Ravuri Sushma sree created AMBARI-25829:
-------------------------------------------
Summary: Ambari e-mail notifications won't go through - "Unable to
dispatch notification via Email"
Key: AMBARI-25829
URL: https://issues.apache.org/jira/browse/AMBARI-25829
Project: Ambari
Issue Type: Bug
Reporter: Ravuri Sushma sree
With recent versions of Java, On enabling Ambari e-mail notifications
Alerts won't go through due to incompatibilty of TLS versions between the Java
and Ambari Server.
In Ambari Server logs we can see logs in Exception Trace :
Could not convert socket to TLS javax.mail.MessagingException: Could not
convert socket to TLS
"Unable to dispatch notification via Email"
Ambari Server uses older TLS Versions i.e TLSv1 and TLSv1.1 to send e-mail
notifications of Alerts. Beginning from April 2021 releases of OpenJDK TLS 1.0
and TLS 1.1 disabled by default because of which Ambari Server fails to
dispatch the e-mail to the customers
We can confirm if our cluster's JDK has disabled TLSv1 and TLSv1.1 by default
from the below mentioned steps.
echo $JAVA_HOME
Open the java.security file
$JAVA_HOME/jre/lib/security/java.security
Check for the configuration which says "jdk.tls.disabledAlgorithms" if it looks
something like below, TLS versions v1 and v1.1 are disabled by default :
jdk.tls.disabledAlgorithms=SSLv3,TLSv1, TLSv1.1, RC4, DES, MD5withRSA
Mitigation
This issue can be mitigated by adding a property in Amabari UI's Message
Notifications settings
Steps to add the property :
Alerts
ManageNotifications
Edit (Edit Notification)
Click on Add Property to add a new property as "mail.smtp.ssl.protocols" and
value would be "TLSv1.2"
But this needs to be fixed at the code level
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
