Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How to force JavaMailSenderImpl to use TLS1.2?

Have a JDK7 app running on Tomcat and it does have the following env settings:

-Dhttps.protocols=TLSv1.1,TLSv1.2 

The above setting ensures that we don't use TLS 1.0 when connecting over HTTPS while making API calls etc.

We also use the org.springframework.mail.javamail.JavaMailSenderImpl class to send outgoing SMTP email, and use these props:

 mail.smtp.auth=false;mail.smtp.socketFactory.port=2525;mail.smtp.socketFactory.fallback=true;mail.smtp.starttls.enable=true

The problem is that the connection to the SMTP email server is failing when it's upgraded to TLS1.2.

javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake

Is there a settings or code change that will force the TLS1.2 protocol?

I did some searching and it looks like these env settings are only for applet and web clients, not for server side apps

-Ddeployment.security.SSLv2Hello=false -Ddeployment.security.SSLv3=false -Ddeployment.security.TLSv1=false
like image 503
Sunny Avatar asked Nov 07 '17 19:11

Sunny


4 Answers

This is the fix for the next guy looking:

mail.smtp.starttls.enable=true;
mail.smtp.ssl.protocols=TLSv1.2;
like image 101
Sunny Avatar answered Nov 02 '22 20:11

Sunny


It didn't work for me in one pretty old app and I couldn't realize why. After some research I found that the javax.mail version in the app dependencies was 1.4. You must upgrade to at least 1.5.

like image 44
Vojtěch Zavřel Avatar answered Nov 02 '22 21:11

Vojtěch Zavřel


I needed both Vojtech Zavrel and Sunny's answer in my case. I was running Java 1.8 Spring Boot 1.2.5 and running on Big Sur 11.2.3 and spring version 4.2.1.RELEASE.

After I updated my dependency like this

<dependency>
        <groupId>javax.mail</groupId>
        <artifactId>mail</artifactId>
        <version>1.5.0-b01</version>
</dependency>

and I updated my JavaMailSenderImpl with

Properties prop = new Properties();
prop.setProperty("mail.smtp.auth", "true");
prop.setProperty("mail.smtp.starttls.enable", "true");
prop.setProperty("mail.smtp.ssl.protocols", "TLSv1.2"); // Added this line
prop.setProperty("mail.smtp.ssl.trust", mailUri.getHost());
mailSender.setJavaMailProperties(prop);

I saw the Received fatal alert: protocol_version error resolve.

like image 10
dfritch Avatar answered Nov 02 '22 19:11

dfritch


An update to the most recent version (1.6.2.) of Java Mail also fixes the issue. In my case I upgraded from:

<dependency>
    <groupId>javax.mail</groupId>
    <artifactId>mail</artifactId>
    <version>1.5.0-b01</version>
</dependency>

to:

<dependency>
    <groupId>com.sun.mail</groupId>
    <artifactId>javax.mail</artifactId>
    <version>1.6.2</version>
</dependency>

This fixed the error

javax.mail.AuthenticationFailedException: 421 4.7.66 TLS 1.0 and 1.1 are not supported. Please upgrade/update your client to support TLS 1.2

I was getting from an Outlook SMTP-Server. No property changes needed.

like image 1
yankee Avatar answered Nov 02 '22 19:11

yankee