Application link between Bamboo and Bitbucket broke with "peer not authenticated" network error after Bitbucket upgrade
Platform Notice: Data Center Only - This article only applies to Atlassian products on the Data Center platform.
Note that this KB was created for the Data Center version of the product. Data Center KBs for non-Data-Center-specific features may also work for Server versions of the product, however they have not been tested. Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.
*Except Fisheye and Crucible
Summary
The application link between Bamboo and Bitbucket broke with the SSL authentication issue after Bitbucket upgraded to 8.9.9 with Java 17. Below errors can be seen in the <Bamboo-Home>/atlassian-bamboo.log file:
1
2
3
4
5
6
7
8
2024-01-23 05:23:19,145 INFO [AtlassianEvent::0-BAM::EVENTS:pool-1-thread-54] [FeatureManagerStartupListener] * Application Link. Id:'2391f07f-b84a-3386-b248-fa1fe4b9bfac', Name: 'Bitbucket', Url:'https://bitbucket-test.com, Type: 'applinks.bitbucket.v4'
2024-01-23 05:23:22,802 WARN [atlassian-scheduler-quartz2.local_Worker-2] [DefaultApplinkStatusService] Unrecognized error while attempting to retrieve status of Application Link '2391f07f-b84a-3386-b248-fa1fe4b9bfac'
2024-01-23 05:23:29,824 INFO [scheduler_Worker-5] [RemoteConnectionTester] Exception requesting status for remote host Bitbucket (2391f07f-b84a-3386-b248-fa1fe4b9bfac) https://bitbucket-test.com stash
com.atlassian.sal.api.net.ResponseException: javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
2024-01-23 05:24:50,490 ERROR [https-jsse-nio-8443-exec-36] [OAuthApplinksServlet] An error occurred when performing the oauth 'dance' for application link 'Bitbucket (2391f07f-b84a-3386-b248-fa1fe4b9bfac) https://bitbucket-test.com stash'
com.atlassian.sal.api.net.ResponseException: javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
2024-01-23 05:26:22,992 WARN [https-jsse-nio-8443-exec-63] [DefaultApplinkStatusService] Network error while attempting to retrieve status of Application Link '2391f07f-b84a-3386-b248-fa1fe4b9bfac'
2024-01-23 05:26:44,211 WARN [https-jsse-nio-8443-exec-101] [DefaultApplinkStatusService] Network error while attempting to retrieve status of Application Link '2391f07f-b84a-3386-b248-fa1fe4b9bfac'Environment
Bamboo on 9.3.1 with Java 11.0.1 or below.
Bitbucket on the 8+ version with Java 17.
Diagnosis
The following symptoms are observed:
Bamboo server matched the "Environment" details above.
There is no mismatch in SSL certificates and SSL certificates match with the correct hostname of the Bitbucket used in the Application link Bitbucket URL.
A network error is seen on the Bamboo UI application link created between Bamboo and Bitbucket from the Bamboo Overview > Application Links > Click on the edit option.
Below logs seen in atlassian-bamboo.log:
1
2
3
4
5
6
7
8
2024-01-23 05:23:19,145 INFO [AtlassianEvent::0-BAM::EVENTS:pool-1-thread-54] [FeatureManagerStartupListener] * Application Link. Id:'2391f07f-b84a-3386-b248-fa1fe4b9bfac', Name: 'Bitbucket', Url:'https://bitbucket-test.com, Type: 'applinks.bitbucket.v4'
2024-01-23 05:23:22,802 WARN [atlassian-scheduler-quartz2.local_Worker-2] [DefaultApplinkStatusService] Unrecognized error while attempting to retrieve status of Application Link '2391f07f-b84a-3386-b248-fa1fe4b9bfac'
2024-01-23 05:23:29,824 INFO [scheduler_Worker-5] [RemoteConnectionTester] Exception requesting status for remote host Bitbucket (2391f07f-b84a-3386-b248-fa1fe4b9bfac) https://bitbucket-test.com stash
com.atlassian.sal.api.net.ResponseException: javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
2024-01-23 05:24:50,490 ERROR [https-jsse-nio-8443-exec-36] [OAuthApplinksServlet] An error occurred when performing the oauth 'dance' for application link 'Bitbucket (2391f07f-b84a-3386-b248-fa1fe4b9bfac) https://bitbucket-test.com stash'
com.atlassian.sal.api.net.ResponseException: javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
2024-01-23 05:26:22,992 WARN [https-jsse-nio-8443-exec-63] [DefaultApplinkStatusService] Network error while attempting to retrieve status of Application Link '2391f07f-b84a-3386-b248-fa1fe4b9bfac'
2024-01-23 05:26:44,211 WARN [https-jsse-nio-8443-exec-101] [DefaultApplinkStatusService] Network error while attempting to retrieve status of Application Link '2391f07f-b84a-3386-b248-fa1fe4b9bfac'Cause
There is a bug in Java 11 below 11.0.3 where resumed TLS 1.3 sessions do not preserve the peer certificate chain that is held in the initially created SSLSession object. When Jira reaches out to Crowd to validate the user's authenticatedness, it does so over a SSL/TLS connection. If this TLS connection is at level TLS 1.3, this bug can be encountered where the SSL connection fails, thereby failing the connection to Crowd.
For more details, please refer to OpenJDK bug: JDK-8212885 - TLS 1.3 resumed session does not retain peer certificate chain.
Solution
Solution 1:
Upgrade Java on Bamboo server to JDK 11.0.3 or higher, any of the fixed versions mentioned on this JDK bug: JDK-8212885 - TLS 1.3 resumed session does not retain peer certificate chain.
Please refer to How to upgrade the Java version used by Bamboo.
Solution 2:
Add the below JVM parameter on Bamboo server <Bamboo-Install>/bin/setenv.sh. Please refer to configuring your system properties.
1-Djdk.tls.client.protocols=TLSv1.2Restart Bamboo so the changes are reflected.
Please make sure that the above property has been picked up by Bamboo by going toBamboo Administration > Overview > System informationand looking for it in theEnvironment variables section → JAVA_OPTS.
Create an Application link from Bamboo Overview > Application Links for Bamboo and Bitbucket.
Was this helpful?