Hat Enterprise Linux 6 on a virtual machine.
> Reporter: James Kionka
>
> When attempting to access a Maven repository which uses SSLv3, you get the following error, "javax.net.ssl.SSLException: Received fatal alert: bad_record_mac".
> Earlier versions of Maven used java.net.URLConnection which respects the https.protocols system property. This allowed us to set it to SSLv3, which is what our Maven repository uses. However, HttpClient ignores that property. In other situations, we programmatically tell HttpClient to use SSLv3, which we cannot do from our end.
> You can find another person in the same situation here: http://stackoverflow.com/questions/12787657/received-fatal-alert-bad-record-mac-when-deploying-to-sonatype
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://jira.codehaus.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira