How to force JavaMailSenderImpl to use TLS1.2?
Solution 1
This is the fix for the next guy looking:
mail.smtp.starttls.enable=true;
mail.smtp.ssl.protocols=TLSv1.2;
Solution 2
It didn't work for me in one pretty old app and I couldn't realize why. After some research I found that the javax.mail
version in the app dependencies was 1.4. You must upgrade to at least 1.5.
Solution 3
I needed both Vojtech Zavrel and Sunny's answer in my case. I was running Java 1.8 Spring Boot 1.2.5 and running on Big Sur 11.2.3 and spring version 4.2.1.RELEASE.
After I updated my dependency like this
<dependency>
<groupId>javax.mail</groupId>
<artifactId>mail</artifactId>
<version>1.5.0-b01</version>
</dependency>
and I updated my JavaMailSenderImpl
with
Properties prop = new Properties();
prop.setProperty("mail.smtp.auth", "true");
prop.setProperty("mail.smtp.starttls.enable", "true");
prop.setProperty("mail.smtp.ssl.protocols", "TLSv1.2"); // Added this line
prop.setProperty("mail.smtp.ssl.trust", mailUri.getHost());
mailSender.setJavaMailProperties(prop);
I saw the Received fatal alert: protocol_version
error resolve.
Sunny
Updated on July 09, 2022Comments
-
Sunny almost 2 years
Have a JDK7 app running on Tomcat and it does have the following env settings:
-Dhttps.protocols=TLSv1.1,TLSv1.2
The above setting ensures that we don't use TLS 1.0 when connecting over HTTPS while making API calls etc.
We also use the org.springframework.mail.javamail.JavaMailSenderImpl class to send outgoing SMTP email, and use these props:
mail.smtp.auth=false;mail.smtp.socketFactory.port=2525;mail.smtp.socketFactory.fallback=true;mail.smtp.starttls.enable=true
The problem is that the connection to the SMTP email server is failing when it's upgraded to TLS1.2.
javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
Is there a settings or code change that will force the TLS1.2 protocol?
I did some searching and it looks like these env settings are only for applet and web clients, not for server side apps
-Ddeployment.security.SSLv2Hello=false -Ddeployment.security.SSLv3=false -Ddeployment.security.TLSv1=false
-
KajMagnus almost 6 yearsAnd those config values are JavaMail props, right, like those others in code snippet no 2 in the question. (But they aren't
-D...
flags.) -
Janaka Bandara over 2 yearsIn my case the error was random ("..javax.mail.AuthenticationFailedException: 421 4.7.66 TLS 1.0 and 1.1 are not supported. Please upgrade/update your client to support TLS 1.2." returned as an SMTP error by some Microsoft mail server) and didn't go away with
1.5.0-b01
; but upgrading to latest available (com.sun.mail:javax-mail:1.6.2
) along with the session property, seemed to resolve the issue -
kasunb over 2 yearsI also have to follow the same steps as @JanakaBandara to resolve the issue. I was using spring boot 2.0.2 and had to update it to 2.0.5
-
Raj about 2 yearsI also had to upgrade my javax.mail artifact - but I was able to go to 1.4.7 (the last non-beta version I could see on maven central) from 1.4. Doing that combined with setting the
mail.smtp.ssl.protocols
property worked for me.