Question

需要一些帮助来修复连接到SMTP服务器（Lotus Notes服务器）的应用程序的错误。我已经在SO中尝试了几个建议，但没有一个有效。该应用程序能够连接到SMTP服务器并进行握手。
但是，启动starttls后会出错。同样在Oracle网站上建议注释掉java.security文件中的一行，因为我们使用的是Java 8，但它仍然无效。
还有一些小实用程序来检查启用了哪些SSL协议，并且SSLv3，TLS，TLSv1，TLSv1.2都已启用。无法理解服务器为什么要使用SSLv3然后说无法将套接字转换为TLS。这没有任何意义。

代码截断

@Service
public class ManifestEmailService {

    private static final Logger logger = Logger.getLogger(ManifestEmailService.class);

    @Autowired
    private JavaMailSender mailSender;

    public void sendManifestMail(MailProperties prop, String recipient, String msgBody) {

        logger.info("Creating Email Body");

        logger.info("Sender mail: "+ prop.getSender()+ " Sender Subject: "+ prop.getMailSubject());

        SimpleMailMessage msg = new SimpleMailMessage();
        msg.setFrom(prop.getSender());
        msg.setTo(recipient);
        msg.setSubject("FHL");
        msg.setText(msgBody);

        try {
            logger.info("Sending mail message");
            mailSender.send(msg);
        } catch (MailException mEx) {
            logger.error("Problem sending email..." + mEx);
        }
    }
}

@Configuration
public ManifestoConfig {

    @Bean
    public JavaMailSender getJavaMailSender() {
        JavaMailSenderImpl mailSender = new JavaMailSenderImpl();
        FileProcessor io = new FileProcessor();

        Properties props = io.loadManifestoProperties(manifestoPropPath);

        logger.info("Configure Mail Properties ... ");

        mailSender.setHost(props.getProperty("sender.mail.host"));
        mailSender.setPort(Integer.valueOf(props.getProperty("sender.mail.port")));
        mailSender.setUsername(props.getProperty("sender.mail.username"));
        mailSender.setPassword(props.getProperty("sender.mail.password"));

        mailSender.setJavaMailProperties(io.loadManifestoProperties(manifestoPropPath));

        return mailSender;
    }
}

属性文件

sender.mail.username=rubbishemail1@lt.com
sender.mail.password=rubbishpassword1
sender.mail.subject=FHL
sender.mail.host=smtp.lotus.server.com
sender.mail.port=25

mail.transport.protocol=smtp
mail.smtp.auth=true
mail.smtp.starttls.enable=true
mail.smtp.timeout=5000
mail.smtp.ssl.enable=false
mail.debug=true

错误日志

2017-05-18 11:53:27.206  INFO 4804 --- [nio-8080-exec-6] org.fhl.service.Manifes
tEmailService     : Sending mail message
DEBUG: getProvider() returning javax.mail.Provider[TRANSPORT,smtp,com.sun.mail.s
mtp.SMTPTransport,Oracle]
DEBUG SMTP: useEhlo true, useAuth true
DEBUG SMTP: trying to connect to host "smtp.lotus.server.com", port 25, isSSL fals
e
220 lotus.mail.server ESMTP Service (Lotus Domino Release 8.5.3FP6) read
y at Thu, 18 May 2017 08:53:27 +0100
DEBUG SMTP: connected to host "smtp.lotus.server.com", port: 25

EHLO client_user
250-lotus.mail.server Hello client_user ([10.210.136.6]), pleased
 to meet you
250-TLS
250-HELP
250-STARTTLS
250-DSN
250-SIZE 52428800
250 PIPELINING
DEBUG SMTP: Found extension "TLS", arg ""
DEBUG SMTP: Found extension "HELP", arg ""
DEBUG SMTP: Found extension "STARTTLS", arg ""
DEBUG SMTP: Found extension "DSN", arg ""
DEBUG SMTP: Found extension "SIZE", arg "52428800"
DEBUG SMTP: Found extension "PIPELINING", arg ""
STARTTLS
220 Ready to start TLS
2017-05-18 11:53:28.236 ERROR 4804 --- [nio-8080-exec-6] org.fhl.service.Manifes
tEmailService     : Problem sending email...org.springframework.mail.MailSendExc
eption: Mail server connection failed; nested exception is javax.mail.MessagingE
xception: Could not convert socket to TLS;
  nested exception is:
        javax.net.ssl.SSLHandshakeException: Server chose SSLv3, but that protoc
ol version is not enabled or not supported by the client.. Failed messages: java
x.mail.MessagingException: Could not convert socket to TLS;
  nested exception is:
        javax.net.ssl.SSLHandshakeException: Server chose SSLv3, but that protoc
ol version is not enabled or not supported by the client.; message exceptions (1
) are:
Failed message 1: javax.mail.MessagingException: Could not convert socket to TLS
;
  nested exception is:
        javax.net.ssl.SSLHandshakeException: Server chose SSLv3, but that protoc
ol version is not enabled or not supported by the client.

