JIRA Throws 'unsupported or disabled protocol' Errors when Retrieving Mail
Symptoms
JIRA is unable to retrieve mail messages from a particular mail server. Errors like the following are displayed in the atlassian-jira.log
file:
2011-03-18 12:06:19,064 JiraQuartzScheduler_Worker-0 ERROR ServiceRunner Create Issue/Comment Service for <****> [service.services.mail.MailFetcherService] Create Issue/Comment Service for <****>[10040]: Error connecting to host '****' as user '****' via protocol 'pop3s': javax.mail.MessagingException: Connect failed;
nested exception is:
javax.net.ssl.SSLHandshakeException: Server chose unsupported or disabled protocol: SSLv3
javax.mail.MessagingException: Connect failed;
nested exception is:
javax.net.ssl.SSLHandshakeException: Server chose unsupported or disabled protocol: SSLv3
at com.sun.mail.pop3.POP3Store.protocolConnect(POP3Store.java:161)
at javax.mail.Service.connect(Service.java:288)
at com.atlassian.jira.service.services.mail.MailFetcherService.run(MailFetcherService.java:149)
at com.atlassian.jira.service.JiraServiceContainerImpl.run(JiraServiceContainerImpl.java:67)
at com.atlassian.jira.service.ServiceRunner.execute(ServiceRunner.java:48)
at org.quartz.core.JobRunShell.run(JobRunShell.java:191)
at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:516)
Caused by: javax.net.ssl.SSLHandshakeException: Server chose unsupported or disabled protocol: SSLv3
Cause
The javax.mail library used by JIRA to retrieve mail messages from POP and IMAP servers does not support the SSLv3 protocol.
Resolution
The easiest way to resolve this is to enable SSLv3 by adding a startup option and restarting.
For pop3/s, you would add the following option:
-Dmail.pop3s.ssl.protocols=SSLv3
For imaps, you would add the following option:
-Dmail.imaps.ssl.protocols=SSLv3
Alternately, you can:
- configure your mail server to allow SSLv2 or TLS, both of which are supported.
- allow JIRA to use the non-SSL ports when checking mail.
- set up an stunnel connection to the mail server, and allowing JIRA to connect to the mail server via the tunnel.