Jira fails to send webhooks to a custom URL

Platform Notice: Data Center Only - This article only applies to Atlassian products on the Data Center platform.

Note that this KB was created for the Data Center version of the product. Data Center KBs for non-Data-Center-specific features may also work for Server versions of the product, however they have not been tested. Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.

*Except Fisheye and Crucible

Summary

Problem

Jira is unable to send webhooks to a custom URL which requires the calling client to use SNI. This might also affect other types of links with the custom URL (eg. application links)

  • When sending webhooks to your URL (with com.atlassian.webhooks enabled for DEBUG), we don't see any WebHook successfully sent message even though we can see that the webhooks is sent

  • When sending webhooks using Service Management automation, we can see a handshake_failure error. The following appears in the atlassian-jira.log

1 2016-12-13 16:12:17,967 Caesium-1-4 WARN it support [execution.engine.asyncthen.AsyncThenJobProcessor] Failed executing ThenAction com.atlassian.servicedesk.plugins.automation.webhook.rulethen.WebhookThenAction asynchronously: 'Unable to obtain status code from webhook server: java.lang.RuntimeException: javax.net.ssl.SSLException: Received fatal alert: handshake_failure'

Diagnosis

cURL, wget and SSLPoke from the Jira server to the URL will work fine

Cause

The following JVM argument is being applied to the Jira instance

  • -Djsse.enableSNIExtension=false

This disables SNI support for Jira. You can try SSLPoke with this argument

1 2 3 4 5 6 7 8 9 10 11 12 13 computer:~/sslpoke$ java SSLPoke example.com 443 Successfully connected computer:~/sslpoke$ java -Djsse.enableSNIExtension=false SSLPoke example.com 443 javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure at sun.security.ssl.Alerts.getSSLException(Alerts.java:192) at sun.security.ssl.Alerts.getSSLException(Alerts.java:154) at sun.security.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:2023) at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1125) at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375) at sun.security.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:747) at sun.security.ssl.AppOutputStream.write(AppOutputStream.java:123) at sun.security.ssl.AppOutputStream.write(AppOutputStream.java:138) at SSLPoke.main(SSLPoke.java:31)

Solution

Resolution

Remove that JVM argument and restart Jira for it to take effect

Updated on April 2, 2025
Platform
Data Center only
Product
Jira Software Data Center
On this pageSummaryDiagnosisCauseSolution

Still need help?

The Atlassian Community is here for you.
Ask the Community