SSL记录

[DEBUG] 2017-06-07 11:27:34.171 [JavaFX Application Thread] ManifestEmailService 
 - Load Mail Properties in into Javamail Session 
DEBUG: getProvider() returning javax.mail.Provider[TRANSPORT,smtp,com.sun.mail.s 
mtp.SMTPTransport,Sun Microsystems, Inc] 
DEBUG SMTP: useEhlo true, useAuth true 
DEBUG SMTP: useEhlo true, useAuth true 
DEBUG SMTP: trying to connect to host "164.39.7.92", port 25, isSSL false 
220 lotus.mail.server ESMTP Service (Lotus Domino Release 8.5.3FP6) read 
y at Wed, 7 Jun 2017 08:27:34 +0100 
DEBUG SMTP: connected to host "smtp.lotus.server.com", port: 25 

EHLO CHOL162 
250-lotus.mail.server Hello CHOL162 ([10.210.136.21]), pleased to meet y 
ou 
250-TLS 
250-HELP 
250-STARTTLS 
250-DSN 
250-SIZE 52428800 
250 PIPELINING 
DEBUG SMTP: Found extension "TLS", arg "" 
DEBUG SMTP: Found extension "HELP", arg "" 
DEBUG SMTP: Found extension "STARTTLS", arg "" 
DEBUG SMTP: Found extension "DSN", arg "" 
DEBUG SMTP: Found extension "SIZE", arg "52428800" 
DEBUG SMTP: Found extension "PIPELINING", arg "" 
STARTTLS 
220 Ready to start TLS 
Allow unsafe renegotiation: false 
Allow legacy hello messages: true 
Is initial handshake: true 
Is secure renegotiation: false 
EHLO CHOL162 
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for T 
LSv1 
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for TLS 
v1 
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for TLSv1 
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for TL 
Sv1 
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for TLSv 
1 
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1 

Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for TLSv1 

Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_GCM_SHA256 
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 
%% No cached client session 
*** ClientHello, TLSv1 
RandomCookie:  GMT: 1496754662 bytes = { 245, 148, 158, 245, 226, 89, 218, 187, 
38, 214, 67, 188, 66, 204, 91, 194, 210, 37, 14, 168, 255, 103, 89, 232, 246, 99 
, 61, 8 } 
Session ID:  {} 
Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128 
_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS 
_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WI 
TH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_3D 
ES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_ 
SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_ 
DHE_DSS_WITH_3DES_EDE_CBC_SHA, TLS_EMPTY_RENEGOTIATION_INFO_SCSV] 
Compression Methods:  { 0 } 
Extension elliptic_curves, curve names: {secp256r1, secp384r1, secp521r1, sect28 
3k1, sect283r1, sect409k1, sect409r1, sect571k1, sect571r1, secp256k1} 
Extension ec_point_formats, formats: [uncompressed] 
Extension server_name, server_name: [type=host_name (0), value=gbahelbv3.gb.tntp 
ost.com] 
*** 
JavaFX Application Thread, WRITE: TLSv1 Handshake, length = 140 
JavaFX Application Thread, READ: SSLv3 Handshake, length = 58 
*** ServerHello, SSLv3 
RandomCookie:  GMT: 1499415798 bytes = { 174, 160, 140, 96, 215, 83, 21, 198, 21 
4, 57, 208, 183, 191, 65, 44, 179, 197, 159, 101, 44, 176, 53, 215, 81, 122, 49, 
 174, 189 } 
Session ID:  {193, 186, 187, 85, 52, 17, 137, 84, 154, 122, 240, 123, 100, 244, 
27, 22} 
Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA 
Compression Method: 0 
*** 
JavaFX Application Thread, handling exception: javax.net.ssl.SSLHandshakeExcepti 
on: Server chose SSLv3, but that protocol version is not enabled or not supporte 
d by the client. 
JavaFX Application Thread, SEND TLSv1.2 ALERT:  fatal, description = handshake_f 
ailure 
JavaFX Application Thread, WRITE: TLSv1.2 Alert, length = 2 
JavaFX Application Thread, called closeSocket() 
[ERROR] 2017-06-07 11:27:34.911 [JavaFX Application Thread] ManifestEmailService 
 - Mail Message crap!!!javax.mail.MessagingException: Can't send command to SMTP 
 host; 
  nested exception is: 
        javax.net.ssl.SSLHandshakeException: Server chose SSLv3, but that protoc 
ol version is not enabled or not supported by the client.

Answer 1

javax.net.ssl.SSLHandshakeException：服务器选择了SSLv3

这意味着您连接到使用过时且不安全的SSL / TLS协议版本的服务器，即SSL 3.0。出于安全原因，默认情况下在Java 8中禁用此协议。

最好的方法是修复损坏的服务器，使其支持更新版本的SSL / TLS。除此之外，仅支持SSL 3.0的服务器可能不仅在SSL / TLS方面不安全，而且还存在其他一些安全问题。如果没有选项升级服务器，请参阅How to enable SSL 3 in Java如何通过允许不安全的SSL 3.0协议解决此损坏的服务器。

在SMTP服务器中传递starttls参数后的Spring Mail错误

1 个答案: