Uploaded image for project: 'Bamboo Data Center'
  1. Bamboo Data Center
  2. BAM-15539

Requiring TLS/SSL breaks DNS SRV lookup

XMLWordPrintable

      Bamboo claims it will look up the service record for instant messaging if you leave the port blank:

      "If no port is specified, Bamboo will first perform a DNS SRV lookup or use the default port."

      However, if you specify "Requires an TLS/SSL connection" then it will not look up the service record and will use port 5222/5223 and the specified host name instead.

      This seems to be a very longstanding bug.

      Workarounds (not good workarounds):

      • Don't specify requiring a secure connection (a secure connection should still be used if available)
      • Don't use DNS SRV lookup and instead specify the direct host and portname.

          Form Name

            [BAM-15539] Requiring TLS/SSL breaks DNS SRV lookup

            Oleksandr Tkachenko added a comment -
            Atlassian Update – 3 April 2018

            Hi everyone,
            We have recently reviewed this issue and the overall interest in the problem. As the issue hasn't collected votes, watchers, comments, or support cases from many customers during its lifetime, it's very low on our priority list, and will not be fixed in the foreseeable future. That's why we've decided to resolve it as Time Out.

            Although we're aware the issue is still important to those of you who were involved in the conversations around it, we want to be clear in managing your expectations. The Bamboo team is focusing on issues that have broad impact and high value, reflected by the number of comments, votes, support cases, and customers interested. Please consult the Atlassian Bugfix Policy for more details.

            We understand how disappointing this decision may be but we want to be fully transparent when communicating with our users.
            Atlassian will continue to watch this issue for further updates, so please feel free to share your thoughts in the comments.

            Thank you,
            Syed Masood
            Bamboo Product Manager

            Oleksandr Tkachenko added a comment - Atlassian Update – 3 April 2018 Hi everyone, We have recently reviewed this issue and the overall interest in the problem. As the issue hasn't collected votes, watchers, comments, or support cases from many customers during its lifetime, it's very low on our priority list, and will not be fixed in the foreseeable future. That's why we've decided to resolve it as Time Out . Although we're aware the issue is still important to those of you who were involved in the conversations around it, we want to be clear in managing your expectations. The Bamboo team is focusing on issues that have broad impact and high value, reflected by the number of comments, votes, support cases, and customers interested. Please consult the Atlassian Bugfix Policy for more details. We understand how disappointing this decision may be but we want to be fully transparent when communicating with our users. Atlassian will continue to watch this issue for further updates, so please feel free to share your thoughts in the comments. Thank you, Syed Masood Bamboo Product Manager

            Don Willis added a comment -

            Thanks Daniel. I agree with your suggestions.

            Don Willis added a comment - Thanks Daniel. I agree with your suggestions.

            Daniel Possmann added a comment -

            Thank you for creating the bug report. We hit the same bug (https://support.atlassian.com/servicedesk/customer/portal/10/BSP-17261)
            I think the whole connection stuff need some changes to get the important options you have in a desktop client:

            • add a "connection host" option since the domain for XMPP and host you connect to don't have to be the same
            • if "connection host" is set, you also have to specify the port. No SRV dns lookup at all (like for legacy SSL which is not supported by DNS SRV, you always have to specify the port)
            • in other cases use the SRV dns values

            At least that's the way all the clients work which i remember.

            If it's possible with Smack to lookup only missing parts of the DNS SRV entry, you wouldn't have to force to set "connection host" and the port at the same time like for legacy SSL with a custom port but the host looked up over DNS SRV.
            Since Smack automatically tries starttls you could remove the "Requires an TLS/SSL connection" and only ask for legacy SSL. Or really force encryption if Smack allows this.

            Daniel Possmann added a comment - Thank you for creating the bug report. We hit the same bug ( https://support.atlassian.com/servicedesk/customer/portal/10/BSP-17261 ) I think the whole connection stuff need some changes to get the important options you have in a desktop client: add a "connection host" option since the domain for XMPP and host you connect to don't have to be the same if "connection host" is set, you also have to specify the port. No SRV dns lookup at all (like for legacy SSL which is not supported by DNS SRV, you always have to specify the port) in other cases use the SRV dns values At least that's the way all the clients work which i remember. If it's possible with Smack to lookup only missing parts of the DNS SRV entry, you wouldn't have to force to set "connection host" and the port at the same time like for legacy SSL with a custom port but the host looked up over DNS SRV. Since Smack automatically tries starttls you could remove the "Requires an TLS/SSL connection" and only ask for legacy SSL. Or really force encryption if Smack allows this.

              Unassigned Unassigned
              don.willis@atlassian.com Don Willis
              Affected customers:
              1 This affects my team
              Watchers:
              3 Start watching this issue

                Created:
                Updated:
                Resolved: