当前位置: 首页 > 知识库问答 >
问题:

在SMTP服务器中传递starttls参数后的Spring Mail错误

宋鸿德
2023-03-14

需要一些帮助来修复连接到 SMTP 服务器(Lotus Notes html" target="_blank">服务器)的应用程序的错误。我已经在SO中尝试了几个建议,但没有一个有效。该应用程序能够连接到SMTP服务器并进行握手。
但是,在启动 starttls 后,它会给出一个错误。还要按照Oracle网站上的建议在java.security文件中注释掉一行,因为我们使用的是Java 8,但它仍然不起作用。
还有一些小实用程序来检查启用了哪些SSL协议,并且SSLv3,TLS,TLSv1,TLSv1.2都已启用。无法理解为什么服务器想要使用SSLv3,然后说无法将套接字转换为TLS。这没有任何意义。

代码被截断

@Service
public class ManifestEmailService {

    private static final Logger logger = Logger.getLogger(ManifestEmailService.class);

    @Autowired
    private JavaMailSender mailSender;

    public void sendManifestMail(MailProperties prop, String recipient, String msgBody) {

        logger.info("Creating Email Body");

        logger.info("Sender mail: "+ prop.getSender()+ " Sender Subject: "+ prop.getMailSubject());

        SimpleMailMessage msg = new SimpleMailMessage();
        msg.setFrom(prop.getSender());
        msg.setTo(recipient);
        msg.setSubject("FHL");
        msg.setText(msgBody);

        try {
            logger.info("Sending mail message");
            mailSender.send(msg);
        } catch (MailException mEx) {
            logger.error("Problem sending email..." + mEx);
        }
    }
}

@Configuration
public ManifestoConfig {

    @Bean
    public JavaMailSender getJavaMailSender() {
        JavaMailSenderImpl mailSender = new JavaMailSenderImpl();
        FileProcessor io = new FileProcessor();

        Properties props = io.loadManifestoProperties(manifestoPropPath);

        logger.info("Configure Mail Properties ... ");

        mailSender.setHost(props.getProperty("sender.mail.host"));
        mailSender.setPort(Integer.valueOf(props.getProperty("sender.mail.port")));
        mailSender.setUsername(props.getProperty("sender.mail.username"));
        mailSender.setPassword(props.getProperty("sender.mail.password"));

        mailSender.setJavaMailProperties(io.loadManifestoProperties(manifestoPropPath));

        return mailSender;
    }
}

属性文件

sender.mail.username=rubbishemail1@lt.com
sender.mail.password=rubbishpassword1
sender.mail.subject=FHL
sender.mail.host=smtp.lotus.server.com
sender.mail.port=25

mail.transport.protocol=smtp
mail.smtp.auth=true
mail.smtp.starttls.enable=true
mail.smtp.timeout=5000
mail.smtp.ssl.enable=false
mail.debug=true

错误日志

2017-05-18 11:53:27.206  INFO 4804 --- [nio-8080-exec-6] org.fhl.service.Manifes
tEmailService     : Sending mail message
DEBUG: getProvider() returning javax.mail.Provider[TRANSPORT,smtp,com.sun.mail.s
mtp.SMTPTransport,Oracle]
DEBUG SMTP: useEhlo true, useAuth true
DEBUG SMTP: trying to connect to host "smtp.lotus.server.com", port 25, isSSL fals
e
220 lotus.mail.server ESMTP Service (Lotus Domino Release 8.5.3FP6) read
y at Thu, 18 May 2017 08:53:27 +0100
DEBUG SMTP: connected to host "smtp.lotus.server.com", port: 25

EHLO client_user
250-lotus.mail.server Hello client_user ([10.210.136.6]), pleased
 to meet you
250-TLS
250-HELP
250-STARTTLS
250-DSN
250-SIZE 52428800
250 PIPELINING
DEBUG SMTP: Found extension "TLS", arg ""
DEBUG SMTP: Found extension "HELP", arg ""
DEBUG SMTP: Found extension "STARTTLS", arg ""
DEBUG SMTP: Found extension "DSN", arg ""
DEBUG SMTP: Found extension "SIZE", arg "52428800"
DEBUG SMTP: Found extension "PIPELINING", arg ""
STARTTLS
220 Ready to start TLS
2017-05-18 11:53:28.236 ERROR 4804 --- [nio-8080-exec-6] org.fhl.service.Manifes
tEmailService     : Problem sending email...org.springframework.mail.MailSendExc
eption: Mail server connection failed; nested exception is javax.mail.MessagingE
xception: Could not convert socket to TLS;
  nested exception is:
        javax.net.ssl.SSLHandshakeException: Server chose SSLv3, but that protoc
ol version is not enabled or not supported by the client.. Failed messages: java
x.mail.MessagingException: Could not convert socket to TLS;
  nested exception is:
        javax.net.ssl.SSLHandshakeException: Server chose SSLv3, but that protoc
ol version is not enabled or not supported by the client.; message exceptions (1
) are:
Failed message 1: javax.mail.MessagingException: Could not convert socket to TLS
;
  nested exception is:
        javax.net.ssl.SSLHandshakeException: Server chose SSLv3, but that protoc
ol version is not enabled or not supported by the client.

断续器日志

[DEBUG] 2017-06-07 11:27:34.171 [JavaFX Application Thread] ManifestEmailService 
 - Load Mail Properties in into Javamail Session 
DEBUG: getProvider() returning javax.mail.Provider[TRANSPORT,smtp,com.sun.mail.s 
mtp.SMTPTransport,Sun Microsystems, Inc] 
DEBUG SMTP: useEhlo true, useAuth true 
DEBUG SMTP: useEhlo true, useAuth true 
DEBUG SMTP: trying to connect to host "164.39.7.92", port 25, isSSL false 
220 lotus.mail.server ESMTP Service (Lotus Domino Release 8.5.3FP6) read 
y at Wed, 7 Jun 2017 08:27:34 +0100 
DEBUG SMTP: connected to host "smtp.lotus.server.com", port: 25 

EHLO CHOL162 
250-lotus.mail.server Hello CHOL162 ([10.210.136.21]), pleased to meet y 
ou 
250-TLS 
250-HELP 
250-STARTTLS 
250-DSN 
250-SIZE 52428800 
250 PIPELINING 
DEBUG SMTP: Found extension "TLS", arg "" 
DEBUG SMTP: Found extension "HELP", arg "" 
DEBUG SMTP: Found extension "STARTTLS", arg "" 
DEBUG SMTP: Found extension "DSN", arg "" 
DEBUG SMTP: Found extension "SIZE", arg "52428800" 
DEBUG SMTP: Found extension "PIPELINING", arg "" 
STARTTLS 
220 Ready to start TLS 
Allow unsafe renegotiation: false 
Allow legacy hello messages: true 
Is initial handshake: true 
Is secure renegotiation: false 
EHLO CHOL162 
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for T 
LSv1 
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for TLS 
v1 
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for TLSv1 
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for TL 
Sv1 
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for TLSv 
1 
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1 

Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for TLSv1 

Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_GCM_SHA256 
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 
%% No cached client session 
*** ClientHello, TLSv1 
RandomCookie:  GMT: 1496754662 bytes = { 245, 148, 158, 245, 226, 89, 218, 187, 
38, 214, 67, 188, 66, 204, 91, 194, 210, 37, 14, 168, 255, 103, 89, 232, 246, 99 
, 61, 8 } 
Session ID:  {} 
Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128 
_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS 
_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WI 
TH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_3D 
ES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_ 
SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_ 
DHE_DSS_WITH_3DES_EDE_CBC_SHA, TLS_EMPTY_RENEGOTIATION_INFO_SCSV] 
Compression Methods:  { 0 } 
Extension elliptic_curves, curve names: {secp256r1, secp384r1, secp521r1, sect28 
3k1, sect283r1, sect409k1, sect409r1, sect571k1, sect571r1, secp256k1} 
Extension ec_point_formats, formats: [uncompressed] 
Extension server_name, server_name: [type=host_name (0), value=gbahelbv3.gb.tntp 
ost.com] 
*** 
JavaFX Application Thread, WRITE: TLSv1 Handshake, length = 140 
JavaFX Application Thread, READ: SSLv3 Handshake, length = 58 
*** ServerHello, SSLv3 
RandomCookie:  GMT: 1499415798 bytes = { 174, 160, 140, 96, 215, 83, 21, 198, 21 
4, 57, 208, 183, 191, 65, 44, 179, 197, 159, 101, 44, 176, 53, 215, 81, 122, 49, 
 174, 189 } 
Session ID:  {193, 186, 187, 85, 52, 17, 137, 84, 154, 122, 240, 123, 100, 244, 
27, 22} 
Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA 
Compression Method: 0 
*** 
JavaFX Application Thread, handling exception: javax.net.ssl.SSLHandshakeExcepti 
on: Server chose SSLv3, but that protocol version is not enabled or not supporte 
d by the client. 
JavaFX Application Thread, SEND TLSv1.2 ALERT:  fatal, description = handshake_f 
ailure 
JavaFX Application Thread, WRITE: TLSv1.2 Alert, length = 2 
JavaFX Application Thread, called closeSocket() 
[ERROR] 2017-06-07 11:27:34.911 [JavaFX Application Thread] ManifestEmailService 
 - Mail Message crap!!!javax.mail.MessagingException: Can't send command to SMTP 
 host; 
  nested exception is: 
        javax.net.ssl.SSLHandshakeException: Server chose SSLv3, but that protoc 
ol version is not enabled or not supported by the client. 

共有1个答案

白腾
2023-03-14

javax.net.ssl.SSLHandshakeException:服务器选择SSLv3

这意味着您连接到的服务器使用的是过时且不安全的SSL/TLS协议版本,即SSL 3.0。出于安全原因,Java 8中默认禁用此协议。

最好的方法是修复损坏的服务器,使其支持较新版本的SSL/TLS。除此之外,仅支持SSL 3.0的服务器可能不仅在SSL/TLS方面不安全,而且还有其他一些安全问题。如果无法升级服务器,请参阅如何在Java中启用SSL 3如何通过允许不安全的SSL 3.0协议来解决这个损坏的服务器。

 类似资料:
  • SMTP是Simple Mail Transfer Protocol的首字母缩写。 它是跨Internet协议(IP)网络的电子邮件(电子邮件)传输的Internet标准。 SMTP使用TCP端口25.由SSL保护的SMTP连接以速记SMTPS为人所知,尽管SMTPS本身不是协议。 JavaMail API具有包com.sun.mail.smtp ,它作为SMTP协议提供程序来访问SMTP服务器。

  • 我想用Java制作一个SMTP服务器。我已经了解了SMTP和POP3协议是如何工作的,但是我找不到任何关于SMTP服务器之间通信的信息。我想问一下,是否有人知道这个协议的名称以及如何使用它。 谢谢

  • 问题内容: SMTP服务器响应:530 5.7.0必须首先发出STARTTLS命令 我在php脚本文件中使用mail()函数时收到此错误消息… 我正在使用gmail SMTP服务器和gmail使用STARTTLS(这是安全SSL),并且我已经在我的contact.php文件中使用了这些命令 所以我可以使用什么命令来启用STARTTLS或在php,ini文件中进行配置? 问题答案: 首先,确保您的P

  • 但是这不起作用,因为上下文是在所有解析器之间共享的,因此如果我在查询上有多个,上下文值就不好。 我还尝试在嵌套解析器上使用上可用的。我可以转到字段,但这里没有参数... 我还尝试在上添加一些数据,但这些数据不在嵌套解析器上共享。

  • 当SMTP客户端连接到远程SMTP服务器并发出STARTTLS命令时,该命令具有自签名证书-我在客户端收到错误: javax。网ssl。SSLHandshakeException:太阳。安全验证器。ValidatorException:PKIX路径生成失败:sun。安全提供商。certpath。SunCertPathBuilderException:找不到请求目标的有效证书路径 有一种解决方案可以

  • 在之前的所有章节中,我们使用JangoSMPT服务器发送电子邮件。 在本章中,我们将了解Gmail提供的SMPT服务器。 Gmail(以及其他)免费提供其公共SMTP服务器。 Gmail SMTP服务器详细信息可在here找到。 正如您在详细信息中看到的,我们可以使用TLS或SSL连接通过Gmail SMTP服务器发送电子邮件。 使用Gmail SMTP服务器发送电子邮件的过程与发送电子邮件一章中