Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-60222

Centos 8, not working email send - TLC error

    Details

    • Type: Bug
    • Status: Closed (View Workflow)
    • Priority: Minor
    • Resolution: Not A Defect
    • Component/s: email-ext-plugin
    • Labels:
      None
    • Environment:
      Centos 8, Jenkins ver. 2.205
    • Similar Issues:

      Description

      Default clean installation Centos 8 + Jenkins

      Sending emails not work. No way at all.

      I studied forums and documentation, searched in google. 

      I tryed 

       

      -Dmail.smtp.starttls.enable=true 
      

      and ssl-debug - mail not send.

      It in test-log:

      javax.net.ssl.SSLHandshakeException: No appropriate protocol (protocol is disabled or cipher suites are inappropriate)
       at java.base/sun.security.ssl.HandshakeContext.<init>(HandshakeContext.java:169)
       at java.base/sun.security.ssl.ClientHandshakeContext.<init>(ClientHandshakeContext.java:98)
       at java.base/sun.security.ssl.TransportContext.kickstart(TransportContext.java:216)
       at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:395)
       at com.sun.mail.util.SocketFetcher.configureSSLSocket(SocketFetcher.java:507)
       at com.sun.mail.util.SocketFetcher.getSocket(SocketFetcher.java:238)
       at com.sun.mail.smtp.SMTPTransport.openServer(SMTPTransport.java:1900)
      Caused: javax.mail.MessagingException: Could not connect to SMTP host: smtp.yandex.ru, port: 465;
        nested exception is:
       javax.net.ssl.SSLHandshakeException: No appropriate protocol (protocol is disabled or cipher suites are inappropriate)
       at com.sun.mail.smtp.SMTPTransport.openServer(SMTPTransport.java:1934)
       at com.sun.mail.smtp.SMTPTransport.protocolConnect(SMTPTransport.java:638)
       at javax.mail.Service.connect(Service.java:317)
      ..........

      It in job-log

      Running as SYSTEM
      Building in workspace /var/lib/jenkins/workspace/test-item
      Checking for pre-build
      Executing pre-build step
      Checking if email needs to be generated
      No emails were triggered.
      [test-item] $ /bin/sh -xe /tmp/jenkins2305405028249091314.sh
      + ssh root@192.168.1.2 12124
      Host key verification failed.
      Build step 'Выполнить команду shell' marked build as failure
      Sending e-mails to: myuser@mydomain.ru
      ERROR: Could not convert socket to TLS
      javax.mail.MessagingException: Could not convert socket to TLS;
       nested exception is:
       javax.net.ssl.SSLHandshakeException: No appropriate protocol (protocol is disabled or cipher suites are inappropriate)
       at com.sun.mail.smtp.SMTPTransport.startTLS(SMTPTransport.java:1880)
       at com.sun.mail.smtp.SMTPTransport.protocolConnect(SMTPTransport.java:648)
       at javax.mail.Service.connect(Service.java:317)
      ...............

      I tried to install on windows-system with identical mail settings - email has gone!

      Centos7: same actions - everything works!

      I tryed on Ubuntu - email has gone!

      i tryed another variation of accounts, potrs, SSL on/off, smtp-servers - mail is not sent.

      I launched a sniffer (wireshark) and i see:

      • jenkins send: STARTTLS 
      • snmp-server answers: 220 Go ahead
      • jenkins send TCP-FYN packen and i see web-error "protocol is disabled or cipher suites are inappropriate"

      I tryed another installation Centos 8 on another servers and I tried to do other Jenkins installations - everything starts, but mail does not work

      Please help me.

        Attachments

          Activity

          Hide
          derwin Konstantin A added a comment -

          Centos7: same actions - everything works

          Show
          derwin Konstantin A added a comment - Centos7: same actions - everything works
          Hide
          motokokusanagi Motoko Kusanagi added a comment -

          Konstantin A

          I had the same issue on Centos 8 and to get past it I made the following configuration change to /etc/sysconfig/jenkins:

          JENKINS_JAVA_OPTIONS="-Djava.awt.headless=true -Dmail.smtp.starttls.enable=true -Dmail.smtp.ssl.protocols=TLSv1.2"
          

          followed by:

          sudo service jenkins restart
          

           

          Show
          motokokusanagi Motoko Kusanagi added a comment - Konstantin A I had the same issue on Centos 8 and to get past it I made the following configuration change to /etc/sysconfig/jenkins: JENKINS_JAVA_OPTIONS= "-Djava.awt.headless= true -Dmail.smtp.starttls.enable= true -Dmail.smtp.ssl.protocols=TLSv1.2" followed by: sudo service jenkins restart  
          Hide
          derwin Konstantin A added a comment -

          TLS 1.0, 1.1, 1.2 disabled by default in Centos 8 https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/considerations_in_adopting_rhel_8/security_considerations-in-adopting-rhel-8#tls-v10-v11_security

           

          it works:

          1. update-crypto-policies --set LEGACY
            Setting system policy to LEGACY
            Note: System-wide crypto policies are applied on application start-up.
            It is recommended to restart the system for the change of policies
            to fully take place.
          Show
          derwin Konstantin A added a comment - TLS 1.0, 1.1, 1.2 disabled by default in Centos 8  https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/considerations_in_adopting_rhel_8/security_considerations-in-adopting-rhel-8#tls-v10-v11_security   it works: update-crypto-policies --set LEGACY Setting system policy to LEGACY Note: System-wide crypto policies are applied on application start-up. It is recommended to restart the system for the change of policies to fully take place.

            People

            • Assignee:
              slide_o_mix Alex Earl
              Reporter:
              derwin Konstantin A
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: