Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-63757

Email extension plugin cannot connect via SSL port 465

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Major Major
    • email-ext-plugin
    • None
    • Jenkins 2.222.3
      email-ext-plugin 2.76

      After update to 2.76 the plugin tries to connect to SMTP server port 25 by default, even if SSL is enabled and it should use port 465. This results to connection error:

      MessagingException message: Could not connect to SMTP host: smtp.example.com, port: 25
      

      If I specify port 465 manually, I get another error:

      MessagingException message: Exception reading response
      

      The only way I could get the plugin working was disabling SSL and changing port to 25. However, it is unclear does the plugin try to use STARTTLS with such settings, and is a connection secure or not.

          [JENKINS-63757] Email extension plugin cannot connect via SSL port 465

          Alex Earl added a comment -

          Does 2.75 have this issue?

          Alex Earl added a comment - Does 2.75 have this issue?

          Dmitry Mikhirev added a comment - - edited

          Well, I've noticed this after update to 2.76. This does not mean that everything was working absolutely correctly before, but it worked with my configuration.
          To be honest, I'm not sure if it was working after update 2.74→2.75, but I was able to get working configuration after downgrade 2.76→2.75 (I only had to manually specify port 465).

          Dmitry Mikhirev added a comment - - edited Well, I've noticed this after update to 2.76. This does not mean that everything was working absolutely correctly before, but it worked with my configuration. To be honest, I'm not sure if it was working after update 2.74→2.75, but I was able to get working configuration after downgrade 2.76→2.75 (I only had to manually specify port 465).

          Alex Earl added a comment -

          Ok, so it does work on 2.75. I'll look at the diff

          Alex Earl added a comment - Ok, so it does work on 2.75. I'll look at the diff

          Alex Earl added a comment -

          Alex Earl added a comment - Strange, the diff is pretty small on 2.75 -> 2.76 https://github.com/jenkinsci/email-ext-plugin/compare/email-ext-2.75...email-ext-2.76

          it could be small but it has a big change at SSL/security checks, it seems related with SECURITY-1851 / CVE-2020-2253 and SECURITY-1813 / CVE-2020-2252 

          Julian Alarcon added a comment - it could be small but it has a big change at SSL/security checks, it seems related with SECURITY-1851 / CVE-2020-2253 and SECURITY-1813 / CVE-2020-2252  

          Alex Earl added a comment -

          You can try setting that property to false in your Jenkins controller setup and see if it works.

          Alex Earl added a comment - You can try setting that property to false in your Jenkins controller setup and see if it works.

          Would like to understand how to verify a server's identity. Adding the certificate to the default JAVA keystore under `$JAVA_HOME/jre/lib/security/cacerts` did not seem to work. This is the error I am seeing,

          Sunesh Govindaraj added a comment - Would like to understand how to verify a server's identity. Adding the certificate to the default JAVA keystore under `$JAVA_HOME/jre/lib/security/cacerts` did not seem to work. This is the error I am seeing,

          Alex Earl added a comment -

          Apologies for not responding to this until now, not sure how it slipped out of my radar. Did you get this resolved?

          Alex Earl added a comment - Apologies for not responding to this until now, not sure how it slipped out of my radar. Did you get this resolved?

          I still have plugin configured to use port 25. I can try changing to 465 but what other settings should I use? I see "Use SSL" (currently disabled) and "Use TLS" (currently enabled) settings. That is rather confusing. Should these settings be "Use SMTP over TLS" and "Use STARTTLS"?

          Dmitry Mikhirev added a comment - I still have plugin configured to use port 25. I can try changing to 465 but what other settings should I use? I see "Use SSL" (currently disabled) and "Use TLS" (currently enabled) settings. That is rather confusing. Should these settings be "Use SMTP over TLS" and "Use STARTTLS"?

            Unassigned Unassigned
            bizdelnick Dmitry Mikhirev
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Created:
              Updated: