SSL with javamail not working

Question

Trying to connect to gmail with TSL, I am stuck on some error msgs. Given below code:

import java.util.*;
import java.util.logging.*;
import javax.mail.*;
import javax.mail.internet.*;

public class MailHandler extends Handler {
    public void publish(LogRecord record) {
    try {
        String host = "smtp.gmail.com";
        int port = 587;
        String username = "cookie@gmail.com";
        String password = "cookiepassword";

        Properties props = new Properties();
        props.put("mail.smtp.auth", "true");
        props.put("mail.smtp.starttls.enable", "true");
        //props.setProperty("mail.smtp.ssl.trust", "smtpserver");
        props.put("mail.debug", "true");

        Session session = Session.getInstance(props);

        Message message = new MimeMessage(session);
        message.setFrom(new InternetAddress("cookie@gmail.com"));
        message.setRecipients(Message.RecipientType.TO,InternetAddress.parse("cookie@gmail.com"));
        message.setSubject(record.getMessage());
        message.setText("Auto");

        Transport transport = session.getTransport("smtp");
        transport.connect(host, port, username, password);

        Transport.send(message);
    } catch (MessagingException ex) {
        Logger.getLogger(MailHandler.class.getName()).log(Level.SEVERE, null, ex);
    }
  }
    @Override
    public void close() {}
    @Override
    public void flush() {}
}

I get

run:
DEBUG: JavaMail version 1.4.4
DEBUG: successfully loaded resource: /META-INF/javamail.default.providers
DEBUG: Tables of loaded providers
DEBUG: Providers Listed By Class Name: {com.sun.mail.smtp.SMTPSSLTransport=javax.mail.Provider[TRANSPORT,smtps,com.sun.mail.smtp.SMTPSSLTransport,Sun Microsystems, Inc], com.sun.mail.smtp.SMTPTransport=javax.mail.Provider[TRANSPORT,smtp,com.sun.mail.smtp.SMTPTransport,Sun Microsystems, Inc], com.sun.mail.imap.IMAPSSLStore=javax.mail.Provider[STORE,imaps,com.sun.mail.imap.IMAPSSLStore,Sun Microsystems, Inc], com.sun.mail.pop3.POP3SSLStore=javax.mail.Provider[STORE,pop3s,com.sun.mail.pop3.POP3SSLStore,Sun Microsystems, Inc], com.sun.mail.imap.IMAPStore=javax.mail.Provider[STORE,imap,com.sun.mail.imap.IMAPStore,Sun Microsystems, Inc], com.sun.mail.pop3.POP3Store=javax.mail.Provider[STORE,pop3,com.sun.mail.pop3.POP3Store,Sun Microsystems, Inc]}
DEBUG: Providers Listed By Protocol: {imaps=javax.mail.Provider[STORE,imaps,com.sun.mail.imap.IMAPSSLStore,Sun Microsystems, Inc], imap=javax.mail.Provider[STORE,imap,com.sun.mail.imap.IMAPStore,Sun Microsystems, Inc], smtps=javax.mail.Provider[TRANSPORT,smtps,com.sun.mail.smtp.SMTPSSLTransport,Sun Microsystems, Inc], pop3=javax.mail.Provider[STORE,pop3,com.sun.mail.pop3.POP3Store,Sun Microsystems, Inc], pop3s=javax.mail.Provider[STORE,pop3s,com.sun.mail.pop3.POP3SSLStore,Sun Microsystems, Inc], smtp=javax.mail.Provider[TRANSPORT,smtp,com.sun.mail.smtp.SMTPTransport,Sun Microsystems, Inc]}
DEBUG: successfully loaded resource: /META-INF/javamail.default.address.map
DEBUG: getProvider() returning javax.mail.Provider[TRANSPORT,smtp,com.sun.mail.smtp.SMTPTransport,Sun Microsystems, Inc]
DEBUG SMTP: useEhlo true, useAuth true
DEBUG SMTP: trying to connect to host "smtp.gmail.com", port 587, isSSL false
220 mx.google.com ESMTP b5sm13118062wbh.4
DEBUG SMTP: connected to host "smtp.gmail.com", port: 587

