Java app fails sending email from command line, ok from Eclipse

Question

I have a Java application using the Spring JavaMailSenderImpl. When I run it under Eclipse it sends mail fine, but when run it from the Windows command line I get:

Exception in thread "main" org.springframework.mail.MailSendException: Mail server connection failed; nested exception is javax.mail.MessagingException: Could not convert socket to TLS;
  nested exception is:
        java.net.SocketException: Connection reset. Failed messages: javax.mail.MessagingException: Could not convert socket to TLS;
  nested exception is:
        java.net.SocketException: Connection reset; message exception details (1) are:
Failed message 1:
javax.mail.MessagingException: Could not convert socket to TLS;
  nested exception is:
        java.net.SocketException: Connection reset
        at com.sun.mail.smtp.SMTPTransport.startTLS(SMTPTransport.java:1907)

The mail sender bean is defined as:

    <bean id="mailSender" class="org.springframework.mail.javamail.JavaMailSenderImpl">
        <property name="host" value="xxx" />
        <property name="username" value="xxx" />
        <property name="password" value="xxx" />
        <property name="javaMailProperties">
            <props>
                <prop key="mail.smtp.auth">true</prop>
                <prop key="mail.debug">true</prop>
                <prop key="mail.smtp.port">587</prop>
                <prop key="mail.smtp.starttls.enable">true</prop>
                <prop key="mail.smtp.ssl.trust">xxx</prop>
            </props>
        </property>
    </bean>

When I run the failing application with -Djavax.net.debug=all I get:

*** ClientHello, TLSv1
RandomCookie:  GMT: 1444872267 bytes = { 11, 176, 76, 50, 109, 72, 37, 170, 87, 187, 17, 29, 131, 177, 0, 222, 129, 223, 21, 127, 165, 248, 122, 127, 39, 133, 190, 14 }
Session ID:  {}
Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, T
LS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
Compression Methods:  { 0 }
Extension elliptic_curves, curve names: {secp256r1, sect163k1, sect163r2, secp192r1, secp224r1, sect233k1, sect233r1, sect283k1, sect283r1, secp384r1, sect409k1, sect409r1, secp521r1, sect571k1, sect571r1, secp160k1, secp160r1, secp160r2, sect163r1, secp192k1, sect193r1, sect193r2, secp224k1, sect23
9k1, secp256k1}
Extension ec_point_formats, formats: [uncompressed]
Extension server_name, server_name: [type=host_name (0), value=    <cut>]
***
[write] MD5 and SHA1 hashes:  len = 171
0000: 01 00 00 A7 03 01 56 1F   00 4B 0B B0 4C 32 6D 48  ......V..K..L2mH
0010: 25 AA 57 BB 11 1D 83 B1   00 DE 81 DF 15 7F A5 F8  %.W.............
0020: 7A 7F 27 85 BE 0E 00 00   1E C0 09 C0 13 00 2F C0  z.'.........../.
0030: 04 C0 0E 00 33 00 32 C0   08 C0 12 00 0A C0 03 C0  ....3.2.........
0040: 0D 00 16 00 13 00 FF 01   00 00 60 00 0A 00 34 00  ..........`...4.
0050: 32 00 17 00 01 00 03 00   13 00 15 00 06 00 07 00  2...............
0060: 09 00 0A 00 18 00 0B 00   0C 00 19 00 0D 00 0E 00  ................
0070: 0F 00 10 00 11 00 02 00   12 00 04 00 05 00 14 00  ................
0080: 08 00 16 00 0B 00 02 01   00 00 00 00 1E 00 1C 00  ................
<cut>
main, WRITE: TLSv1 Handshake, length = 171
[Raw write]: length = 176
0000: 16 03 01 00 AB 01 00 00   A7 03 01 56 1F 00 4B 0B  ...........V..K.
0010: B0 4C 32 6D 48 25 AA 57   BB 11 1D 83 B1 00 DE 81  .L2mH%.W........
0020: DF 15 7F A5 F8 7A 7F 27   85 BE 0E 00 00 1E C0 09  .....z.'........
0030: C0 13 00 2F C0 04 C0 0E   00 33 00 32 C0 08 C0 12  .../.....3.2....
0040: 00 0A C0 03 C0 0D 00 16   00 13 00 FF 01 00 00 60  ...............`
0050: 00 0A 00 34 00 32 00 17   00 01 00 03 00 13 00 15  ...4.2..........
0060: 00 06 00 07 00 09 00 0A   00 18 00 0B 00 0C 00 19  ................
0070: 00 0D 00 0E 00 0F 00 10   00 11 00 02 00 12 00 04  ................
0080: 00 05 00 14 00 08 00 16   00 0B 00 02 01 00 00 00  ................
<cut>
main, handling exception: java.net.SocketException: Connection reset
main, SEND TLSv1.2 ALERT:  fatal, description = unexpected_message
main, WRITE: TLSv1.2 Alert, length = 2
main, Exception sending alert: java.net.SocketException: Connection reset by peer: socket write error
main, called closeSocket()
Exception in thread "main" org.springframework.mail.MailSendException: Mail server connection failed; nested exception is javax.mail.MessagingException: Could not convert socket to TLS;
  nested exception is:
        java.net.SocketException: Connection reset. Failed messages: javax.mail.MessagingException: Could not convert socket to TLS;
  nested exception is:
        java.net.SocketException: Connection reset; message exception details (1) are:
Failed message 1:
javax.mail.MessagingException: Could not convert socket to TLS;
  nested exception is:
        java.net.SocketException: Connection reset
        at com.sun.mail.smtp.SMTPTransport.startTLS(SMTPTransport.java:1907)
        at com.sun.mail.smtp.SMTPTransport.protocolConnect(SMTPTransport.java:666)

Given the lack of response to the Client_Hello I had assumed the output message was being blocked, but I've tried temporarily disabling the Windows Firewall and the Avast antivirus without change. (Not totally surprised as a python app can send mail using the same server without problems.)

A Wireshark trace seems (I'm not a protocol expert...) to show a reject message from the host:

Looking at the Client_Hellos I see a much smaller list of Cipher Suites in the Failing one:

than the successful one:

Could this be a reason the Client_Hello is rejected?

What might cause the application to behave differently when run from the command line?

Eclipse has JDK1.8.0_20 installed; java - version responds: build 1.8.0_60-b27 I tried installing "(JCE) Unlimited Strength Jurisdiction Policy Files" as recommended [here](http://stackoverflow.com/questions/30758303/problems-connecting-via-https-ssl-through-own-java-client) but it made no difference and I've now backed it out. — Ian, Oct 15 '15 at 04:15
Perhaps Eclipse is overriding some part of the SSL configuration? When you added the policy file, did the client advertise all the cipher suites you see under Eclipse? Are you connecting to some old server that might be sensitive to which cipher suites are available? Eclipse seems to be advertising the old and vulnerable cipher suites. There might be a java command line option to do that as well. — Bill Shannon, Oct 15 '15 at 06:54
With those policy files installed I get a different set of cipher suites again, NOT including all those advertised under eclipse [see here](http://i58.tinypic.com/2nrd8xd.jpg). I'm connecting to a mail server on a shared server run by cirtex.com: I really have no idea how up-to-date it is. I see that on the Server Hello on a sucessful test the cipher suite chosen is: TLS_RSA_WITH_RC4_128_SHA (0x0005). — Ian, Oct 15 '15 at 13:39
@BillShannon: I think you may have identified the problem. It seems like the java.security file in JRE 1.8.0_60 has a jdk.tls.disabledAlgorithms which includes RC4, whereas that in JDK 1.8.0_20 does not. However I've so far been unsuccessful in overriding that to prove it. — Ian, Oct 15 '15 at 14:54
This is what I've done: I'm invoking my program with "-Djava.security.properties=my.java.security". The file my.java.security contains the single line "jdk.tls.disabledAlgorithms=SSLv3". Iiuc this still doesn't make the cipher available so, to the JavaMailProperties, I've added TLS_RSA_WITH_RC4_128_SHA. This gets me a runtime exception: Unsupported ciphersuite TLS_RSA_WITH_RC4_128_SHA. — Ian, Oct 15 '15 at 15:58
The java.security.properties property might need an absolute path name. Also, try SSL_RSA_WITH_RC4_128_SHA for the JavaMail property. More info about supported cipher suites is [here](https://docs.oracle.com/javase/8/docs/technotes/guides/security/SunProviders.html). — Bill Shannon, Oct 16 '15 at 18:38

score 0 · Answer 1 · answered Oct 15 '15 at 02:44

0

It seems like you're confused over whether you're using port 587 or port 465. Try getting rid of all the socket factory settings and see if that helps.

answered Oct 15 '15 at 02:44

Bill Shannon

29,579
6
38
40

The socket factory settings are actually commented out: I've deleted them from the source extract to make it less confusing. – Ian Oct 15 '15 at 03:03

score 0 · Answer 2 · answered Jan 19 '18 at 10:52

0

Did you check Eclipse and from commandline both use the same javax.mail version? I've had almost the same stacktrace as you with a 1.5.something version. It was fixed at least with 1.6.0. Give it a try!

answered Jan 19 '18 at 10:52

bastian

1,122
11
23

Java app fails sending email from command line, ok from Eclipse

2 Answers2