21

Have a JDK7 app running on Tomcat and it does have the following env settings:

-Dhttps.protocols=TLSv1.1,TLSv1.2

The above setting ensures that we don't use TLS 1.0 when connecting over HTTPS while making API calls etc.

We also use the org.springframework.mail.javamail.JavaMailSenderImpl class to send outgoing SMTP email, and use these props:

 mail.smtp.auth=false;mail.smtp.socketFactory.port=2525;mail.smtp.socketFactory.fallback=true;mail.smtp.starttls.enable=true

The problem is that the connection to the SMTP email server is failing when it's upgraded to TLS1.2.

javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake

Is there a settings or code change that will force the TLS1.2 protocol?

I did some searching and it looks like these env settings are only for applet and web clients, not for server side apps

-Ddeployment.security.SSLv2Hello=false -Ddeployment.security.SSLv3=false -Ddeployment.security.TLSv1=false
Sunny
  • 1,129
  • 4
  • 13
  • 25

4 Answers4

50

This is the fix for the next guy looking:

mail.smtp.starttls.enable=true;
mail.smtp.ssl.protocols=TLSv1.2;
Yuri
  • 4,254
  • 1
  • 29
  • 46
Sunny
  • 1,129
  • 4
  • 13
  • 25
  • 3
    And those config values are JavaMail props, right, like those others in code snippet no 2 in the question. (But they aren't `-D...` flags.) – KajMagnus May 30 '18 at 03:41
14

It didn't work for me in one pretty old app and I couldn't realize why. After some research I found that the javax.mail version in the app dependencies was 1.4. You must upgrade to at least 1.5.

Yuri
  • 4,254
  • 1
  • 29
  • 46
Vojtěch Zavřel
  • 141
  • 1
  • 4
10

I needed both Vojtech Zavrel and Sunny's answer in my case. I was running Java 1.8 Spring Boot 1.2.5 and running on Big Sur 11.2.3 and spring version 4.2.1.RELEASE.

After I updated my dependency like this

<dependency>
        <groupId>javax.mail</groupId>
        <artifactId>mail</artifactId>
        <version>1.5.0-b01</version>
</dependency>

and I updated my JavaMailSenderImpl with

Properties prop = new Properties();
prop.setProperty("mail.smtp.auth", "true");
prop.setProperty("mail.smtp.starttls.enable", "true");
prop.setProperty("mail.smtp.ssl.protocols", "TLSv1.2"); // Added this line
prop.setProperty("mail.smtp.ssl.trust", mailUri.getHost());
mailSender.setJavaMailProperties(prop);

I saw the Received fatal alert: protocol_version error resolve.

dfritch
  • 329
  • 1
  • 3
  • 13
  • 3
    In my case the error was random ("..javax.mail.AuthenticationFailedException: 421 4.7.66 TLS 1.0 and 1.1 are not supported. Please upgrade/update your client to support TLS 1.2." returned as an SMTP error by some Microsoft mail server) and didn't go away with `1.5.0-b01`; but upgrading to latest available (`com.sun.mail:javax-mail:1.6.2`) along with the session property, seemed to resolve the issue – Janaka Bandara Dec 10 '21 at 08:17
  • I also have to follow the same steps as @JanakaBandara to resolve the issue. I was using spring boot 2.0.2 and had to update it to 2.0.5 – kasunb Jan 25 '22 at 03:55
  • I also had to upgrade my javax.mail artifact - but I was able to go to 1.4.7 (the last non-beta version I could see on maven central) from 1.4. Doing that combined with setting the `mail.smtp.ssl.protocols` property worked for me. – Raj May 05 '22 at 16:03
2

An update to the most recent version (1.6.2.) of Java Mail also fixes the issue. In my case I upgraded from:

<dependency>
    <groupId>javax.mail</groupId>
    <artifactId>mail</artifactId>
    <version>1.5.0-b01</version>
</dependency>

to:

<dependency>
    <groupId>com.sun.mail</groupId>
    <artifactId>javax.mail</artifactId>
    <version>1.6.2</version>
</dependency>

This fixed the error

javax.mail.AuthenticationFailedException: 421 4.7.66 TLS 1.0 and 1.1 are not supported. Please upgrade/update your client to support TLS 1.2

I was getting from an Outlook SMTP-Server. No property changes needed.

yankee
  • 38,872
  • 15
  • 103
  • 162