2

I am working on a script to control my lights and because I'm lazy the communication is via email (works decently fast I know because it used to run on python but I'm writing it in java for some separate reasons) know the issue is I keep getting a javax.net.ssl.SSLHandshakeException error and I tried this overflow page but even though I added the trusted certificate it doesn't work and I keep getting the same error the following is my code, the full error, and a picture showing I have the certificate added

import java.util.Properties;

import javax.mail.Folder;
import javax.mail.Message;
import javax.mail.MessagingException;
import javax.mail.NoSuchProviderException;
import javax.mail.Session;
import javax.mail.Store;

public class test {

    public static void check(String host, String storeType, String user,
                             String password)
    {
        try {

            //create properties field
            Properties properties = new Properties();

            properties.put("mail.pop3.host", host);
            properties.put("mail.pop3.port", "995");
            properties.put("mail.pop3.starttls.enable", "true");
            Session emailSession = Session.getDefaultInstance(properties);

            //create the POP3 store object and connect with the pop server
            Store store = emailSession.getStore("pop3s");

            store.connect(host, user, password);

            //create the folder object and open it
            Folder emailFolder = store.getFolder("INBOX");
            emailFolder.open(Folder.READ_ONLY);

            // retrieve the messages from the folder in an array and print it
            Message[] messages = emailFolder.getMessages();
            System.out.println("messages.length---" + messages.length);

            for (int i = 0, n = messages.length; i < n; i++) {
                Message message = messages[i];
                System.out.println("---------------------------------");
                System.out.println("Email Number " + (i + 1));
                System.out.println("Subject: " + message.getSubject());
                System.out.println("From: " + message.getFrom()[0]);
                System.out.println("Text: " + message.getContent().toString());

            }

            //close the store and folder objects
            emailFolder.close(false);
            store.close();

        } catch (NoSuchProviderException e) {
            e.printStackTrace();
        } catch (MessagingException e) {
            e.printStackTrace();
        } catch (Exception e) {
            e.printStackTrace();
        }
    }

    public static void main(String[] args) {

        String host = "pop.gmail.com";// change accordingly
        String mailStoreType = "pop3";
        String username = "EMAIL";// change accordingly
        String password = "PASSWORD";// change accordingly

        check(host, mailStoreType, username, password);
    
        }

}

Error

javax.mail.MessagingException: Connect failed;
  nested exception is:
    javax.net.ssl.SSLHandshakeException: No appropriate protocol (protocol is disabled or cipher suites are inappropriate)
    at com.sun.mail.pop3.POP3Store.protocolConnect(POP3Store.java:160)
    at javax.mail.Service.connect(Service.java:291)
    at javax.mail.Service.connect(Service.java:172)
    at test.check(test.java:28)
    at test.main(test.java:68)
Caused by: javax.net.ssl.SSLHandshakeException: No appropriate protocol (protocol is disabled or cipher suites are inappropriate)
    at java.base/sun.security.ssl.HandshakeContext.<init>(HandshakeContext.java:172)
    at java.base/sun.security.ssl.ClientHandshakeContext.<init>(ClientHandshakeContext.java:98)
    at java.base/sun.security.ssl.TransportContext.kickstart(TransportContext.java:238)
    at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:434)
    at java.base/sun.security.ssl.SSLSocketImpl.ensureNegotiated(SSLSocketImpl.java:904)
    at java.base/sun.security.ssl.SSLSocketImpl$AppInputStream.read(SSLSocketImpl.java:995)
    at java.base/java.io.BufferedInputStream.fill(BufferedInputStream.java:244)
    at java.base/java.io.BufferedInputStream.read(BufferedInputStream.java:263)
    at java.base/java.io.DataInputStream.readLine(DataInputStream.java:519)
    at com.sun.mail.pop3.Protocol.simpleCommand(Protocol.java:359)
    at com.sun.mail.pop3.Protocol.<init>(Protocol.java:101)
    at com.sun.mail.pop3.POP3Store.getPort(POP3Store.java:213)
    at com.sun.mail.pop3.POP3Store.protocolConnect(POP3Store.java:156)
    ... 4 more

