OneDev
Dashboards
Projects
Global Views
Code Search
server
Code
Pull Requests
Issues
List
Boards
Iterations
Builds
Packages
Statistics
Child Projects
Audit Log
OneDev 14.1.0
Documentation Support & Bug Report RESTful API Incompatibilities License Agreement Check Update
Projects onedev server Issues OD-169
SSLException on STARTTLS mail server (OD-169)
zir0h opened 6 years ago

Hello! Thanks for creating this software.

I had an issue when sending mails via mailcow. The postfix config only allows TLSv1.2 and above. When sending an email with the default wrapper.conf I got the following stack trace:

onedev_1  | java.lang.RuntimeException: org.apache.commons.mail.EmailException: Sending the email to the following server failed : mail.ziroh.be:587
onedev_1  |     at io.onedev.server.notification.DefaultMailManager.sendMail(DefaultMailManager.java:126) ~[io.onedev.server-core-3.2.1.jar:na]
onedev_1  |     at io.onedev.server.web.page.admin.mailsetting.MailSettingPage$2.runTask(MailSettingPage.java:72) ~[io.onedev.server-core-3.2.1.jar:na]
onedev_1  |     at io.onedev.server.web.component.taskbutton.TaskButton$1.call(TaskButton.java:82) [io.onedev.server-core-3.2.1.jar:na]
onedev_1  |     at io.onedev.server.web.component.taskbutton.TaskButton$1.call(TaskButton.java:74) [io.onedev.server-core-3.2.1.jar:na]
onedev_1  |     at java.util.concurrent.FutureTask.run(FutureTask.java:266) [na:1.8.0_252]
onedev_1  |     at io.onedev.server.security.SecurityUtils$1.run(SecurityUtils.java:317) [io.onedev.server-core-3.2.1.jar:na]
onedev_1  |     at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) [na:1.8.0_252]
onedev_1  |     at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) [na:1.8.0_252]
onedev_1  |     at java.lang.Thread.run(Thread.java:748) [na:1.8.0_252]
onedev_1  | Caused by: org.apache.commons.mail.EmailException: Sending the email to the following server failed : mail.ziroh.be:587
onedev_1  |     at org.apache.commons.mail.Email.sendMimeMessage(Email.java:1421) ~[org.apache.commons.commons-email-1.4.jar:1.4]
onedev_1  |     at org.apache.commons.mail.Email.send(Email.java:1448) ~[org.apache.commons.commons-email-1.4.jar:1.4]
onedev_1  |     at io.onedev.server.notification.DefaultMailManager.sendMail(DefaultMailManager.java:124) ~[io.onedev.server-core-3.2.1.jar:na]
onedev_1  |     ... 8 common frames omitted
onedev_1  | Caused by: javax.mail.MessagingException: Could not convert socket to TLS
onedev_1  |     at com.sun.mail.smtp.SMTPTransport.startTLS(SMTPTransport.java:1907) ~[javax.mail.mail-1.4.7.jar:1.4.7]
onedev_1  |     at com.sun.mail.smtp.SMTPTransport.protocolConnect(SMTPTransport.java:666) ~[javax.mail.mail-1.4.7.jar:1.4.7]
onedev_1  |     at javax.mail.Service.connect(Service.java:317) ~[javax.mail.mail-1.4.7.jar:1.4.7]
onedev_1  |     at javax.mail.Service.connect(Service.java:176) ~[javax.mail.mail-1.4.7.jar:1.4.7]
onedev_1  |     at javax.mail.Service.connect(Service.java:125) ~[javax.mail.mail-1.4.7.jar:1.4.7]
onedev_1  |     at javax.mail.Transport.send0(Transport.java:194) ~[javax.mail.mail-1.4.7.jar:1.4.7]
onedev_1  |     at javax.mail.Transport.send(Transport.java:124) ~[javax.mail.mail-1.4.7.jar:1.4.7]
onedev_1  |     at org.apache.commons.mail.Email.sendMimeMessage(Email.java:1411) ~[org.apache.commons.commons-email-1.4.jar:1.4]
onedev_1  |     ... 10 common frames omitted
onedev_1  | Caused by: javax.net.ssl.SSLException: Received fatal alert: protocol_version
onedev_1  |     at sun.security.ssl.Alerts.getSSLException(Alerts.java:214) ~[na:1.8.0_252]
onedev_1  |     at sun.security.ssl.Alerts.getSSLException(Alerts.java:159) ~[na:1.8.0_252]
onedev_1  |     at sun.security.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:2041) ~[na:1.8.0_252]
onedev_1  |     at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1145) ~[na:1.8.0_252]
onedev_1  |     at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1388) ~[na:1.8.0_252]

Adding the following line to /opt/onedev/conf/wrapper.conf seems to work around the issue (not sure if it's the right solution).

wrapper.java.additional.20=-Dmail.smtp.ssl.protocols=TLSv1.2

Tested on v3.2.1 with docker, STARTTLS checkbox enabled, mail authentication enabled.

Have a nice day!

  • Robin Shen commented 6 years ago

    Thanks a lot for the investigation. Which JDK version are you using?

  • zir0h commented 6 years ago

    I'm using the one that's embedded in the docker image (1dev/server:latest)

    openjdk version "1.8.0_252"
OpenJDK Runtime Environment (build 1.8.0_252-8u252-b09-1~18.04-b09)
OpenJDK 64-Bit Server VM (build 25.252-b09, mixed mode)
  • Robin Shen commented 6 years ago

    It turns out that JavaMail version used in OneDev only supports up to TLSv1. Upgraded to latest JavaMail version and TLSv1.2 is the default protocol now.

  • OneDev changed state to 'Closed' 6 years ago
    Previous Value Current Value 
    Open
    		 
    Closed
  • OneDev changed state to 'Released' 6 years ago
    Previous Value Current Value 
    Closed
    		 
    Released
issue 1/1
Type
Bug
Priority
Minor
Assignee
Robin Shen
Affected Versions
Not Found
Issue Votes (0)
Login to vote
Watchers (3)
Reference
OD-169
Please wait...
Connection lost or session expired, reload to recover
Page is in error, reload to recover