Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

Alert Publisher and SMTPS TLSv1.2

Alert Publisher and SMTPS TLSv1.2

Explorer

Hello everyone,

 

I have recently tested disabling old TLS protocols in order to try and force the usage of TLSv1.2 in encrypted communications. As per the knowledge base, the procedure involves changing a few settings, one of which, is the jdk.tls.disabledAlgorithms property in the java.security file.

 

When disabling TLSv1, the Alert Publisher fails to send e-mails to the configured mail server and the following message can be seen in the logs:

 

 

Caused by: javax.net.ssl.SSLHandshakeException: No appropriate protocol (protocol is disabled or cipher suites are inappropriate)
	at sun.security.ssl.Handshaker.activate(Handshaker.java:529)
	at sun.security.ssl.SSLSocketImpl.kickstartHandshake(SSLSocketImpl.java:1492)
	at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1361)
	at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1413)
	at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1397)
	at com.sun.mail.util.SocketFetcher.configureSSLSocket(SocketFetcher.java:503)
	at com.sun.mail.util.SocketFetcher.getSocket(SocketFetcher.java:234)
	at com.sun.mail.smtp.SMTPTransport.openServer(SMTPTransport.java:1672)
	... 34 more

I successfuly connected to the Mail Server with openssl s_client tls1_2. Is this a valid test in this context?

 

I have also tried setting the -Djdk.tls.client.protocols=TLSv1.2 in the Java Configuration Options to no avail. 

 

This is occuring in CM 5.15.1. 

 

Is this expected behaviour from Alert Publisher?

 

Best regards,
Gil Pinheiro.