How to change the security type from SSL to TLS in Jenkins?

I am trying to setup the smtp email notification. I could see that the gmail part works fine. I want to configure it for my office 365.

Smtp server = smtp.office365.com

  • Unknown option git config --local reported by Jenkins
  • What password encryption Jenkins is using?
  • Show console output of a downstream job in upstream job
  • Being clever when copying artifacts with Jenkins and multi-configurations
  • How to get the list of credentialsId of Jenkins by rest api
  • Jenkins continually builds on Windows slave even with no repository changes
  • We don’t have SSL configured. Instead we use TLS. How can I set the TLS in the Jenkins?
    There is only a check button which suggests to use SSL or not. If I disable it what is it going to use?

    I get the following errors –

    Failed to send out e-mail
    
    javax.mail.MessagingException: Could not connect to SMTP host: smtp.office365.com, port: 587;
      nested exception is:
        javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection?
        at com.sun.mail.smtp.SMTPTransport.openServer(SMTPTransport.java:1934)
        at com.sun.mail.smtp.SMTPTransport.protocolConnect(SMTPTransport.java:638)
        at javax.mail.Service.connect(Service.java:317)
        at javax.mail.Service.connect(Service.java:176)
        at javax.mail.Service.connect(Service.java:125)
        at javax.mail.Transport.send0(Transport.java:194)
        at javax.mail.Transport.send(Transport.java:124)
        at hudson.tasks.Mailer$DescriptorImpl.doSendTestMail(Mailer.java:499)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:616)
        at org.kohsuke.stapler.Function$InstanceFunction.invoke(Function.java:298)
        at org.kohsuke.stapler.Function.bindAndInvoke(Function.java:161)
        at org.kohsuke.stapler.Function.bindAndInvokeAndServeResponse(Function.java:96)
        at org.kohsuke.stapler.MetaClass$1.doDispatch(MetaClass.java:120)
        at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:53)
        at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:728)
        at org.kohsuke.stapler.Stapler.invoke(Stapler.java:858)
        at org.kohsuke.stapler.MetaClass$6.doDispatch(MetaClass.java:248)
        at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:53)
        at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:728)
        at org.kohsuke.stapler.Stapler.invoke(Stapler.java:858)
        at org.kohsuke.stapler.Stapler.invoke(Stapler.java:631)
        at org.kohsuke.stapler.Stapler.service(Stapler.java:225)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:848)
        at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:686)
        at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1494)
        at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:96)
        at hudson.util.PluginServletFilter.doFilter(PluginServletFilter.java:88)
        at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1482)
        at hudson.security.csrf.CrumbFilter.doFilter(CrumbFilter.java:48)
        at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1482)
        at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:84)
        at hudson.security.ChainedServletFilter.doFilter(ChainedServletFilter.java:76)
        at hudson.security.HudsonFilter.doFilter(HudsonFilter.java:164)
        at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1482)
        at org.kohsuke.stapler.compression.CompressionFilter.doFilter(CompressionFilter.java:46)
        at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1482)
        at hudson.util.CharacterEncodingFilter.doFilter(CharacterEncodingFilter.java:81)
        at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1474)
        at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:499)
        at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:137)
        at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:533)
        at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:231)
        at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1086)
        at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:428)
        at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:193)
        at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1020)
        at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:135)
        at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:116)
        at org.eclipse.jetty.server.Server.handle(Server.java:370)
        at org.eclipse.jetty.server.AbstractHttpConnection.handleRequest(AbstractHttpConnection.java:489)
        at org.eclipse.jetty.server.AbstractHttpConnection.content(AbstractHttpConnection.java:960)
        at org.eclipse.jetty.server.AbstractHttpConnection$RequestHandler.content(AbstractHttpConnection.java:1021)
        at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:865)
        at org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:240)
        at org.eclipse.jetty.server.AsyncHttpConnection.handle(AsyncHttpConnection.java:82)
        at org.eclipse.jetty.io.nio.SelectChannelEndPoint.handle(SelectChannelEndPoint.java:668)
        at org.eclipse.jetty.io.nio.SelectChannelEndPoint$1.run(SelectChannelEndPoint.java:52)
        at winstone.BoundedExecutorService$1.run(BoundedExecutorService.java:77)
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1146)
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
        at java.lang.Thread.run(Thread.java:679)
    Caused by: javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection?
        at sun.security.ssl.InputRecord.handleUnknownRecord(InputRecord.java:542)
        at sun.security.ssl.InputRecord.read(InputRecord.java:374)
        at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:850)
        at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1190)
        at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1217)
        at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1201)
        at com.sun.mail.util.SocketFetcher.configureSSLSocket(SocketFetcher.java:507)
        at com.sun.mail.util.SocketFetcher.getSocket(SocketFetcher.java:238)
        at com.sun.mail.smtp.SMTPTransport.openServer(SMTPTransport.java:1900)
        ... 63 more
    

  • Configure a Jenkins job to select an application and trunk/tags/branches from SVN
  • Jenkins CLI: using Anonymous permissions instead of the user defined ones
  • Protractor + xvfb + selenium test Hangs on Jenkins
  • Jenkins Failed to connect to gerrit repository (Windows installation)
  • Jenkins artifact plugin does not archive empty directories
  • github api to compare commits, response status is diverged
  • 7 Solutions collect form web for “How to change the security type from SSL to TLS in Jenkins?”

    For Jenkins on Windows, open jenkins.xml and modify the arguments node

    -Xrs -Xmx256m -Dhudson.lifecycle=hudson.lifecycle.WindowsServiceLifecycle -Dmail.smtp.starttls.enable=true -jar “%BASE%\jenkins.war” –httpPort=8080

    Office 365 indeed requires authenticated SMTP with TLS. The SSL option in the Jenkins configuration does not help, leave it unchecked. Instead add the following system property to the Jenkins VM:

    -Dmail.smtp.starttls.enable=true
    

    For the standalone Jenkins put it in jenkins.xml from the installation folder and for Tomcat update the startup script or use tray icon on Windows.

    Then restart jenkins and you’re good to go.

    Here is what worked for me running Jenkins on CentOS. Edit /etc/sysconfig/jenkins and add the option -Dmail.smtp.starttls.enable=true to JENKINS_JAVA_OPTIONS,

    If there’s some other variable already, append -Dmail.smtp.starttls.enable=true to it, so it should be similar to the below:

    JENKINS_JAVA_OPTIONS="-Djava.awt.headless=true -Dmail.smtp.starttls.enable=true"
    

    restart Jenkins with service jenkins restart and you should be good to go

    I run Jenkins under Ubuntu Server 14.04 and I had to adapt the previous answer which addresses CentOS distribution.

    First of all, under most Linux distribution, the configuration file for Jenkins is located at /etc/default/jenkins (see this link). I use Jenkins 2.7 and I append -Dmail.smtp.starttls.enable=true to the existant setting variable JAVA_ARGS. Finally, I ended with this:

    JAVA_ARGS="-Djava.awt.headless=true -Dmail.smtp.starttls.enable=true"
    

    Thanks for the answers, I got it fixed. First of all, the JAVA supports by default only SSL. So, Jenkins Java options need to be set to enable TLS. Afterwards, start the Jenkins service. The problem of this permission issue occurs when you don’t give the System Admin e-mail address under the Jenkins location column. This doesn’t happen for gmail smtp. I guess office 365 has a high security. So, it allows only the registered user to send the emails.

    For me adding “-Dmail.smtp.starttls.enable=true” to java options didn’t work out of the box – Jenkins was trying to connect to the SMTP, but in the the logs at /var/log/maillog (CentOS 7.2) I’ve seen that the connection is established and then after some time (presumably after time out) postfix has reported “lost connection after CONNECT from {host_name}”. I have also connection through TLS. After some research I’ve decided to try different port – 587 – instead of default 465 and voila! – finally the test email was sent.

    SSL and TLS are, effectively, the same.

    Git Baby is a git and github fan, let's start git clone.