maven-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Gili (JIRA)" <>
Subject [jira] (MNG-5363) Regression for SSLv3
Date Tue, 22 Jan 2013 12:55:13 GMT


Gili commented on MNG-5363:

This issue makes me so frustrated I don't know where to begin :)

# Yes, Maven should provide a consistent mechanism for specifying what https protocols to
respect regardless of the underlying implementation it decides to use (JDK or HttpClient).
# We need to get this fixed in the JDK! The only way to do this is getting an easily reproducible
testcase. Any idea on how to do this (ideally using a local server instance?) We need to avoid
intermittent failures.
> Regression for SSLv3
> --------------------
>                 Key: MNG-5363
>                 URL:
>             Project: Maven 2 & 3
>          Issue Type: Bug
>          Components: Errors
>    Affects Versions: 3.0.4
>         Environment: Operation system independent, but tested on Macbook Pro with 10.6
and Red Hat Enterprise Linux 6 on a virtual machine.
>            Reporter: James Kionka
>            Priority: Critical
> When attempting to access a Maven repository which uses SSLv3, you get the following
error, " Received fatal alert: bad_record_mac".
> Earlier versions of Maven used which respects the https.protocols
system property. This allowed us to set it to SSLv3, which is what our Maven repository uses.
However, HttpClient ignores that property. In other situations, we programmatically tell HttpClient
to use SSLv3, which we cannot do from our end.
> You can find another person in the same situation here:

This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:!default.jspa
For more information on JIRA, see:


View raw message