java.net.SocketException: Connection reset when configuring Office365 IMAP Server for Jira

Hello!

We're currently running into an issue when setting up an IMAP configuration for incoming emails on our JIRA Server.  We have an account hosted at outlook.office365.com, and we can see the following options for connecting via POP or IMAP

POP

Server name: outlook.office365.com
Port: 995
Encryption method: TLS

IMAP 

Server name: outlook.office365.com
Port: 993
Encryption method: TLS

We've used the these parameters to set up an IMAP server on our AWS Jira instance:

Protocol: SECURE_IMAP

Host Name: outlook.office365.com

IMAP Port: 993

Timeout 20000

Username: username@<domain>.com

When trying to test the connection, we receive this message: 

Unfortunately no connection was possible. Review the errors below and rectify:

• SocketException: Connection reset

We've tried the following to troubleshoot:

• change the password/unlock the account.  This allows us to log in through office365's web UI, but we still get the connection reset error.
• look at the logs.  After turning on DEBUG, we still only see the following in atlassian-jira.log (we're not seeing any useful stack traces in atlasian-jira.log or atlasian-jira-incoming-mail.log):

[c.a.j.p.mail.webwork.VerifyMailServer] Unable to connect to the server at outlook.office365.com due to the following exception: java.net.SocketException: Connection reset

• Test connectivity using openssl s_client
  • we used the following command to test the connection: 

  • openssl s_client -connect outlook.office365.com:993 -crlf -servername outlook.office365.com

  • I'm able to connect to the server on my laptop:

  • subject=/C=US/ST=Washington/L=Redmond/O=Microsoft Corporation/CN=outlook.com
    issuer=/C=US/O=DigiCert Inc/CN=DigiCert Cloud Services CA-1
    ---
    No client certificate CA names sent
    Peer signing digest: SHA1
    Server Temp Key: ECDH, P-256, 256 bits
    ---
    SSL handshake has read 3863 bytes and written 461 bytes
    ---
    New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384
    Server public key is 2048 bit
    Secure Renegotiation IS supported
    Compression: NONE
    Expansion: NONE
    No ALPN negotiated

     

  • However, running the same command from my EC2 instance in AWS does not result in a connection

  • CONNECTED(00000003)
    write:errno=104
    ---
    no peer certificate available
    ---
    No client certificate CA names sent
    ---
    SSL handshake has read 0 bytes and written 319 bytes
    ---
    New, (NONE), Cipher is (NONE)
    Secure Renegotiation IS NOT supported
    Compression: NONE
    Expansion: NONE
    No ALPN negotiated
    SSL-Session:
     Protocol : TLSv1.2
     Cipher : 0000
     Session-ID:
     Session-ID-ctx:
     Master-Key:
     Key-Arg : None
     Krb5 Principal: None
     PSK identity: None
     PSK identity hint: None
     Start Time: 1546003282
     Timeout : 300 (sec)
     Verify return code: 0 (ok)
    --- 

Has anyone run into similar issues? 

UPDATE:

After doing a little bit of testing, it looks like I can connect to outlook.office365.com IMAP from an instance in a public subnet.  However, our Jira instance is located in a private subnet.  Has anyone tried configuring an IMAP server for a Jira instance hosted in a private subnet?  Thanks again!