EHLO FloWorkLinux
250-mx.google.com at your service, [95.146.161.196]
250-SIZE 35882577
250-8BITMIME
250-STARTTLS
250 ENHANCEDSTATUSCODES
DEBUG SMTP: Found extension "SIZE", arg "35882577"
DEBUG SMTP: Found extension "8BITMIME", arg ""
DEBUG SMTP: Found extension "STARTTLS", arg ""
DEBUG SMTP: Found extension "ENHANCEDSTATUSCODES", arg ""
STARTTLS
220 2.0.0 Ready to start TLS
09-Dec-2011 17:05:32 smsalertor.MailHandler publish
SEVERE: null
javax.mail.MessagingException: Could not convert socket to TLS;
  nested exception is:
    java.net.SocketException: java.security.NoSuchAlgorithmException: Error constructing implementation (algorithm: Default, provider: SunJSSE, class: sun.security.ssl.DefaultSSLContextImpl)
    at com.sun.mail.smtp.SMTPTransport.startTLS(SMTPTransport.java:1880)
    at com.sun.mail.smtp.SMTPTransport.protocolConnect(SMTPTransport.java:648)
    at javax.mail.Service.connect(Service.java:295)
    at smsalertor.MailHandler.publish(MailHandler.java:33)
    at smsalertor.SMSAlertor.main(SMSAlertor.java:107)
Caused by: java.net.SocketException: java.security.NoSuchAlgorithmException: Error constructing implementation (algorithm: Default, provider: SunJSSE, class: sun.security.ssl.DefaultSSLContextImpl)
    at javax.net.ssl.DefaultSSLSocketFactory.throwException(SSLSocketFactory.java:196)
    at javax.net.ssl.DefaultSSLSocketFactory.createSocket(SSLSocketFactory.java:216)
    at com.sun.mail.util.SocketFetcher.startTLS(SocketFetcher.java:432)
    at com.sun.mail.smtp.SMTPTransport.startTLS(SMTPTransport.java:1875)
    ... 4 more
Caused by: java.security.NoSuchAlgorithmException: Error constructing implementation (algorithm: Default, provider: SunJSSE, class: sun.security.ssl.DefaultSSLContextImpl)
    at java.security.Provider$Service.newInstance(Provider.java:1262)
    at sun.security.jca.GetInstance.getInstance(GetInstance.java:236)
    at sun.security.jca.GetInstance.getInstance(GetInstance.java:164)
    at javax.net.ssl.SSLContext.getInstance(SSLContext.java:142)
    at javax.net.ssl.SSLContext.getDefault(SSLContext.java:85)
    at javax.net.ssl.SSLSocketFactory.getDefault(SSLSocketFactory.java:119)
    at com.sun.mail.util.SocketFetcher.startTLS(SocketFetcher.java:427)
    ... 5 more
Caused by: java.io.EOFException
    at java.io.DataInputStream.readInt(DataInputStream.java:392)
    at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:645)
    at sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:55)
    at java.security.KeyStore.load(KeyStore.java:1201)
    at sun.security.ssl.TrustManagerFactoryImpl.getCacertsKeyStore(TrustManagerFactoryImpl.java:221)
    at sun.security.ssl.DefaultSSLContextImpl.getDefaultTrustManager(DefaultSSLContextImpl.java:87)
    at sun.security.ssl.DefaultSSLContextImpl.<init>(DefaultSSLContextImpl.java:57)
    at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
    at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:57)
    at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
    at java.lang.reflect.Constructor.newInstance(Constructor.java:532)
    at java.lang.Class.newInstance0(Class.java:372)
    at java.lang.Class.newInstance(Class.java:325)
    at java.security.Provider$Service.newInstance(Provider.java:1238)
    ... 11 more
BUILD SUCCESSFUL (total time: 10 seconds)

