Details
-
Bug
-
Resolution: External
-
P4
-
None
-
11
Description
ADDITIONAL SYSTEM INFORMATION :
OS: Ubuntu 18.04 (not checked in other systems).
JDK: OpenJDK 11.0.11 (the feature worked in 11.0.6).
SMTP server: smtp.office365.com
A DESCRIPTION OF THE PROBLEM :
In JDK 11.0.11, TLS 1.0 and 1.1 were disabled by default. However, such default configuration leads to an exception on attempt to send an email by SMTP.
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
1. Install OpenJDK 11.0.11 under Ubuntu 18.04, keep default configuration.
sudo add-apt-repository ppa:openjdk-r/ppa
sudo apt update
sudo apt install -y openjdk-11-jdk
sudo update-alternatives --config java
2. Download the attached code sample, substitute constant values for some real values you know.
3. (negative scenario) Run as is.
4. (positive scenario) Run the same code with line 16 uncommented.
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
Both scenarios succeed, emails get sent.
ACTUAL -
Positive scenario succeeds, negative one fails with an exception:
Exception in thread "main" javax.mail.MessagingException: Could not convert socket to TLS;
nested exception is:
javax.net.ssl.SSLHandshakeException: No appropriate protocol (protocol is disabled or cipher suites are inappropriate)
at com.sun.mail.smtp.SMTPTransport.startTLS(SMTPTransport.java:1907)
at com.sun.mail.smtp.SMTPTransport.protocolConnect(SMTPTransport.java:666)
at javax.mail.Service.connect(Service.java:317)
at javax.mail.Service.connect(Service.java:176)
at javax.mail.Service.connect(Service.java:125)
at javax.mail.Transport.send0(Transport.java:194)
at javax.mail.Transport.send(Transport.java:124)
at com.cassantec.email.Test.main(Test.java:34)
Caused by: javax.net.ssl.SSLHandshakeException: No appropriate protocol (protocol is disabled or cipher suites are inappropriate)
at java.base/sun.security.ssl.HandshakeContext.<init>(HandshakeContext.java:170)
at java.base/sun.security.ssl.ClientHandshakeContext.<init>(ClientHandshakeContext.java:98)
at java.base/sun.security.ssl.TransportContext.kickstart(TransportContext.java:221)
at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:433)
at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:411)
at com.sun.mail.util.SocketFetcher.configureSSLSocket(SocketFetcher.java:549)
at com.sun.mail.util.SocketFetcher.startTLS(SocketFetcher.java:486)
at com.sun.mail.smtp.SMTPTransport.startTLS(SMTPTransport.java:1902)
... 7 more
---------- BEGIN SOURCE ----------
package com.emailtest;
import javax.mail.*;
import javax.mail.internet.InternetAddress;
import javax.mail.internet.MimeMessage;
import java.util.Properties;
public class Test {
private static final String EMAIL_FROM = "<email_from>";
private static final String EMAIL_TO = "<email_to>";
private static final String PASSWORD = "<password>";
public static void main(String[] args) throws Exception {
var smtpProperties = new Properties();
//smtpProperties.put("mail.smtp.ssl.protocols", "TLSv1.3 TLSv1.2");
smtpProperties.put("mail.smtp.host", "smtp.office365.com");
smtpProperties.put("mail.smtp.socketFactory.port", "587");
smtpProperties.put("mail.smtp.socketFactory.fallback", "false");
smtpProperties.put("mail.smtp.auth", "true");
smtpProperties.put("mail.smtp.port", "587");
smtpProperties.put("mail.smtp.starttls.enable", "true");
var session = Session.getInstance(smtpProperties, new Authenticator() {
@Override
protected PasswordAuthentication getPasswordAuthentication() {
return new PasswordAuthentication(EMAIL_FROM, PASSWORD);
}
});
MimeMessage message = new MimeMessage(session);
message.setFrom(new InternetAddress(EMAIL_FROM));
message.addRecipient(Message.RecipientType.TO, new InternetAddress(EMAIL_TO));
message.setText("Hello!");
message.setSubject("Hello");
Transport.send(message);
}
}
---------- END SOURCE ----------
CUSTOMER SUBMITTED WORKAROUND :
Uncomment line 16, i.e. enable TLS 1.2 and 1.3 explicitly.
FREQUENCY : always
OS: Ubuntu 18.04 (not checked in other systems).
JDK: OpenJDK 11.0.11 (the feature worked in 11.0.6).
SMTP server: smtp.office365.com
A DESCRIPTION OF THE PROBLEM :
In JDK 11.0.11, TLS 1.0 and 1.1 were disabled by default. However, such default configuration leads to an exception on attempt to send an email by SMTP.
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
1. Install OpenJDK 11.0.11 under Ubuntu 18.04, keep default configuration.
sudo add-apt-repository ppa:openjdk-r/ppa
sudo apt update
sudo apt install -y openjdk-11-jdk
sudo update-alternatives --config java
2. Download the attached code sample, substitute constant values for some real values you know.
3. (negative scenario) Run as is.
4. (positive scenario) Run the same code with line 16 uncommented.
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
Both scenarios succeed, emails get sent.
ACTUAL -
Positive scenario succeeds, negative one fails with an exception:
Exception in thread "main" javax.mail.MessagingException: Could not convert socket to TLS;
nested exception is:
javax.net.ssl.SSLHandshakeException: No appropriate protocol (protocol is disabled or cipher suites are inappropriate)
at com.sun.mail.smtp.SMTPTransport.startTLS(SMTPTransport.java:1907)
at com.sun.mail.smtp.SMTPTransport.protocolConnect(SMTPTransport.java:666)
at javax.mail.Service.connect(Service.java:317)
at javax.mail.Service.connect(Service.java:176)
at javax.mail.Service.connect(Service.java:125)
at javax.mail.Transport.send0(Transport.java:194)
at javax.mail.Transport.send(Transport.java:124)
at com.cassantec.email.Test.main(Test.java:34)
Caused by: javax.net.ssl.SSLHandshakeException: No appropriate protocol (protocol is disabled or cipher suites are inappropriate)
at java.base/sun.security.ssl.HandshakeContext.<init>(HandshakeContext.java:170)
at java.base/sun.security.ssl.ClientHandshakeContext.<init>(ClientHandshakeContext.java:98)
at java.base/sun.security.ssl.TransportContext.kickstart(TransportContext.java:221)
at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:433)
at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:411)
at com.sun.mail.util.SocketFetcher.configureSSLSocket(SocketFetcher.java:549)
at com.sun.mail.util.SocketFetcher.startTLS(SocketFetcher.java:486)
at com.sun.mail.smtp.SMTPTransport.startTLS(SMTPTransport.java:1902)
... 7 more
---------- BEGIN SOURCE ----------
package com.emailtest;
import javax.mail.*;
import javax.mail.internet.InternetAddress;
import javax.mail.internet.MimeMessage;
import java.util.Properties;
public class Test {
private static final String EMAIL_FROM = "<email_from>";
private static final String EMAIL_TO = "<email_to>";
private static final String PASSWORD = "<password>";
public static void main(String[] args) throws Exception {
var smtpProperties = new Properties();
//smtpProperties.put("mail.smtp.ssl.protocols", "TLSv1.3 TLSv1.2");
smtpProperties.put("mail.smtp.host", "smtp.office365.com");
smtpProperties.put("mail.smtp.socketFactory.port", "587");
smtpProperties.put("mail.smtp.socketFactory.fallback", "false");
smtpProperties.put("mail.smtp.auth", "true");
smtpProperties.put("mail.smtp.port", "587");
smtpProperties.put("mail.smtp.starttls.enable", "true");
var session = Session.getInstance(smtpProperties, new Authenticator() {
@Override
protected PasswordAuthentication getPasswordAuthentication() {
return new PasswordAuthentication(EMAIL_FROM, PASSWORD);
}
});
MimeMessage message = new MimeMessage(session);
message.setFrom(new InternetAddress(EMAIL_FROM));
message.addRecipient(Message.RecipientType.TO, new InternetAddress(EMAIL_TO));
message.setText("Hello!");
message.setSubject("Hello");
Transport.send(message);
}
}
---------- END SOURCE ----------
CUSTOMER SUBMITTED WORKAROUND :
Uncomment line 16, i.e. enable TLS 1.2 and 1.3 explicitly.
FREQUENCY : always
Attachments
Issue Links
- relates to
-
JDK-8202343 Disable TLS 1.0 and 1.1
-
- Resolved
-