Spring Mail error after starttls argument is passed in SMTP Server

Question

Need some help fixing an error for an application that connects to an SMTP Server (Lotus Notes Server). I have already tried several suggestions in SO but none of it worked. The application is able to connect to the SMTP server and do a handshake.
However it gives an error after starttls is initiated. Also comment out a line in java.security file as suggested on Oracle website since we are using Java 8 but its still not working.
Also have some small utility to check which SSL protocols are enabled and SSLv3, TLS, TLSv1, TLSv1.2 are all enabled. Can't understand why the server would want to use SSLv3 and then say could not convert socket to TLS. It doesn't make any sense.

Code Truncated

@Service
public class ManifestEmailService {

    private static final Logger logger = Logger.getLogger(ManifestEmailService.class);

    @Autowired
    private JavaMailSender mailSender;

    public void sendManifestMail(MailProperties prop, String recipient, String msgBody) {

        logger.info("Creating Email Body");

        logger.info("Sender mail: "+ prop.getSender()+ " Sender Subject: "+ prop.getMailSubject());

        SimpleMailMessage msg = new SimpleMailMessage();
        msg.setFrom(prop.getSender());
        msg.setTo(recipient);
        msg.setSubject("FHL");
        msg.setText(msgBody);

        try {
            logger.info("Sending mail message");
            mailSender.send(msg);
        } catch (MailException mEx) {
            logger.error("Problem sending email..." + mEx);
        }
    }
}

@Configuration
public ManifestoConfig {

    @Bean
    public JavaMailSender getJavaMailSender() {
        JavaMailSenderImpl mailSender = new JavaMailSenderImpl();
        FileProcessor io = new FileProcessor();

        Properties props = io.loadManifestoProperties(manifestoPropPath);

        logger.info("Configure Mail Properties ... ");

        mailSender.setHost(props.getProperty("sender.mail.host"));
        mailSender.setPort(Integer.valueOf(props.getProperty("sender.mail.port")));
        mailSender.setUsername(props.getProperty("sender.mail.username"));
        mailSender.setPassword(props.getProperty("sender.mail.password"));

        mailSender.setJavaMailProperties(io.loadManifestoProperties(manifestoPropPath));

        return mailSender;
    }
}

Properties File

sender.mail.username=rubbishemail1@lt.com
sender.mail.password=rubbishpassword1
sender.mail.subject=FHL
sender.mail.host=smtp.lotus.server.com
sender.mail.port=25

mail.transport.protocol=smtp
mail.smtp.auth=true
mail.smtp.starttls.enable=true
mail.smtp.timeout=5000
mail.smtp.ssl.enable=false
mail.debug=true

ERROR LOG

2017-05-18 11:53:27.206  INFO 4804 --- [nio-8080-exec-6] org.fhl.service.Manifes
tEmailService     : Sending mail message
DEBUG: getProvider() returning javax.mail.Provider[TRANSPORT,smtp,com.sun.mail.s
mtp.SMTPTransport,Oracle]
DEBUG SMTP: useEhlo true, useAuth true
DEBUG SMTP: trying to connect to host "smtp.lotus.server.com", port 25, isSSL fals
e
220 lotus.mail.server ESMTP Service (Lotus Domino Release 8.5.3FP6) read
y at Thu, 18 May 2017 08:53:27 +0100
DEBUG SMTP: connected to host "smtp.lotus.server.com", port: 25

EHLO client_user
250-lotus.mail.server Hello client_user ([10.210.136.6]), pleased
 to meet you
250-TLS
250-HELP
250-STARTTLS
250-DSN
250-SIZE 52428800
250 PIPELINING
DEBUG SMTP: Found extension "TLS", arg ""
DEBUG SMTP: Found extension "HELP", arg ""
DEBUG SMTP: Found extension "STARTTLS", arg ""
DEBUG SMTP: Found extension "DSN", arg ""
DEBUG SMTP: Found extension "SIZE", arg "52428800"
DEBUG SMTP: Found extension "PIPELINING", arg ""
STARTTLS
220 Ready to start TLS
2017-05-18 11:53:28.236 ERROR 4804 --- [nio-8080-exec-6] org.fhl.service.Manifes
tEmailService     : Problem sending email...org.springframework.mail.MailSendExc
eption: Mail server connection failed; nested exception is javax.mail.MessagingE
xception: Could not convert socket to TLS;
  nested exception is:
        javax.net.ssl.SSLHandshakeException: Server chose SSLv3, but that protoc
ol version is not enabled or not supported by the client.. Failed messages: java
x.mail.MessagingException: Could not convert socket to TLS;
  nested exception is:
        javax.net.ssl.SSLHandshakeException: Server chose SSLv3, but that protoc
ol version is not enabled or not supported by the client.; message exceptions (1
) are:
Failed message 1: javax.mail.MessagingException: Could not convert socket to TLS
;
  nested exception is:
        javax.net.ssl.SSLHandshakeException: Server chose SSLv3, but that protoc
ol version is not enabled or not supported by the client.

SSL Logs

[DEBUG] 2017-06-07 11:27:34.171 [JavaFX Application Thread] ManifestEmailService 
 - Load Mail Properties in into Javamail Session 
DEBUG: getProvider() returning javax.mail.Provider[TRANSPORT,smtp,com.sun.mail.s 
mtp.SMTPTransport,Sun Microsystems, Inc] 
DEBUG SMTP: useEhlo true, useAuth true 
DEBUG SMTP: useEhlo true, useAuth true 
DEBUG SMTP: trying to connect to host "164.39.7.92", port 25, isSSL false 
220 lotus.mail.server ESMTP Service (Lotus Domino Release 8.5.3FP6) read 
y at Wed, 7 Jun 2017 08:27:34 +0100 
DEBUG SMTP: connected to host "smtp.lotus.server.com", port: 25 

EHLO CHOL162 
250-lotus.mail.server Hello CHOL162 ([10.210.136.21]), pleased to meet y 
ou 
250-TLS 
250-HELP 
250-STARTTLS 
250-DSN 
250-SIZE 52428800 
250 PIPELINING 
DEBUG SMTP: Found extension "TLS", arg "" 
DEBUG SMTP: Found extension "HELP", arg "" 
DEBUG SMTP: Found extension "STARTTLS", arg "" 
DEBUG SMTP: Found extension "DSN", arg "" 
DEBUG SMTP: Found extension "SIZE", arg "52428800" 
DEBUG SMTP: Found extension "PIPELINING", arg "" 
STARTTLS 
220 Ready to start TLS 
Allow unsafe renegotiation: false 
Allow legacy hello messages: true 
Is initial handshake: true 
Is secure renegotiation: false 
EHLO CHOL162 
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for T 
LSv1 
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for TLS 
v1 
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for TLSv1 
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for TL 
Sv1 
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for TLSv 
1 
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1 

Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for TLSv1 

Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_GCM_SHA256 
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 
%% No cached client session 
*** ClientHello, TLSv1 
RandomCookie:  GMT: 1496754662 bytes = { 245, 148, 158, 245, 226, 89, 218, 187, 
38, 214, 67, 188, 66, 204, 91, 194, 210, 37, 14, 168, 255, 103, 89, 232, 246, 99 
, 61, 8 } 
Session ID:  {} 
Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128 
_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS 
_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WI 
TH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_3D 
ES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_ 
SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_ 
DHE_DSS_WITH_3DES_EDE_CBC_SHA, TLS_EMPTY_RENEGOTIATION_INFO_SCSV] 
Compression Methods:  { 0 } 
Extension elliptic_curves, curve names: {secp256r1, secp384r1, secp521r1, sect28 
3k1, sect283r1, sect409k1, sect409r1, sect571k1, sect571r1, secp256k1} 
Extension ec_point_formats, formats: [uncompressed] 
Extension server_name, server_name: [type=host_name (0), value=gbahelbv3.gb.tntp 
ost.com] 
*** 
JavaFX Application Thread, WRITE: TLSv1 Handshake, length = 140 
JavaFX Application Thread, READ: SSLv3 Handshake, length = 58 
*** ServerHello, SSLv3 
RandomCookie:  GMT: 1499415798 bytes = { 174, 160, 140, 96, 215, 83, 21, 198, 21 
4, 57, 208, 183, 191, 65, 44, 179, 197, 159, 101, 44, 176, 53, 215, 81, 122, 49, 
 174, 189 } 
Session ID:  {193, 186, 187, 85, 52, 17, 137, 84, 154, 122, 240, 123, 100, 244, 
27, 22} 
Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA 
Compression Method: 0 
*** 
JavaFX Application Thread, handling exception: javax.net.ssl.SSLHandshakeExcepti 
on: Server chose SSLv3, but that protocol version is not enabled or not supporte 
d by the client. 
JavaFX Application Thread, SEND TLSv1.2 ALERT:  fatal, description = handshake_f 
ailure 
JavaFX Application Thread, WRITE: TLSv1.2 Alert, length = 2 
JavaFX Application Thread, called closeSocket() 
[ERROR] 2017-06-07 11:27:34.911 [JavaFX Application Thread] ManifestEmailService 
 - Mail Message crap!!!javax.mail.MessagingException: Can't send command to SMTP 
 host; 
  nested exception is: 
        javax.net.ssl.SSLHandshakeException: Server chose SSLv3, but that protoc 
ol version is not enabled or not supported by the client. 

Answer 1

javax.net.ssl.SSLHandshakeException: Server chose SSLv3

This means that you connected to a server which is using an obsolete and insecure protocol version of SSL/TLS, namely SSL 3.0. This protocol is disabled in Java 8 by default for security reasons.

The best way is to fix the broken server so that it supports newer versions of SSL/TLS. Apart from that a server supporting only SSL 3.0 is probably not only insecure regarding SSL/TLS but also has several other security problems. If upgrading the server is no option see How to enable SSL 3 in Java how to work around this broken server by allowing the insecure SSL 3.0 protocol.