Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-63757

Email extension plugin cannot connect via SSL port 465

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Open (View Workflow)
    • Priority: Major
    • Resolution: Unresolved
    • Component/s: email-ext-plugin
    • Labels:
      None
    • Environment:
      Jenkins 2.222.3
      email-ext-plugin 2.76
    • Similar Issues:

      Description

      After update to 2.76 the plugin tries to connect to SMTP server port 25 by default, even if SSL is enabled and it should use port 465. This results to connection error:

      MessagingException message: Could not connect to SMTP host: smtp.example.com, port: 25
      

      If I specify port 465 manually, I get another error:

      MessagingException message: Exception reading response
      

      The only way I could get the plugin working was disabling SSL and changing port to 25. However, it is unclear does the plugin try to use STARTTLS with such settings, and is a connection secure or not.

        Attachments

          Activity

          Hide
          slide_o_mix Alex Earl added a comment -

          Does 2.75 have this issue?

          Show
          slide_o_mix Alex Earl added a comment - Does 2.75 have this issue?
          Hide
          bizdelnick Dmitry Mikhirev added a comment - - edited

          Well, I've noticed this after update to 2.76. This does not mean that everything was working absolutely correctly before, but it worked with my configuration.
          To be honest, I'm not sure if it was working after update 2.74→2.75, but I was able to get working configuration after downgrade 2.76→2.75 (I only had to manually specify port 465).

          Show
          bizdelnick Dmitry Mikhirev added a comment - - edited Well, I've noticed this after update to 2.76. This does not mean that everything was working absolutely correctly before, but it worked with my configuration. To be honest, I'm not sure if it was working after update 2.74→2.75, but I was able to get working configuration after downgrade 2.76→2.75 (I only had to manually specify port 465).
          Hide
          slide_o_mix Alex Earl added a comment -

          Ok, so it does work on 2.75. I'll look at the diff

          Show
          slide_o_mix Alex Earl added a comment - Ok, so it does work on 2.75. I'll look at the diff
          Hide
          slide_o_mix Alex Earl added a comment -
          Show
          slide_o_mix Alex Earl added a comment - Strange, the diff is pretty small on 2.75 -> 2.76 https://github.com/jenkinsci/email-ext-plugin/compare/email-ext-2.75...email-ext-2.76
          Hide
          julian_alarcon Julian Alarcon added a comment -

          it could be small but it has a big change at SSL/security checks, it seems related with SECURITY-1851 / CVE-2020-2253 and SECURITY-1813 / CVE-2020-2252 

          Show
          julian_alarcon Julian Alarcon added a comment - it could be small but it has a big change at SSL/security checks, it seems related with SECURITY-1851 / CVE-2020-2253 and SECURITY-1813 / CVE-2020-2252  
          Hide
          slide_o_mix Alex Earl added a comment -

          You can try setting that property to false in your Jenkins controller setup and see if it works.

          Show
          slide_o_mix Alex Earl added a comment - You can try setting that property to false in your Jenkins controller setup and see if it works.
          Hide
          sunesh Sunesh Govindaraj added a comment -

          Would like to understand how to verify a server's identity. Adding the certificate to the default JAVA keystore under `$JAVA_HOME/jre/lib/security/cacerts` did not seem to work. This is the error I am seeing,

          Show
          sunesh Sunesh Govindaraj added a comment - Would like to understand how to verify a server's identity. Adding the certificate to the default JAVA keystore under `$JAVA_HOME/jre/lib/security/cacerts` did not seem to work. This is the error I am seeing,

            People

            Assignee:
            Unassigned Unassigned
            Reporter:
            bizdelnick Dmitry Mikhirev
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Dates

              Created:
              Updated: