Details
-
Bug
-
Resolution: Fixed
-
Low
-
4.8.7
-
None
-
Minor
-
1
-
Description
Issue Summary
In FIsheye 4.8.7 we use javax.mail-1.6.2.jar to support TLS1.2 for mail. Due to dependencies from other packages, mail-1.4.jar is still included and can cause issues with sending mail if not explicitly removed.
Steps to Reproduce
- Configure SMTP in Fisheye with the option Use SSL/TLS=true
- Send a test mail using a mail server that does not support TLS1.0,1.1 (such as Office365)
Expected Results
Mail gets sent successfully
Actual Results
Test mail fails
The below exception is thrown in the atlassian-fisheye.log file:
nested exception is:
javax.net.ssl.SSLHandshakeException: No appropriate protocol (protocol is disabled or cipher suites are inappropriate)
at com.sun.mail.smtp.SMTPTransport.sendCommand(SMTPTransport.java:1420) [mail-1.4.jar:1.4]
at com.sun.mail.smtp.SMTPTransport.sendCommand(SMTPTransport.java:1408) [mail-1.4.jar:1.4]
at com.sun.mail.smtp.SMTPTransport.ehlo(SMTPTransport.java:847) [mail-1.4.jar:1.4]
at com.sun.mail.smtp.SMTPTransport.protocolConnect(SMTPTransport.java:384) [mail-1.4.jar:1.4]
In this case, the mail-1.4.jar was picked up, instead of the correct 1.6.2. Since mail-1.4 does not support TLS1.2, the exception No appropriate protocol (protocol is disabled or cipher suites are inappropriate) is thrown
Workaround
- Remove mail-1.4.jar from $FISHEYE_INSTALLATION/lib
- Restart Fisheye