Uncommenting props.setProperty("mail.smtp.ssl.trust", "smtpserver"); changes this to

run:
DEBUG: JavaMail version 1.4.4
DEBUG: successfully loaded resource: /META-INF/javamail.default.providers
DEBUG: Tables of loaded providers
DEBUG: Providers Listed By Class Name: {com.sun.mail.smtp.SMTPSSLTransport=javax.mail.Provider[TRANSPORT,smtps,com.sun.mail.smtp.SMTPSSLTransport,Sun Microsystems, Inc], com.sun.mail.smtp.SMTPTransport=javax.mail.Provider[TRANSPORT,smtp,com.sun.mail.smtp.SMTPTransport,Sun Microsystems, Inc], com.sun.mail.imap.IMAPSSLStore=javax.mail.Provider[STORE,imaps,com.sun.mail.imap.IMAPSSLStore,Sun Microsystems, Inc], com.sun.mail.pop3.POP3SSLStore=javax.mail.Provider[STORE,pop3s,com.sun.mail.pop3.POP3SSLStore,Sun Microsystems, Inc], com.sun.mail.imap.IMAPStore=javax.mail.Provider[STORE,imap,com.sun.mail.imap.IMAPStore,Sun Microsystems, Inc], com.sun.mail.pop3.POP3Store=javax.mail.Provider[STORE,pop3,com.sun.mail.pop3.POP3Store,Sun Microsystems, Inc]}
DEBUG: Providers Listed By Protocol: {imaps=javax.mail.Provider[STORE,imaps,com.sun.mail.imap.IMAPSSLStore,Sun Microsystems, Inc], imap=javax.mail.Provider[STORE,imap,com.sun.mail.imap.IMAPStore,Sun Microsystems, Inc], smtps=javax.mail.Provider[TRANSPORT,smtps,com.sun.mail.smtp.SMTPSSLTransport,Sun Microsystems, Inc], pop3=javax.mail.Provider[STORE,pop3,com.sun.mail.pop3.POP3Store,Sun Microsystems, Inc], pop3s=javax.mail.Provider[STORE,pop3s,com.sun.mail.pop3.POP3SSLStore,Sun Microsystems, Inc], smtp=javax.mail.Provider[TRANSPORT,smtp,com.sun.mail.smtp.SMTPTransport,Sun Microsystems, Inc]}
DEBUG: successfully loaded resource: /META-INF/javamail.default.address.map
DEBUG: getProvider() returning javax.mail.Provider[TRANSPORT,smtp,com.sun.mail.smtp.SMTPTransport,Sun Microsystems, Inc]
DEBUG SMTP: useEhlo true, useAuth true
DEBUG SMTP: trying to connect to host "smtp.gmail.com", port 587, isSSL false
220 mx.google.com ESMTP em4sm13086182wbb.20
DEBUG SMTP: connected to host "smtp.gmail.com", port: 587

EHLO FloWorkLinux
250-mx.google.com at your service, [95.146.161.196]
250-SIZE 35882577
250-8BITMIME
250-STARTTLS
250 ENHANCEDSTATUSCODES
DEBUG SMTP: Found extension "SIZE", arg "35882577"
DEBUG SMTP: Found extension "8BITMIME", arg ""
DEBUG SMTP: Found extension "STARTTLS", arg ""
DEBUG SMTP: Found extension "ENHANCEDSTATUSCODES", arg ""
STARTTLS
220 2.0.0 Ready to start TLS
09-Dec-2011 17:09:37 smsalertor.MailHandler publish
SEVERE: null
javax.mail.MessagingException: Could not convert socket to TLS;
  nested exception is:
    java.io.IOException: Can't create MailSSLSocketFactory
    at com.sun.mail.smtp.SMTPTransport.startTLS(SMTPTransport.java:1880)
    at com.sun.mail.smtp.SMTPTransport.protocolConnect(SMTPTransport.java:648)
    at javax.mail.Service.connect(Service.java:295)
    at smsalertor.MailHandler.publish(MailHandler.java:33)
    at smsalertor.SMSAlertor.main(SMSAlertor.java:107)
Caused by: java.io.IOException: Can't create MailSSLSocketFactory
    at com.sun.mail.util.SocketFetcher.startTLS(SocketFetcher.java:421)
    at com.sun.mail.smtp.SMTPTransport.startTLS(SMTPTransport.java:1875)
    ... 4 more
Caused by: java.security.KeyStoreException: problem accessing trust storejava.io.EOFException
    at sun.security.ssl.TrustManagerFactoryImpl.engineInit(TrustManagerFactoryImpl.java:75)
    at javax.net.ssl.TrustManagerFactory.init(TrustManagerFactory.java:247)
    at com.sun.mail.util.MailSSLSocketFactory$MailTrustManager.<init>(MailSSLSocketFactory.java:333)
    at com.sun.mail.util.MailSSLSocketFactory$MailTrustManager.<init>(MailSSLSocketFactory.java:323)
    at com.sun.mail.util.MailSSLSocketFactory.<init>(MailSSLSocketFactory.java:115)
    at com.sun.mail.util.MailSSLSocketFactory.<init>(MailSSLSocketFactory.java:94)
    at com.sun.mail.util.SocketFetcher.startTLS(SocketFetcher.java:413)
    ... 5 more
BUILD SUCCESSFUL (total time: 7 seconds)

