Question

我正在尝试使用Java邮件发送邮件。我的邮件服务器仅接受TLSv1.2。我尝试在客户端请求中配置TLSv1.2。但是，在TLS握手期间，我的clientHello始终使用TLSv1。我试图调试下面的握手，

[22:10:45:099]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false|
[22:10:45:100]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1|
[22:10:45:100]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 for TLSv1|
[22:10:45:100]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256 for TLSv1|
[22:10:45:100]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1|
[22:10:45:100]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 for TLSv1|
[22:10:45:100]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 for TLSv1|
[22:10:45:100]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 for TLSv1|
[22:10:45:100]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384|
[22:10:45:100]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384|
[22:10:45:100]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256|
[22:10:45:100]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384|
[22:10:45:100]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384|
[22:10:45:100]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256|
[22:10:45:100]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256|
[22:10:45:100]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256|
[22:10:45:100]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256|
[22:10:45:100]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256|
[22:10:45:100]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256|
[22:10:45:100]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256|
[22:10:45:100]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256|
[22:10:45:100]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256|
[22:10:45:100]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384|
[22:10:45:100]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256|
[22:10:45:101]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384|
[22:10:45:101]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_GCM_SHA384|
[22:10:45:101]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384|
[22:10:45:101]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384|
[22:10:45:101]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_GCM_SHA384|
[22:10:45:101]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_GCM_SHA384|
[22:10:45:101]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256|
[22:10:45:101]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_GCM_SHA256|
[22:10:45:101]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256|
[22:10:45:101]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256|
[22:10:45:101]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_GCM_SHA256|
[22:10:45:101]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_GCM_SHA256|
[22:10:45:101]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: %% No cached client session|
[22:10:45:102]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: *** ClientHello, TLSv1|
[22:10:45:102]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: RandomCookie:  |
[22:10:45:102]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: GMT: 1546533645 |
[22:10:45:102]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: bytes = { |
[22:10:45:102]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: 85|
[22:10:45:102]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: , |
[22:10:45:102]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: 83|
[22:10:45:102]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: , |
[22:10:45:102]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: 155|
[22:10:45:102]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: , |
[22:10:45:102]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: 171|
[22:10:45:102]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: , |
[22:10:45:102]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: 182|
[22:10:45:102]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: , |
[22:10:45:102]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: 72|
[22:10:45:102]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: , |
[22:10:45:102]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: 149|
[22:10:45:102]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: , |
[22:10:45:102]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: 172|
[22:10:45:102]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: , |
[22:10:45:102]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: 46|
[22:10:45:102]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: , |
[22:10:45:102]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: 116|
[22:10:45:102]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: , |
[22:10:45:102]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: 34|
[22:10:45:102]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: , |
[22:10:45:102]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: 18|
[22:10:45:102]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: , |
[22:10:45:102]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: 6|
[22:10:45:102]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: , |
[22:10:45:102]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: 97|
[22:10:45:102]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: , |
[22:10:45:102]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: 139|
[22:10:45:102]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: , |
[22:10:45:102]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: 142|
[22:10:45:102]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: , |
[22:10:45:102]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: 6|
[22:10:45:102]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: , |
[22:10:45:102]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: 223|
[22:10:45:102]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: , |
[22:10:45:102]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: 139|
[22:10:45:102]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: , |
[22:10:45:102]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: 14|
[22:10:45:102]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: , |
[22:10:45:102]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: 72|
[22:10:45:102]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: , |
[22:10:45:102]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: 51|
[22:10:45:102]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: , |
[22:10:45:102]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: 129|
[22:10:45:102]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: , |
[22:10:45:103]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: 210|
[22:10:45:103]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: , |
[22:10:45:103]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: 76|
[22:10:45:103]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: , |
[22:10:45:103]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: 177|
[22:10:45:103]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: , |
[22:10:45:103]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: 254|
[22:10:45:103]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: , |
[22:10:45:103]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: 144|
[22:10:45:103]|[01-03-2019]|[SYSOUT]|[INFO]|[56]:  }|
[22:10:45:103]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: Session ID:  |
[22:10:45:103]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: {}|
[22:10:45:103]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]|
[22:10:45:103]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: Compression Methods:  { |
[22:10:45:103]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: 0|
[22:10:45:103]|[01-03-2019]|[SYSOUT]|[INFO]|[56]:  }|
[22:10:45:103]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: Extension elliptic_curves, curve names: {secp256r1, sect163k1, sect163r2, secp192r1, secp224r1, sect233k1, sect233r1, sect283k1, sect283r1, secp384r1, sect409k1, sect409r1, secp521r1, sect571k1, sect571r1, secp160k1, secp160r1, secp160r2, sect163r1, secp192k1, sect193r1, sect193r2, secp224k1, sect239k1, secp256k1}|
[22:10:45:103]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: Extension ec_point_formats, formats: [uncompressed]|
[22:10:45:103]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: Extension server_name, server_name: [type=host_name (0), value=mail.someserver.com]|
[22:10:45:103]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: ***|
[22:10:45:103]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: http-nio-8095-exec-3, WRITE: TLSv1 Handshake, length = 175|
[22:10:45:227]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: http-nio-8095-exec-3, received EOFException: error|
[22:10:45:227]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: http-nio-8095-exec-3, handling exception: javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake|
[22:10:45:228]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: http-nio-8095-exec-3|
[22:10:45:228]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: , SEND TLSv1.2 ALERT:  |
[22:10:45:228]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: fatal, |
[22:10:45:228]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: description = handshake_failure|
[22:10:45:228]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: http-nio-8095-exec-3, WRITE: TLSv1.2 Alert, length = 2|
[22:10:45:228]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: http-nio-8095-exec-3, called closeSocket()|
[22:10:45:231]|[01-03-2019]|[SYSERR]|[INFO]|[56]: java.lang.Exception: Error in connecting to SMTP host.|

我在客户端进行了以下配置，以继续使用TLSv1.2，

-Dhttps.protocols = TLSv1.2

-Dmail.smtp.ssl.protocols =“ TLSv1.2”

-Djdk.tls.client.protocols = TLSv1.2

我的邮件服务器日志中抛出的错误是

SSL错误0x80090331客户端和服务器无法通信，因为它们不具有通用算法。

我不知道为什么clientHello总是选择TLSv1而不是TLSv1.2。请帮助我。

public static void sendMail(JSONObject mailProps, JSONObject serverProps) throws Exception {
    boolean var2 = true;
    String mailPort;
    try {
        String mailServer = serverProps.getString("SERVER_NAME");
        mailPort = serverProps.getString("PORT");
        String mailAuthenUser = serverProps.has("USER_NAME") ? serverProps.getString("USER_NAME") : "";
        String mailAuthenPwd = serverProps.has("PASSWORD") ? serverProps.getString("PASSWORD") : "";
        String securityType = serverProps.has("CONNECTION_SECURITY") ? serverProps.getString("CONNECTION_SECURITY") : "";
        boolean isHtmlFormat = false;
        if (mailProps.has("ENABLE_HTML_FORMAT") && mailProps.getBoolean("ENABLE_HTML_FORMAT") || serverProps.has("ENABLE_HTML_FORMAT") && serverProps.getBoolean("ENABLE_HTML_FORMAT")) {
            isHtmlFormat = true;
        }

        String fromAddress = mailProps.has("FROM_MAIL_ID") ? mailProps.getString("FROM_MAIL_ID") : serverProps.getString("FROM_MAIL_ID");
        String toAddress = mailProps.has("TO_ADDRESSES") ? mailProps.getString("TO_ADDRESSES") : serverProps.getString("ADMIN_MAIL_ID");
        String subject = mailProps.getString("SUBJECT");
        String message = mailProps.getString("MESSAGE");
        Properties systemProps = System.getProperties();
        Properties properties = (Properties)systemProps.clone();
        properties.put("mail.smtp.host", mailServer);
        properties.put("mail.smtp.port", mailPort);
        properties.put("mail.smtp.sendpartial", "true");
        Session session = null;
        boolean authRequired = false;
        properties.put("mail.smtp.auth", "false");
        if (mailAuthenUser != null && mailAuthenPwd != null && (!mailAuthenUser.equals("") || !mailAuthenPwd.equals(""))) {
            properties.put("mail.smtp.auth", "true");
            authRequired = true;
        }

        if ("SSL".equalsIgnoreCase(securityType)) {
            properties.put("mail.smtp.socketFactory.port", mailPort);
            properties.put("mail.smtp.socketFactory.class", "javax.net.ssl.SSLSocketFactory");
            properties.put("mail.smtp.socketFactory.fallback", "false");
        } else if ("TLS".equalsIgnoreCase(securityType)) {
            properties.put("mail.smtp.starttls.enable", "true");
            properties.put("mail.smtp.starttls.required", "true");
        }

        if (authRequired) {
            Authenticator auth = new MailAction.SMTPAuthenticator(mailAuthenUser, mailAuthenPwd);
            session = Session.getInstance(properties, auth);
        } else {
            session = Session.getInstance(properties);
        }

        session.setDebug(false);
        MimeMessage mess = new MimeMessage(session);
        if (toAddress != null) {
            String[] to = toAddress.split(",");
            InternetAddress[] toInternetAddress = new InternetAddress[to.length];

            for(int i = 0; i < to.length; ++i) {
                toInternetAddress[i] = new InternetAddress(to[i].trim());
            }

            mess.setRecipients(RecipientType.TO, toInternetAddress);
        }

        if (fromAddress != null && !fromAddress.equals("")) {
            mess.setFrom(new InternetAddress(fromAddress));
        }

        String type;
        if (mailProps.has("PRIORITY")) {
            type = mailProps.get("PRIORITY").toString();
            if (type.equalsIgnoreCase("High") || type.equalsIgnoreCase("Low")) {
                mess.setHeader("Importance", type);
                mess.setHeader("X-Priority", type);
            }
        }

        type = isHtmlFormat ? "text/html;charset=UTF-8" : "text/plain;charset=UTF-8";
        mess.setContent(message, type);
        if (mailProps.has("CC_ADDRESS")) {
            String[] cc = (String[])((String[])mailProps.get("CC_ADDRESS"));
            InternetAddress[] ccInternetAddress = new InternetAddress[cc.length];

            for(int i = 0; i < cc.length; ++i) {
                ccInternetAddress[i] = new InternetAddress(cc[i].trim());
            }

            mess.setRecipients(RecipientType.CC, ccInternetAddress);
        }

        mess.setSentDate(new Date());
        mess.setSubject(subject, "UTF-8");
        Thread.currentThread().setContextClassLoader(mess.getClass().getClassLoader());
        Transport.send(mess);
    } catch (Exception var29) {
        out.log(Level.INFO, " ", var29);
    }
}

Answer 1

这是 JavaMail 1.5.3 之前的 hardcoded 默认值，因此升级应该可以解决问题（请记住 JavaMail 已被 Jakarta Mail 取代）。

作为一种解决方法，您可以将所需的协议设置为空格分隔列表（如 Ajinkya 所建议的）

properties.put("mail.smtp.ssl.protocols", "TLSv1.2 TLSv1.1");

ClientHello在握手期间无法协商TLS版本

1 个答案: