-
Bug
-
Resolution: Not a bug
-
Low
-
None
-
7.2.2
-
None
-
1
-
Severity 3 - Minor
-
2
-
Problem Definition
When spinning up a Bitbucket instance from the official docker image, we can see that it is using adoptopenjdk:8-hotspot.
This version does not support TLSv1.3
When we try to force bitbucket to use TLSv1.3 for the Bitbucket Mail Server SMTP Protocol as follow:
mail.crypto.protocols=TLSv1.3
Or
mail.crypto.protocols=TLSv1.2 TLSv1.3
we get the following error message on the application logs:
2020-06-03 23:00:14,699 ERROR ... "POST /admin/mail-server HTTP/1.1" bitbucket.mail-log Sending mail failed. Please verify the mail server configuration and check the logs for details; recipient: email@email.com; subject: Test - Test email for SMTP configuration org.springframework.mail.MailSendException: Mail server connection failed; nested exception is java.lang.IllegalArgumentException: TLSv1.3. Failed messages: java.lang.IllegalArgumentException: TLSv1.3 at org.springframework.mail.javamail.JavaMailSenderImpl.doSend(JavaMailSenderImpl.java:448) ... trimmed Caused by: java.lang.IllegalArgumentException: TLSv1.3 at sun.security.ssl.ProtocolVersion.valueOf(ProtocolVersion.java:187) ... omitted
Suggested Solution
Knowing that TLS 1.0 and TLS 1.1 are continuously getting deprecated and TLSv1.3 is more and more used, it is important to ensure that the official docker image allows using TLSv1.3.
Workaround
Currently, the most secure TLS protocol that can be configured and used is TLSv1.2
mail.crypto.protocols=TLSv1.2
- relates to
-
-
- Closed
-
- mentioned in
-
Page Loading...