Anyone seen this before?

Edit:

Talk about turning a 10 minute copy paste tutorial into a full day head ache. I still haven't solved this, however, I have been reading more and more. Apparently, I need a store of public ssl signatures to compare against. This are supposed to be in a path along the lines of /usr/lib/jvm/java-6-sun-1.6.0.26/jre/lib/security. Using sudo update-alternatives --config java I am pointing this at /usr/lib/jvm/java-6-sun/jre/bin/java which in turn points at that folder, however, there exists also a /usr/lib/jvm/default-java symlink unaffected by this, currently pointing to java-6-openjdk, and if I look into that folder, it was missing security certificates. And just that is being used by NetBeans. Oh joy.

Following this recommendation, I did sudo apt-get install libbcprov-java which gave me my security folder in the openjdk (after mucking about with the sun-jdk for a while, which presumably now is installed, but who knows where, since it isn't showing up in /usr/lib/jvm/).

This still produces the same error msg. Hence I moved it all over to Windows, tried to compile, turns out above code isn't quite working (doesn't matter for our purpose as the non working bits come after the SSL bit) (hey and thanks for all the incorrect tutorials out there by now, what a mess). Anyway, finally got something working with this solution (although there is a fair amount of redundancy in there, and although it is not TLS but SSL, but hey, ...). In any case, all working fine and smooth, so back to Ubuntu, and ding dong, same error message as above again. Clearly looks like a problem surrounding the KeyStore. I am still at a loss as to how to fix it (current error is the first one mentioned above).

Note: even when you're using SMTPS (i.e. SMTP with SSL/TLS on a separate port and not SMTP with `STARTTLS` on the same port), you may be using TLS (i.e. SSL's successor, within IETF). That's not the difference between SSL and TLS. (For some reason, the difference you're using is what some tools like MS Outlook use, but it's not correct.) — Bruno, Dec 09 '11 at 22:33

score 5 · Answer 1 · edited Sep 27 '12 at 05:28

5

It took days to try hundreds of ideas according to keytool, truststore, cacerst etc. But finally I had to simply set the mail.smtp.ssl.trust property:

props.setProperty("mail.smtp.ssl.trust", "smtpserver");

edited Sep 27 '12 at 05:28

athspk

6,722
7
37
51

answered Sep 27 '12 at 05:19

Aneesh

69
1
2

That simply turns off certificate checking for that host circumventing the security layer. This is not a real solution to the problem... – Benny Bottema Jul 05 '20 at 11:26

score 3 · Answer 2 · edited Nov 21 '12 at 11:10

3

Change

  props.put("mail.smtp.auth", "true");
  props.put("mail.smtp.starttls.enable", "true");

to

  props.put("mail.smtp.auth", true);
  props.put("mail.smtp.starttls.enable", true);

Then program runs correctly

edited Nov 21 '12 at 11:10

Grhm

6,726
4
40
64

answered Nov 21 '12 at 10:48

duypt

47
2

I don't think this is correct: See https://javamail.java.net/nonav/docs/api/index.html?com/sun/mail/util/package-summary.html. It says "The properties are always set as strings; the Type column describes how the string is interpreted." – John Aug 20 '13 at 09:34
[Properties](http://docs.oracle.com/javase/7/docs/api/java/util/Properties.html) documentation clearly says that `Properties` even if inherits `Hashtable` and has `put` its use to set property pairs is strongly discouraged. – Akos K Nov 19 '13 at 09:15

score 1 · Accepted Answer · answered Dec 09 '11 at 21:13

Well, it turns out the sun jdk just installed on top of the jre. Nice. So my java-6-sun-1.6.0.26 is now an jdk. Whichever. Suits me.

