Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-63757

Email extension plugin cannot connect via SSL port 465

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Major Major
    • email-ext-plugin
    • None
    • Jenkins 2.222.3
      email-ext-plugin 2.76

      After update to 2.76 the plugin tries to connect to SMTP server port 25 by default, even if SSL is enabled and it should use port 465. This results to connection error:

      MessagingException message: Could not connect to SMTP host: smtp.example.com, port: 25
      

      If I specify port 465 manually, I get another error:

      MessagingException message: Exception reading response
      

      The only way I could get the plugin working was disabling SSL and changing port to 25. However, it is unclear does the plugin try to use STARTTLS with such settings, and is a connection secure or not.

          [JENKINS-63757] Email extension plugin cannot connect via SSL port 465

          Dmitry Mikhirev created issue -

          Alex Earl added a comment -

          Does 2.75 have this issue?

          Alex Earl added a comment - Does 2.75 have this issue?

          Dmitry Mikhirev added a comment - - edited

          Well, I've noticed this after update to 2.76. This does not mean that everything was working absolutely correctly before, but it worked with my configuration.
          To be honest, I'm not sure if it was working after update 2.74→2.75, but I was able to get working configuration after downgrade 2.76→2.75 (I only had to manually specify port 465).

          Dmitry Mikhirev added a comment - - edited Well, I've noticed this after update to 2.76. This does not mean that everything was working absolutely correctly before, but it worked with my configuration. To be honest, I'm not sure if it was working after update 2.74→2.75, but I was able to get working configuration after downgrade 2.76→2.75 (I only had to manually specify port 465).

          Alex Earl added a comment -

          Ok, so it does work on 2.75. I'll look at the diff

          Alex Earl added a comment - Ok, so it does work on 2.75. I'll look at the diff

          Alex Earl added a comment -

          Alex Earl added a comment - Strange, the diff is pretty small on 2.75 -> 2.76 https://github.com/jenkinsci/email-ext-plugin/compare/email-ext-2.75...email-ext-2.76
          Julian Alarcon made changes -
          Attachment New: image-2020-10-06-11-01-51-593.png [ 52782 ]

          it could be small but it has a big change at SSL/security checks, it seems related with SECURITY-1851 / CVE-2020-2253 and SECURITY-1813 / CVE-2020-2252 

          Julian Alarcon added a comment - it could be small but it has a big change at SSL/security checks, it seems related with SECURITY-1851 / CVE-2020-2253 and SECURITY-1813 / CVE-2020-2252  

          Alex Earl added a comment -

          You can try setting that property to false in your Jenkins controller setup and see if it works.

          Alex Earl added a comment - You can try setting that property to false in your Jenkins controller setup and see if it works.
          Sunesh Govindaraj made changes -
          Attachment New: image-2020-10-13-09-56-47-353.png [ 52933 ]

          Would like to understand how to verify a server's identity. Adding the certificate to the default JAVA keystore under `$JAVA_HOME/jre/lib/security/cacerts` did not seem to work. This is the error I am seeing,

          Sunesh Govindaraj added a comment - Would like to understand how to verify a server's identity. Adding the certificate to the default JAVA keystore under `$JAVA_HOME/jre/lib/security/cacerts` did not seem to work. This is the error I am seeing,

            Unassigned Unassigned
            bizdelnick Dmitry Mikhirev
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Created:
              Updated: