Closed adkinsn closed 8 months ago
Thanks for the issue @adkinsn . Posted this reply in slack. We can also continue conversation here.
I am assuming you are running clowder using docker compose?
If so, can you try the following. In the docker-compose.yml add the following command session. Replace smtp.ncsa.illinois.edu with the AWS mail server. Restart stack with docker compose down and docker compose up. Please let us know if that works. Thank you.
clowder:
image: clowder/clowder:${CLOWDER_VERSION:-latest}
command:
- /home/clowder/clowder.sh
- -Dmail.smtps.ssl.protocols=TLSv1.2
- -Dmail.smtps.ssl.trust=smtp.ncsa.illinois.edu
@adkinsn we have built a new docker image that upgrades the versions of java. Can you try deploying clowder/clowder:PR-434
and see if it works? Can you try both with and without the command flags? So:
clowder:
image: clowder/clowder:PR-434
command:
- /home/clowder/clowder.sh
- -Dmail.smtps.ssl.protocols=TLSv1.2
- -Dmail.smtps.ssl.trust=smtp.ncsa.illinois.edu
and no command:
clowder:
image: clowder/clowder:PR-434
Please make sure to do docker compose down
and docker compose up
. Not docker compose stop
.
Let us know how it goes. Thank you.
We were able to resolve this issue by just adding the TLSv1.2 to the current 1.22.0 version. Upgrading the Java version was not required. That being said we might want to do that in a future release anyways. Current working docker file running on AWS looks like this:
clowder:
image: clowder/clowder:${CLOWDER_VERSION:-latest}
command:
- /home/clowder/clowder.sh
- -Dmail.smtp.ssl.protocols=TLSv1.2
AWS now requires TLS 1.2 and higher. Please see below. We need to update the Clowder code to use TLS 1.2 in the email code. Here is the error from the log. We are using Amazon SES to send emails. This is definitely a big blocker for us because users can't sign up to use our Clowder instance.
Caused by: com.sun.mail.smtp.SMTPSendFailedException: 554 Access denied: Amazon SES no longer supports TLS 1.0 and TLS 1.1 connections. You must update your client to use TLS version 1.2 or above. To learn more and to update your client, see https://go.aws/3AUlVSb. For further assistance, contact AWS support