Unable to send mails - TLS/Java error

vaday September 24, 2020

All other services work perfectly except BITBUCKET. Recently, the mail service stopped and the log reflects below (Office 365)

 

org.springframework.mail.MailSendException: Mail server connection failed; nested exception is javax.mail.MessagingException: Could not convert socket to TLS;
nested exception is:
javax.net.ssl.SSLHandshakeException: A potential protocol version downgrade attack. Failed messages: javax.mail.MessagingException: Could not convert socket to TLS;
nested exception is:
javax.net.ssl.SSLHandshakeException: A potential protocol version downgrade attack
at org.springframework.mail.javamail.JavaMailSenderImpl.doSend(JavaMailSenderImpl.java:448)
at org.springframework.mail.javamail.JavaMailSenderImpl.send(JavaMailSenderImpl.java:361)
at org.springframework.mail.javamail.JavaMailSenderImpl.send(JavaMailSenderImpl.java:378)
at org.springframework.mail.javamail.JavaMailSenderImpl.send(JavaMailSenderImpl.java:366)
at com.atlassian.stash.internal.mail.MailServiceImpl.sendMessageSynchronously(MailServiceImpl.java:286)
at com.atlassian.stash.internal.mail.MailServiceImpl.lambda$submit$0(MailServiceImpl.java:162)
at com.atlassian.stash.internal.concurrent.StateTransferringRunnable.run(StateTransferringRunnable.java:50)
at java.util.concurrent.Executors$RunnableAdapter.call(Unknown Source)
at java.util.concurrent.FutureTask.run(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
at java.lang.Thread.run(Unknown Source)
... 1 frame trimmed
Caused by: javax.mail.MessagingException: Could not convert socket to TLS
at com.sun.mail.smtp.SMTPTransport.startTLS(SMTPTransport.java:2064)
at com.sun.mail.smtp.SMTPTransport.protocolConnect(SMTPTransport.java:724)
at javax.mail.Service.connect(Service.java:366)
at org.springframework.mail.javamail.JavaMailSenderImpl.connectTransport(JavaMailSenderImpl.java:518)
at org.springframework.mail.javamail.JavaMailSenderImpl.doSend(JavaMailSenderImpl.java:437)
... 11 common frames omitted
Caused by: javax.net.ssl.SSLHandshakeException: A potential protocol version downgrade attack
at sun.security.ssl.Alert.createSSLException(Unknown Source)
at sun.security.ssl.Alert.createSSLException(Unknown Source)
at sun.security.ssl.TransportContext.fatal(Unknown Source)
at sun.security.ssl.TransportContext.fatal(Unknown Source)
at sun.security.ssl.TransportContext.fatal(Unknown Source)
at sun.security.ssl.ServerHello$ServerHelloConsumer.onServerHello(Unknown Source)
at sun.security.ssl.ServerHello$ServerHelloConsumer.consume(Unknown Source)
at sun.security.ssl.SSLHandshake.consume(Unknown Source)
at sun.security.ssl.HandshakeContext.dispatch(Unknown Source)
at sun.security.ssl.HandshakeContext.dispatch(Unknown Source)
at sun.security.ssl.TransportContext.dispatch(Unknown Source)
at sun.security.ssl.SSLTransport.decode(Unknown Source)
at sun.security.ssl.SSLSocketImpl.decode(Unknown Source)
at sun.security.ssl.SSLSocketImpl.readHandshakeRecord(Unknown Source)
at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at com.sun.mail.util.SocketFetcher.configureSSLSocket(SocketFetcher.java:598)
at com.sun.mail.util.SocketFetcher.startTLS(SocketFetcher.java:525)
at com.sun.mail.smtp.SMTPTransport.startTLS(SMTPTransport.java:2059)
... 15 common frames omitted

 

1 answer

1 accepted

2 votes
Answer accepted
Andy Heinzer
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
September 25, 2020

Hi @vaday 

Sorry to hear about this problem.  I did some searching on this error and I came across this bug: BSERV-11889.  It appears that Bitbucket server, by default is not enforcing TLS 1.2, and there is a known change that has recently been implemented by Office 365 to deprecate the older 1.0 and 1.1 versions of TLS. I suspect that Bitbucket is trying to use a different version of this protocol that is not being accepted by the mail host (Office 365).

The good news is that there is a work-around you can follow in order to force Bitbucket to always connect using the 1.2 version of that protocol by editing the bitbucket.properties file:

Workaround:

  1. Add the following setting to bitbucket.properties:
    mail.crypto.protocols=TLSv1.2
    
  2. Restart Bitbucket

Try these steps and let me know if this helps.

Andy

vaday September 26, 2020

Andy, thanks. I was trying the same but from JAVA side and it did not work. It works with above solution. Very helpful.

Like Andy Heinzer likes this
Andy Heinzer
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
September 28, 2020

Thanks @vaday.  If this solved your problem here, please click the Accept Answer button.  This will help to mark the question as answered, and in turn can help other users that might run across the same error.

Cheers,

Andy

Like vaday likes this

Suggest an answer

Log in or Sign up to answer
DEPLOYMENT TYPE
SERVER
VERSION
7.6.0
TAGS
AUG Leaders

Atlassian Community Events