Process finished with exit code 0

Proof i have the certificate added

Java.Security

java Security

This is the error when you delete TLS1 and leave TSL 1.1

Exception in thread "main" java.lang.NoClassDefFoundError: javax/activation/DataSource
    at com.sun.mail.pop3.POP3Folder.createMessage(POP3Folder.java:326)
    at com.sun.mail.pop3.POP3Folder.getMessage(POP3Folder.java:307)
    at javax.mail.Folder.getMessages(Folder.java:943)
    at test.check(test.java:35)
    at test.main(test.java:68)
Caused by: java.lang.ClassNotFoundException: javax.activation.DataSource
    at java.base/jdk.internal.loader.BuiltinClassLoader.loadClass(BuiltinClassLoader.java:636)
    at java.base/jdk.internal.loader.ClassLoaders$AppClassLoader.loadClass(ClassLoaders.java:182)
    at java.base/java.lang.ClassLoader.loadClass(ClassLoader.java:519)
    ... 5 more
Caminero
  • 265
  • 3
  • 19

2 Answers2

3

As per the logs, the issue at this stage is not related with not the missing certificate on the client side which required for the validation of server identity. In your case, the problem with either protocol or mismatch of ciper suite required in the process of SSL handshake.

No appropriate protocol (protocol is disabled or cipher suites are inappropriate)

As I can see you're using the latest version of java in which the support for older version of TLS protocol such as TLSv1 and TLSv1.1 has been disabled by default, so you can enable them by removing the diabled one from jdk.tls.disabledAlgorithms security property in the java.security configuration file.

jdk.tls.disabledAlgorithms=SSLv3, TLSv1, TLSv1.1, RC4, DES, MD5withRSA,
DH keySize < 1024, EC keySize < 224, 3DES_EDE_CBC, anon, NULL

For older version of Java one can find the security file in JAVA_HOME/jre/lib/security/java.security

For specific to newer version and Java 16

JAVA_HOME/conf/security

b.s
  • 2,409
  • 2
  • 16
  • 26
  • can you link me where the `java.security` file is @harry – Caminero Jul 06 '21 at 03:42
  • i found the file but it still didnt work i will try selecting a different JDK version – Caminero Jul 06 '21 at 04:10
  • hey it still didnt work i will add in what the file looks like in the main overflow area thing please let me know if something is wrong – Caminero Jul 06 '21 at 04:17
  • it wouldnt let me add the file becuase it was to big but i sent a screen shot – Caminero Jul 06 '21 at 04:23
  • harry do you have discord (if that's allowed on stack overflow) – Caminero Jul 06 '21 at 04:23
  • Open that security file as an administrator and try removing the TLSv1.1 first, save and then check. If that not work for you try the same thing with TLSv1 – b.s Jul 06 '21 at 04:30
  • it gives a new error ill post it in the overflow – Caminero Jul 06 '21 at 04:37
  • should i use gradle or something like that or is plain villina java fine? – Caminero Jul 06 '21 at 05:06
  • "no appropriate protocol" was probably caused by using [old javamail which defaults to TLSv1.0 only,](https://stackoverflow.com/questions/67899129/postfix-and-openjdk-11-no-appropriate-protocol-protocol-is-disabled-or-cipher) and not overriding mail.pop3.tls.protocols. Regressing disabledProtocols will bypass this (only) as long as the (google) server supports TLSv1.0. – dave_thompson_085 Jul 06 '21 at 06:04
1

The issue is a couple of things first to fix the javax.net.ssl.SSLHandshakeException error you have to remove TLSV1 from the java.security file like harry was explaining above. Then you have to add the activation.jar file to your dependencies and it will work. If this didn't work try to follow these instructions

Caminero
  • 265
  • 3
  • 19