我们有一个连接到Domino邮件服务器的java电子邮件应用程序。如果我测试向Gmail或其他邮件服务器发送电子邮件,该应用程序将起作用。但是当我更改配置并连接到Domino Mail服务器时。它总是给出以下错误。
错误消息
JavaFX Application Thread, handling exception: javax.net.ssl.SSLHandshakeExcepti
on: Server chose SSLv3, but that protocol version is not enabled or not supporte
d by the client
尝试使用以下命令启用SSL调试以收集SSL调试日志。使用此link试图理解握手期间发生的事情。似乎最初客户端和服务器同意使用ClientHello,TLSv1上的TLSv1 show进行连接。但随后服务器响应ServerHello,SSLv3,之后显示错误。 任何人都可以帮助分析这些日志吗?可能会提供一些有关如何解决此问题的其他想法。
java -Djavax.net.debug=all -Dmail.socket.debug=true -Dhttps.protocols=TLSv1.1,TLSv1.2 -jar app.jar
SSL调试日志
[DEBUG] 2017-06-08 11:24:08.046 [JavaFX Application Thread] ManEmailService
- Load Mail Properties in into Javamail Session
DEBUG: getProvider() returning javax.mail.Provider[TRANSPORT,smtp,com.sun.mail.s
mtp.SMTPTransport,Sun Microsystems, Inc]
DEBUG SMTP: useEhlo true, useAuth true
DEBUG SMTP: useEhlo true, useAuth true
DEBUG SMTP: trying to connect to host "164.39.7.92", port 25, isSSL false
220 mailserver ESMTP Service (Lotus Domino Release 8.5.3FP6) read
y at Thu, 8 Jun 2017 08:24:09 +0100
DEBUG SMTP: connected to host "164.39.7.92", port: 25
EHLO chol130
250-mailserver Hello chol130 ([10.210.136.21]), pleased to meet y
ou
250-TLS
250-HELP
250-STARTTLS
250-DSN
250-SIZE 52428800
250 PIPELINING
DEBUG SMTP: Found extension "TLS", arg ""
DEBUG SMTP: Found extension "HELP", arg ""
DEBUG SMTP: Found extension "STARTTLS", arg ""
DEBUG SMTP: Found extension "DSN", arg ""
DEBUG SMTP: Found extension "SIZE", arg "52428800"
DEBUG SMTP: Found extension "PIPELINING", arg ""
STARTTLS
220 Ready to start TLS
Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
EHLO chol130
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for T
LSv1
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for TLS
v1
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for TL
Sv1
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for TLSv
1
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_GCM_SHA256
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_GCM_SHA256
%% No cached client session
*** ClientHello, TLSv1
RandomCookie: GMT: 1496840856 bytes = { 144, 229, 226, 93, 29, 240, 155, 120, 3
1, 198, 49, 168, 69, 96, 192, 17, 63, 179, 48, 152, 162, 151, 80, 52, 74, 227, 1
08, 212 }
Session ID: {}
Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128
_CBC_SHA, **TLS_RSA_WITH_AES_128_CBC_SHA**, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS
_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WI
TH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_3D
ES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_
SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_
DHE_DSS_WITH_3DES_EDE_CBC_SHA, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
Compression Methods: { 0 }
Extension elliptic_curves, curve names: {secp256r1, secp384r1, secp521r1, sect28
3k1, sect283r1, sect409k1, sect409r1, sect571k1, sect571r1, secp256k1}
Extension ec_point_formats, formats: [uncompressed]
Extension server_name, server_name: [type=host_name (0), value=gb.gb.t
p.com]
***
[write] MD5 and SHA1 hashes: len = 140
0000: 01 00 00 88 03 01 59 38 FB 98 90 E5 E2 5D 1D F0 ......Y8.....]..
0010: 9B 78 1F C6 31 A8 45 60 C0 11 3F B3 30 98 A2 97 .x..1.E`..?.0...
0020: 50 34 4A E3 6C D4 00 00 1E C0 09 C0 13 00 2F C0 P4J.l........./.
0030: 04 C0 0E 00 33 00 32 C0 08 C0 12 00 0A C0 03 C0 ....3.2.........
0040: 0D 00 16 00 13 00 FF 01 00 00 41 00 0A 00 16 00 ..........A.....
0050: 14 00 17 00 18 00 19 00 09 00 0A 00 0B 00 0C 00 ................
0060: 0D 00 0E 00 16 00 0B 00 02 01 00 00 00 00 1D 00 ................
0070: 1B 00 00 18 67 62 61 68 65 6C 62 76 33 2E 67 62 ....gb.gb
0080: 2E 74 6E 74 70 6F 73 74 2E 63 6F 6D .tp.com
JavaFX Application Thread, WRITE: TLSv1 Handshake, length = 140
[Raw write]: length = 145
0000: 16 03 01 00 8C 01 00 00 88 03 01 59 38 FB 98 90 ...........Y8...
0010: E5 E2 5D 1D F0 9B 78 1F C6 31 A8 45 60 C0 11 3F ..]...x..1.E`..?
0020: B3 30 98 A2 97 50 34 4A E3 6C D4 00 00 1E C0 09 .0...P4J.l......
0030: C0 13 00 2F C0 04 C0 0E 00 33 00 32 C0 08 C0 12 .../.....3.2....
0040: 00 0A C0 03 C0 0D 00 16 00 13 00 FF 01 00 00 41 ...............A
0050: 00 0A 00 16 00 14 00 17 00 18 00 19 00 09 00 0A ................
0060: 00 0B 00 0C 00 0D 00 0E 00 16 00 0B 00 02 01 00 ................
0070: 00 00 00 1D 00 1B 00 00 18 67 62 61 68 65 6C 62 .........gbahelb
0080: 76 33 2E 67 62 2E 74 6E 74 70 6F 73 74 2E 63 6F v3.gb.tp.co
0090: 6D m
[Raw read]: length = 5
0000: 16 03 00 00 3A ....:
[Raw read]: length = 58
0000: 02 00 00 36 03 00 59 60 96 A9 99 8D 55 45 0D 78 ...6..Y`....UE.x
0010: 0F B5 CE 45 42 77 D6 3F DF 76 BD F5 F3 70 86 DD ...EBw.?.v...p..
0020: 02 E8 E6 B3 7F 3E 10 75 40 52 B5 B0 21 51 62 6B .....>.u@R..!Qbk
0030: F4 72 53 FC B0 1B FC 00 2F 00 .rS...../.
JavaFX Application Thread, READ: SSLv3 Handshake, length = 58
*** **ServerHello, SSLv3**
RandomCookie: GMT: 1499436457 bytes = { 153, 141, 85, 69, 13, 120, 15, 181, 206
, 69, 66, 119, 214, 63, 223, 118, 189, 245, 243, 112, 134, 221, 2, 232, 230, 179
, 127, 62 }
Session ID: {117, 64, 82, 181, 176, 33, 81, 98, 107, 244, 114, 83, 252, 176, 27
, 252}
***Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA***
Compression Method: 0
***
JavaFX Application Thread, handling exception: javax.net.ssl.SSLHandshakeExcepti
on: Server chose SSLv3, but that protocol version is not enabled or not supporte
d by the client.
JavaFX Application Thread, SEND TLSv1.2 ALERT: fatal, description = handshake_f
ailure
JavaFX Application Thread, WRITE: TLSv1.2 Alert, length = 2
[Raw write]: length = 7
0000: 15 03 03 00 02 02 28 ......(
JavaFX Application Thread, called closeSocket()
[ERROR] 2017-06-08 11:24:08.748 [JavaFX Application Thread] ManEmailService
- Mail Message crap!!!javax.mail.MessagingException: Can't send command to SMTP
host;
nested exception is:
javax.net.ssl.SSLHandshakeException: Server chose SSLv3, but that protoc
ol version is not enabled or not supported by the client.
Javamail属性文件
#Set Mail Sender
sender.mail.from=sample@xwy.com
sender.mail.username=
sender.mail.password=
sender.mail.subject=subject
#Set Mail Sender Properties
mail.smtp.port=25
mail.smtp.host=<IP_ADDRESS>
#mail.smtp.ssl.trust=<IP_ADDRESS>
mail.transport.protocol=smtp
mail.smtp.auth=true
mail.smtp.starttls.enable=true
mail.smtp.timeout=5000
#mail.smtp.ssl.enable=true
mail.debug=true
答案 0 :(得分:0)
服务器似乎只支持旧的和不安全的SSLv3协议。 如果您仍想使用此服务器(例如,因为处于安全且密封的内部网络中),您需要在服务器端激活协议&gt; SSLv3(如TLSv1或TLSv1.1等)或告诉客户端支持SSLv3也是如此。
在您的java电子邮件应用程序中,尝试将以下系统属性设置为参数(作为java ..参数的一部分):
-Dhttps.protocols=SSLv3,TLSv1,TLSv1.2
如果这没有帮助,很可能SSL协议在源代码中是硬编码的。
有关在源代码级别设置协议的其他选项,请查看此处: how to use TLSV1 or SSLV3 for first handshake(Client Hello) in Java?
<强> //更新
属性文件中的这个:mail.smtps.ssl.protocols=SSLv3,TLSv1,TLSv1.1,TLSv1.2
来源:https://discretemkt.wordpress.com/2014/11/15/javamail-enables-or-disables-sslv3/