Just a heads up: On March 24, 2025, starting at 4:30pm CDT / 19:30 UTC, the site will be undergoing scheduled maintenance for a few hours. During this time, the site might be unavailable for a short while. Thanks for your patience.

×
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

SSL error when trying to connect to Jira Server

Paul Hackett
Paul Hackett September 28, 2023

We are running an on-prem version of Jira 9.2.  We are set up to connect over http not https.

Starting on 9/27 users were getting the following errors:

Firefox:

An error occurred during a connection to jira.sciinc.com:8080. SSL received a record that exceeded the maximum permissible length.

Error code: SSL_ERROR_RX_RECORD_TOO_LONG

Chrome:

This site can’t provide a secure connection

jira.sciinc.com sent an invalid response.

ERR_SSL_PROTOCOL_ERROR

There have been no changes on the Jira Server except for recent windows patches.

Any updates on the client would have been windows patches as well as any application updates.

Some of the troubleshooting steps that I took included:

  1. Checked my Chrome settings and changed Pop-ups and redirects from blocked to allow as well as insecure content from blocked to allow and still couldn't connect from my workstation
  2. I turned off forclient (AV & Malware) and still couldn't connect from my workstation
  3. I checked the Fortigate Firewall logs and the error I was seeing when I couldn't connect was TCP reset from client.  This was checking traffic to the server.
  4. I found this in the support log.zip file - 27-Sep-2023 20:20:31.649 INFO [http-nio-8080-exec-6] org.apache.coyote.http11.Http11Processor.service Error parsing HTTP request header
    Line 54: Note: further occurrences of HTTP request parsing errors will be logged at DEBUG level.
Answer
Watch
Like Kevin David Ramirez Hernandez likes this
1202 views

3 answers

1 accepted

0 votes
Answer accepted
Paul Hackett
Paul Hackett October 16, 2023

@Artur Moura Here is the server.xml

 

<?xml version="1.0" encoding="utf-8"?>
<!--
Licensed to the Apache Software Foundation (ASF) under one or more
contributor license agreements. See the NOTICE file distributed with
this work for additional information regarding copyright ownership.
The ASF licenses this file to You under the Apache License, Version 2.0
(the "License"); you may not use this file except in compliance with
the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
-->
<Server port="8005" shutdown="SHUTDOWN">
<Listener className="org.apache.catalina.startup.VersionLoggerListener"/>
<Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on"/>
<Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener"/>
<Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener"/>
<Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener"/>

<Service name="Catalina">
<!--
==============================================================================================================
DEFAULT - Direct connector with no proxy for unproxied access to Jira.

If using a http/https proxy, comment out this connector.
==============================================================================================================
-->

<!-- Relaxing chars because of JRASERVER-67974 -->
<Connector port="8080" relaxedPathChars="[]|" relaxedQueryChars="[]|{}^&#x5c;&#x60;&quot;&lt;&gt;"
maxThreads="150" minSpareThreads="25" connectionTimeout="20000" enableLookups="false"
maxHttpHeaderSize="8192" protocol="HTTP/1.1" useBodyEncodingForURI="true" redirectPort="8443"
acceptCount="100" disableUploadTimeout="true" bindOnInit="false"/>

<!--
==============================================================================================================
HTTP - Proxying Jira via Apache or Nginx over HTTP

If you're proxying traffic to Jira over HTTP, uncomment the below connector and comment out the others.
Ensure the proxyName and proxyPort are updated with the appropriate information if necessary as per the docs.

See the following for more information:

Apache - https://confluence.atlassian.com/x/4xQLM
nginx - https://confluence.atlassian.com/x/DAFmGQ
==============================================================================================================
-->

<!--
<Connector port="8080" relaxedPathChars="[]|" relaxedQueryChars="[]|{}^&#x5c;&#x60;&quot;&lt;&gt;"
maxThreads="150" minSpareThreads="25" connectionTimeout="20000" enableLookups="false"
maxHttpHeaderSize="8192" protocol="HTTP/1.1" useBodyEncodingForURI="true" redirectPort="8443"
acceptCount="100" disableUploadTimeout="true" bindOnInit="false" scheme="http"
proxyName="<subdomain>.<domain>.com" proxyPort="80"/>

-->
<!--
==============================================================================================================
HTTPS - Proxying Jira via Apache or Nginx over HTTPS

If you're proxying traffic to Jira over HTTPS, uncomment the below connector and comment out the others.
Ensure the proxyName and proxyPort are updated with the appropriate information if necessary as per the docs.

See the following for more information:

Apache - https://confluence.atlassian.com/x/PTT3MQ
nginx - https://confluence.atlassian.com/x/DAFmGQ
==============================================================================================================
-->

<!--
<Connector port="8080" relaxedPathChars="[]|" relaxedQueryChars="[]|{}^&#x5c;&#x60;&quot;&lt;&gt;"
maxThreads="150" minSpareThreads="25" connectionTimeout="20000" enableLookups="false"
maxHttpHeaderSize="8192" protocol="HTTP/1.1" useBodyEncodingForURI="true" redirectPort="8443"
acceptCount="100" disableUploadTimeout="true" bindOnInit="false" secure="true" scheme="https"
proxyName="<subdomain>.<domain>.com" proxyPort="443"/>
-->

<!--
==============================================================================================================
AJP - Proxying Jira via Apache over HTTP or HTTPS

If you're proxying traffic to Jira using the AJP protocol, uncomment the following connector line
See the following for more information:

Apache - https://confluence.atlassian.com/x/QiJ9MQ
==============================================================================================================
-->

<!--
<Connector port="8009" URIEncoding="UTF-8" enableLookups="false" protocol="AJP/1.3"/>
-->

<Engine name="Catalina" defaultHost="localhost">
<Host name="localhost" appBase="webapps" unpackWARs="true" autoDeploy="true">

<Context path="" docBase="${catalina.home}/atlassian-jira" reloadable="false" useHttpOnly="true">
<Resource name="UserTransaction" auth="Container" type="javax.transaction.UserTransaction"
factory="org.objectweb.jotm.UserTransactionFactory" jotm.timeout="60"/>
<Manager pathname=""/>
<JarScanner scanManifest="false"/>
<Valve className="org.apache.catalina.valves.StuckThreadDetectionValve" threshold="120" />
</Context>

</Host>
<Valve className="org.apache.catalina.valves.AccessLogValve"
pattern="%a %{jira.request.id}r %{jira.request.username}r %t &quot;%m %U%{sanitized.query}r %H&quot; %s %b %D &quot;%{sanitized.referer}r&quot; &quot;%{User-Agent}i&quot; &quot;%{jira.request.assession.id}r&quot;"/>
</Engine>
</Service>
</Server>

Reply
0 votes
Paul Hackett
Paul Hackett October 16, 2023

@Artur Moura Where would I check to see if the protocol was being forced?  Thanks.

View More Comments
Artur Moura
Artur Moura
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
October 16, 2023

Hi @Paul Hackett

Thanks for sharing the server.xml file. It looks good.

Usually, in the most recent browser versions, the *https* is not shown in the address bar, so you need to click 2 times on the URL to see the full URL, including the protocol.

With that, I would recommend copying the http://jira.sciinc.com:8080 URL and pasting it into the browser to force the HTTP to be used.

I'm mentioning this as the error seems you are trying to access https://jira.sciinc.com:8080 instead of http://jira.sciinc.com:8080, which is the HTTP one.

Like
Paul Hackett
Paul Hackett October 16, 2023

@Artur Moura We tried pasting http://jira.sciinc.com:8080 in the browser and that didn't work.

My users are reporting different results from various browsers.

1 Users could not connect via Firefox or Chrome, but then chrome and edge started working for him but Firefox would not.  The only change he made was that firefox was updated to version 118.0.1.

Another couple of users cannot connect via Edge as it seems to automatically redirect to HTTPS when the are manually putting in http://jira.sciinc.com:8080.  The temp solution for them is to use Chrome.

I am still not able to use chrome but edge works for me.

The users are either running the latest version of Win 10 or Win 11.

Like
Artur Moura
Artur Moura
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
October 18, 2023

Hi @Paul Hackett

Thanks for sharing your findings!

I believe I found something related to this issue. It seems the behavior is due to the HTST configuration being enabled by default. Here in this https://confluence.atlassian.com/jirakb/how-to-enable-and-configure-http-strict-transport-security-hsts-response-header-on-jira-1047554004.html  you may find more details about how to disable it.

Please let us know how it goes.

Like
Paul Hackett
Paul Hackett October 18, 2023

@Artur Moura Yes, that looks like the issue so we will work on that.  Thank you for your assistance.

Like Artur Moura likes this
Reply
0 votes
Artur Moura
Artur Moura
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
October 13, 2023

Hey @Paul Hackett

Would you please share the server.xml file you are using?

The file is located under the <Jira Install folder/conf> folder.

I'm wondering if something was changed on this file related to the connector configuration.

In addition, are you forcing the protocol in the URL? http://jira.sciinc.com:8080. 

I'm asking this as the default protocol for recent browsers is https instead of http. 

Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira
DEPLOYMENT TYPE
SERVER
VERSION
9.2
TAGS
AUG Leaders

Atlassian Community Events

    See all events