Uploaded image for project: 'Bamboo Data Center'
  1. Bamboo Data Center
  2. BAM-20910

Bamboo without TLS 1.2 select option for SMTP mail server configuration

XMLWordPrintable

    • 2

    • Our product teams collect and evaluate feedback from a number of different sources. To learn more about how we use customer feedback in the planning process, check out our new feature policy.

      Issue Summary

      Bamboo fails to communicate with SMTP servers using TLS. Reported issue:

      javax.mail.MessagingException: Could not convert socket to TLS; nested exception is: javax.net.ssl.SSLHandshakeException: No appropriate protocol (protocol is disabled or cipher suites are inappropriate)

      Steps to Reproduce

      1. Java 8u292+ and JDK 11.0.11+ in Bamboo 8+ - Openssl had TLS 1.0 and 1.1 disabled
      2. Navigate as Bamboo Admin to Cog >> Overview >> Mail server.
      3. Create or edit an existing configuration there and check the option "Use TLS".
      4. Define Bamboo system or e.g. build notifications (for testing).

      Expected Results

      Notifications sent out from Bamboo should be encrypted in TLS 1.2 since TLS 1.0 is well known for security vulnerabilities. 

      Actual Results

      Check or filter the emails sent from Bamboo and find them encrypted in TLS 1.0.

      Workaround

      Add the system property below:

      -Dmail.smtp.ssl.protocols=TLSv1.2

      Following Configuring your system properties

          Form Name

            [BAM-20910] Bamboo without TLS 1.2 select option for SMTP mail server configuration

            Eduardo Alvarenga added a comment -

            a2635199bf14 the TLSv1.2 value was updated on 23/Apr/2020. Please use this as the suggested workaround.

            Eduardo Alvarenga added a comment - a2635199bf14 the TLSv1.2 value was updated on 23/Apr/2020. Please use this as the suggested workaround.

            Hoang Van Sang added a comment -

            please let me know. i will add the content "Should be -Dmail.smtp.ssl.protocols=TLSv1.2 
            The 'v' was missing in original proposed solution." what into file?

            Hoang Van Sang added a comment - please let me know. i will add the content "Should be -Dmail.smtp.ssl.protocols=TLSv1.2  The 'v' was missing in original proposed solution." what into file?

            Hoang Van Sang added a comment -

            please let me know. i will add the content "Should be -Dmail.smtp.ssl.protocols=TLSv1.2 
            The 'v' was missing in original proposed solution." what into file?

             

            Hoang Van Sang added a comment - please let me know. i will add the content "Should be -Dmail.smtp.ssl.protocols=TLSv1.2  The 'v' was missing in original proposed solution." what into file?  

            Hoang Van Sang added a comment -

            tonight i will check on mylab. due my company install bamboo on prd. should i can't test. thank you.

            Hoang Van Sang added a comment - tonight i will check on mylab. due my company install bamboo on prd. should i can't test. thank you.

            Gerhard Forster (Inactive) added a comment -

            I just corrected that, Craig. You're right, thanks so much for your heads-up here

            Gerhard Forster (Inactive) added a comment - I just corrected that, Craig. You're right, thanks so much for your heads-up here

            Craig Solinski added a comment -

            Should be -Dmail.smtp.ssl.protocols=TLSv1.2 
            The 'v' was missing in original proposed solution.

            Craig Solinski added a comment - Should be -Dmail.smtp.ssl.protocols=TLSv1.2  The 'v' was missing in original proposed solution.

              Unassigned Unassigned
              gforster@atlassian.com Gerhard Forster (Inactive)
              Votes:
              7 Vote for this issue
              Watchers:
              15 Start watching this issue

                Created:
                Updated: