-
Bug
-
Resolution: Fixed
-
Highest
-
6.7.0
-
15
-
Severity 2 - Major
-
102
-
Problem Definition
Currently TLS1.1 is used when email notifications are sent from Bitbucket to Office365, as Office365 incorrectly handles protocol negotiation when SSLv2Hello is a client-supported protocol.
If using Java 11, this causes an exception due to the protocol being downgraded, and emails are not able to be sent at all.
Office 365 will deprecate definitively TLS 1.0 and TLS 1.1 soon.
Suggested Solution
Remove SSLv2Hello from the supported mail protocols Bitbucket Mail Server SMTP Protocol.
Workaround:
- Ensure that SSLv2Hello is not part of the supported mail protocols by adding the following setting to bitbucket.properties:
mail.crypto.protocols=TLSv1.2
- Restart Bitbucket
- is incorporated by
-
-
- Closed
-
- duplicates
-
BBSDEV-23180 You do not have permission to view this issue
- mentioned in
-
Page Failed to load
-
Page Failed to load
-
Page Loading...
-
-
-
-
-
-
![[Atlassian Documentation] Page](https://confluence.atlassian.com/images/icons/favicon.png "[Atlassian Documentation] Page"){kind=icon}
[BSERV-11889] Bitbucket fails to send mail to Office365 when using Java 11
Hi 697995402c23,
I have had a look at the fix applied in 7.8. It appears the bug is actually in Office 365 and we were able to work around it by removing support for SSLv2Hello. As a policy we do not remove support for things (i.e. SSLv2Hello) in a bugfix version, but in a minor release this is a more reasonable thing to do. See the 7.8 release notes: https://confluence.atlassian.com/bitbucketserver/bitbucket-server-and-data-center-7-8-release-notes-1027130356.html
The above decision was obviously taken knowing there is a very simple workaround for anyone running 7.7 or prior.
> Or another question is why are some versions marked as LTS and contains bugs that are already resolved in another versions?
Please see the following document that describes what fixes are made to LTS releases:
https://confluence.atlassian.com/enterprise/long-term-support-releases-948227420.html
Hi
Can anyone explain me why this bug is not part of LTS versions?
I have encountered same problem in 7.6.8 (Long Term Support) released on 07-Jul-2021.
Or another question is why are some versions marked as LTS and contains bugs that are already resolved in another versions?
The workaround with setting of mail.crypto.protocols helps.
Thanks for your help Bryan. Now it is working only using TLS 1.2
Regards,
Sergio
The issue description includes a workaround that others have indicated worked for them, and is available in existing Bitbucket Server releases. Try setting mail.crypto.protocols=TLSv1.2 in bitbucket.properties and restarting Bitbucket Server. If that doesn't help, please let us know.
Best regards,
Bryan Turner
Atlassian Bitbucket
Hello,
Any update about use TLS 1.2 currently in Bitbucket server?
Thanks,
Sergio
Any ETA on "soon"?
I may have just run into this one as well. Is there a way to use TLS 1.2 as of today?
Hey nij - Sorry for leading you astray. I expect we'll get to this soon, so we should have a solution soon.
Hi Brent,
tested now.
The startup of Bitbucket is done with this parameters :
/opt/jre1.8.0_71/bin/java -classpath /opt/atlassian/bitbucket/6.4.1/app -Datlassian.standalone=BITBUCKET -Dbitbucket.home=/area1/atlassian/application-data/bitbucket -Dbitbucket.install=/op
t/atlassian/bitbucket/6.4.1 -Xms512m -Xmx1g -XX:+UseG1GC -Dfile.encoding=UTF-8 -Dsun.jnu.encoding=UTF-8 -Djava.io.tmpdir=/area1/atlassian/application-data/bitbucket/tmp -Djava.library.path=/opt/atlassian/bitbucket/6.4.1/lib/native;/area1
/atlassian/application-data/bitbucket/lib/native -Dmail.smtp.ssl.protocols=TLSv1.2 com.atlassian.bitbucket.internal.launcher.BitbucketServerLauncher start
But unfortunately, it doesn't work. The mail are always sent using TLSv1.1
Br,
Hi Ben Humphreys,
Thx for clarification. Now I understand what LTS in Atlassian means.
Link to article explain it better when I compare it to short info under question mark next to the version.