stackoom
  简体   繁体   中英

How to force JavaMailSenderImpl to use TLS1.2?

 原文  2017-11-07 19:58:07       java/ email/ smtp/ tls1.2

Question

Have a JDK7 app running on Tomcat and it does have the following env settings:

-Dhttps.protocols=TLSv1.1,TLSv1.2

The above setting ensures that we don't use TLS 1.0 when connecting over HTTPS while making API calls etc.

We also use the org.springframework.mail.javamail. JavaMailSenderImpl class to send outgoing SMTP email, and use these props: 

 mail.smtp.auth=false;mail.smtp.socketFactory.port=2525;mail.smtp.socketFactory.fallback=true;mail.smtp.starttls.enable=true

The problem is that the connection to the SMTP email server is failing when it's upgraded to TLS1.2.

javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake

Is there a settings or code change that will force the TLS1.2 protocol?

I did some searching and it looks like these env settings are only for applet and web clients, not for server side apps

-Ddeployment.security.SSLv2Hello=false -Ddeployment.security.SSLv3=false -Ddeployment.security.TLSv1=false

4 answers

solution1
 29 ACCPTED  2017-12-08 18:42:55

This is the fix for the next guy looking:

mail.smtp.starttls.enable=true;
mail.smtp.ssl.protocols=TLSv1.2;

solution2
 6  2020-04-17 07:42:06

It didn't work for me in one pretty old app and I couldn't realize why. After some research I found that the javax.mail version in the app dependencies was 1.4. You must upgrade to at least 1.5.

solution3
 2  2022-03-30 11:05:11

An update to the most recent version (1.6.2.) of Java Mail also fixes the issue. In my case I upgraded from:

<dependency>
    <groupId>javax.mail</groupId>
    <artifactId>mail</artifactId>
    <version>1.5.0-b01</version>
</dependency>

to:

<dependency>
    <groupId>com.sun.mail</groupId>
    <artifactId>javax.mail</artifactId>
    <version>1.6.2</version>
</dependency>

This fixed the error

javax.mail.AuthenticationFailedException: 421 4.7.66 TLS 1.0 and 1.1 are not supported. Please upgrade/update your client to support TLS 1.2

I was getting from an Outlook SMTP-Server. No property changes needed.

solution4
 1  2021-07-06 18:46:41

I needed both Vojtech Zavrel and Sunny's answer in my case. I was running Java 1.8 Spring Boot 1.2.5 and running on Big Sur 11.2.3 and spring version 4.2.1.RELEASE.

After I updated my dependency like this

<dependency>
        <groupId>javax.mail</groupId>
        <artifactId>mail</artifactId>
        <version>1.5.0-b01</version>
</dependency>

and I updated my JavaMailSenderImpl with

Properties prop = new Properties();
prop.setProperty("mail.smtp.auth", "true");
prop.setProperty("mail.smtp.starttls.enable", "true");
prop.setProperty("mail.smtp.ssl.protocols", "TLSv1.2"); // Added this line
prop.setProperty("mail.smtp.ssl.trust", mailUri.getHost());
mailSender.setJavaMailProperties(prop);

I saw the Received fatal alert: protocol_version error resolve.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How to force TLS1.2 with SSLPoke How to set TLS1.2 version in Java TLS1.2 support with Java 6 How to upgrade http protocol TLS1.2 in groovy application How to establish a connection with TLS1.2 protected oracle server? How to enforce TLS1.2 to Rest client using Rest Template How to force Commons HTTPClient 3.1 to use TLS 1.2 only for HTTPS? Spring Boot + Jetty + TLS1.2 (HTTPS) Create ActiveMQ Connection on TLS1.2 BPM 8.0 support TLS1.2?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM