How to force JavaMailSenderImpl to use TLS1.2?

java email smtp tls1.2

27,982

Solution 1

This is the fix for the next guy looking:

mail.smtp.starttls.enable=true;
mail.smtp.ssl.protocols=TLSv1.2;

Solution 2

It didn't work for me in one pretty old app and I couldn't realize why. After some research I found that the javax.mail version in the app dependencies was 1.4. You must upgrade to at least 1.5.

Solution 3

I needed both Vojtech Zavrel and Sunny's answer in my case. I was running Java 1.8 Spring Boot 1.2.5 and running on Big Sur 11.2.3 and spring version 4.2.1.RELEASE.

After I updated my dependency like this

<dependency>
        <groupId>javax.mail</groupId>
        <artifactId>mail</artifactId>
        <version>1.5.0-b01</version>
</dependency>

and I updated my JavaMailSenderImpl with

Properties prop = new Properties();
prop.setProperty("mail.smtp.auth", "true");
prop.setProperty("mail.smtp.starttls.enable", "true");
prop.setProperty("mail.smtp.ssl.protocols", "TLSv1.2"); // Added this line
prop.setProperty("mail.smtp.ssl.trust", mailUri.getHost());
mailSender.setJavaMailProperties(prop);

I saw the Received fatal alert: protocol_version error resolve.

27,982

Author by

Sunny

Updated on July 09, 2022

Comments

Sunny almost 2 years
Have a JDK7 app running on Tomcat and it does have the following env settings:
```
-Dhttps.protocols=TLSv1.1,TLSv1.2 
```
The above setting ensures that we don't use TLS 1.0 when connecting over HTTPS while making API calls etc.

We also use the org.springframework.mail.javamail.JavaMailSenderImpl class to send outgoing SMTP email, and use these props:
```
 mail.smtp.auth=false;mail.smtp.socketFactory.port=2525;mail.smtp.socketFactory.fallback=true;mail.smtp.starttls.enable=true
```
The problem is that the connection to the SMTP email server is failing when it's upgraded to TLS1.2.

javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake

Is there a settings or code change that will force the TLS1.2 protocol?

I did some searching and it looks like these env settings are only for applet and web clients, not for server side apps
```
-Ddeployment.security.SSLv2Hello=false -Ddeployment.security.SSLv3=false -Ddeployment.security.TLSv1=false
```
KajMagnus almost 6 years

And those config values are JavaMail props, right, like those others in code snippet no 2 in the question. (But they aren't -D... flags.)
Janaka Bandara over 2 years

In my case the error was random ("..javax.mail.AuthenticationFailedException: 421 4.7.66 TLS 1.0 and 1.1 are not supported. Please upgrade/update your client to support TLS 1.2." returned as an SMTP error by some Microsoft mail server) and didn't go away with 1.5.0-b01; but upgrading to latest available (com.sun.mail:javax-mail:1.6.2) along with the session property, seemed to resolve the issue
kasunb over 2 years

I also have to follow the same steps as @JanakaBandara to resolve the issue. I was using spring boot 2.0.2 and had to update it to 2.0.5
Raj about 2 years

I also had to upgrade my javax.mail artifact - but I was able to go to 1.4.7 (the last non-beta version I could see on maven central) from 1.4. Doing that combined with setting the mail.smtp.ssl.protocols property worked for me.