Anyway, repointing /usr/lib/jvm/default-java to my newly upgraded sun jdk folder switches NetBeans from openjdk to sun-jdk and hurray it is working.

Voodoo · Answer 4 · 2014-01-07T13:17:49.870

Nope! According to https://javamail.java.net/nonav/docs/api/com/sun/mail/smtp/package-summary.html and similar for imap values. All values MUST be given in for as a string (and it's also the "nature" of Properties) such as "123" for an int of 123 or "true" for boolean true. The Exception: javax.mail.MessagingException: java.security.NoSuchAlgorithmException: Error con structing implementation (algorithm: Default, provider: SunJSSE, class: sun.secu rity.ssl.SSLContextImpl$DefaultSSLContext); bases on the unsupported TLS on "old" windows such as vista, XP (see MS blog). I unjared the package javax.mail.jar and followed the trace back to the line where it caused this weird exception: It's in the source SocketFetcher.java (package com.sun.mail.util;) and exactly at the method createSocket() @ the line MailSSLSocketFactory msf = new MailSSLSocketFactory(); And when I checked this MailSSLSocketFactory.java it said:

    public MailSSLSocketFactory() throws GeneralSecurityException {
      this("TLS");
    }

score 0 · Answer 5 · answered Dec 09 '11 at 17:24

0

I haven't seen it but the exception tell that you haven't put smtp server certificate into your trustedca file or this file is unavaliable

answered Dec 09 '11 at 17:24

korifey

3,379
17
17

Yes that would be why... I didn't think I needed to, after all, email clients seem to work straight away... How do I do this? – Cookie Dec 09 '11 at 17:26
Hm, it'd easy but you must understand, what you are doing. Look at keytool doc: http://docs.oracle.com/javase/1.3/docs/tooldocs/win32/keytool.html The Idea is to import certificate by `keytool` cmd into $JRE_HOME\lib\security\cacerts file – korifey Dec 09 '11 at 17:31

score 0 · Answer 6 · answered Dec 09 '11 at 20:27

0

I fixed a bug in this area recently that might be related to your problem. Try the latest SNAPSHOT version from here.

answered Dec 09 '11 at 20:27

Bill Shannon

29,579
6
38
40

Could you please be a bit more specific as to what the bug was about? – Cookie Dec 09 '11 at 20:44
It was related to how the SSL protocol was handled when a server identity check was required. The old code worked with some servers but not others. The fixed version is more correct. But it sounds like your problem was with certificates after all, complicated by the way Ubuntu installs the JDK. You might also be interested in the JavaMail FAQ entry about certificates. – Bill Shannon Dec 10 '11 at 18:28
The [JavaMail FAQ entry about certificates](http://www.oracle.com/technetwork/java/javamail/faq/index.html#installcert) has a dead link, find the details [here](http://kenai.com/projects/javamail/pages/InstallCert). – Bill Shannon Dec 10 '11 at 18:51

score -2 · Answer 7 · answered Mar 26 '13 at 12:11

-2

Finally Solved. I tried everything to get authenticated at my exchange server, but no success. Use the code below:

Properties props = (Properties)System.getProperties().clone();
props.put("mail.smtp.host", host);
props.setProperty("mail.smtp.port", "587");
props.put("mail.smtp.auth", true);

//Bypass the SSL authentication
props.put("mail.smtp.ssl.enable", false);
props.put("mail.smtp.starttls.enable", false);

answered Mar 26 '13 at 12:11

Chandan Singh

27
1

1

Turning SSL off is no solution for SSL related problems! – LeSpocky Jul 29 '14 at 14:32

SSL with javamail not working

7 Answers7