You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@maven.apache.org by "Johannes Schneider (JIRA)" <ji...@codehaus.org> on 2012/11/01 14:54:13 UTC

[jira] (MNG-5363) Regression for SSLv3

    [ https://jira.codehaus.org/browse/MNG-5363?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=312750#comment-312750 ] 

Johannes Schneider commented on MNG-5363:
-----------------------------------------

This is a major problem.

A lot of guys are deploying to oss.sonatype.org these days.
The problem is well known and documented there:

https://support.sonatype.com/entries/22070546-deploy-fails-with-received-fatal-alert-bad-record-mac

Unfortunately this workaround does *not* work with Maven 3.0.4. Therefore nobody is able to release multi module projects to oss.sonatype.org reliably.


I think this is a blocker....

                
> Regression for SSLv3
> --------------------
>
>                 Key: MNG-5363
>                 URL: https://jira.codehaus.org/browse/MNG-5363
>             Project: Maven 2 & 3
>          Issue Type: Bug
>          Components: Errors
>    Affects Versions: 3.0.4
>         Environment: Operation system independent, but tested on Macbook Pro with 10.6 and Red Hat Enterprise Linux 6 on a virtual machine.
>            Reporter: James Kionka
>
> When attempting to access a Maven repository which uses SSLv3, you get the following error, "javax.net.ssl.SSLException: Received fatal alert: bad_record_mac".
> Earlier versions of Maven used java.net.URLConnection which respects the https.protocols system property. This allowed us to set it to SSLv3, which is what our Maven repository uses. However, HttpClient ignores that property. In other situations, we programmatically tell HttpClient to use SSLv3, which we cannot do from our end.
> You can find another person in the same situation here: http://stackoverflow.com/questions/12787657/received-fatal-alert-bad-record-mac-when-deploying-to-sonatype

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://jira.codehaus.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira