How to force JavaMailSenderImpl to use TLS1.2?

Asked 7/11, 2017 at 19:58 Answered 30/3, 2022 at 11:5

Have a JDK7 app running on Tomcat and it does have the following env settings:

-Dhttps.protocols=TLSv1.1,TLSv1.2

The above setting ensures that we don't use TLS 1.0 when connecting over HTTPS while making API calls etc.

We also use the org.springframework.mail.javamail.JavaMailSenderImpl class to send outgoing SMTP email, and use these props:

 mail.smtp.auth=false;mail.smtp.socketFactory.port=2525;mail.smtp.socketFactory.fallback=true;mail.smtp.starttls.enable=true

The problem is that the connection to the SMTP email server is failing when it's upgraded to TLS1.2.

javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake

Is there a settings or code change that will force the TLS1.2 protocol?

I did some searching and it looks like these env settings are only for applet and web clients, not for server side apps

-Ddeployment.security.SSLv2Hello=false -Ddeployment.security.SSLv3=false -Ddeployment.security.TLSv1=false

Pediatrics answered 7/11, 2017 at 19:58 Comment(0)

This is the fix for the next guy looking:

mail.smtp.starttls.enable=true;
mail.smtp.ssl.protocols=TLSv1.2;

Pediatrics answered 8/12, 2017 at 18:42 Comment(1)

And those config values are JavaMail props, right, like those others in code snippet no 2 in the question. (But they aren't -D... flags.) – Crepitate 30/5, 2018 at 3:41

It didn't work for me in one pretty old app and I couldn't realize why. After some research I found that the javax.mail version in the app dependencies was 1.4. You must upgrade to at least 1.5.

Medius answered 17/4, 2020 at 7:42 Comment(0)

I needed both Vojtech Zavrel and Sunny's answer in my case. I was running Java 1.8 Spring Boot 1.2.5 and running on Big Sur 11.2.3 and spring version 4.2.1.RELEASE.

After I updated my dependency like this

<dependency>
        <groupId>javax.mail</groupId>
        <artifactId>mail</artifactId>
        <version>1.5.0-b01</version>
</dependency>

and I updated my JavaMailSenderImpl with

Properties prop = new Properties();
prop.setProperty("mail.smtp.auth", "true");
prop.setProperty("mail.smtp.starttls.enable", "true");
prop.setProperty("mail.smtp.ssl.protocols", "TLSv1.2"); // Added this line
prop.setProperty("mail.smtp.ssl.trust", mailUri.getHost());
mailSender.setJavaMailProperties(prop);

I saw the Received fatal alert: protocol_version error resolve.

Edric answered 6/7, 2021 at 18:46 Comment(5)

In my case the error was random ("..javax.mail.AuthenticationFailedException: 421 4.7.66 TLS 1.0 and 1.1 are not supported. Please upgrade/update your client to support TLS 1.2." returned as an SMTP error by some Microsoft mail server) and didn't go away with 1.5.0-b01; but upgrading to latest available (com.sun.mail:javax-mail:1.6.2) along with the session property, seemed to resolve the issue – Spevek 10/12, 2021 at 8:17

I also have to follow the same steps as @JanakaBandara to resolve the issue. I was using spring boot 2.0.2 and had to update it to 2.0.5 – Albers 25/1, 2022 at 3:55

I also had to upgrade my javax.mail artifact - but I was able to go to 1.4.7 (the last non-beta version I could see on maven central) from 1.4. Doing that combined with setting the mail.smtp.ssl.protocols property worked for me. – Mosra 5/5, 2022 at 16:3

The above java code worked fine but note there is another mandatory property required without which you will get a protocol not found error. prop.setProperty("mail.transport.protocol", "smtp"); – Despatch 24/9, 2023 at 0:36

in my case I had to set prop.setProperty("mail.smtp.ssl.trust", "*"); – Risner 26/11, 2023 at 14:13

An update to the most recent version (1.6.2.) of Java Mail also fixes the issue. In my case I upgraded from:

<dependency>
    <groupId>javax.mail</groupId>
    <artifactId>mail</artifactId>
    <version>1.5.0-b01</version>
</dependency>

to:

<dependency>
    <groupId>com.sun.mail</groupId>
    <artifactId>javax.mail</artifactId>
    <version>1.6.2</version>
</dependency>

This fixed the error

javax.mail.AuthenticationFailedException: 421 4.7.66 TLS 1.0 and 1.1 are not supported. Please upgrade/update your client to support TLS 1.2

I was getting from an Outlook SMTP-Server. No property changes needed.

Hellen answered 30/3, 2022 at 11:5 Comment(0)

Recommended topics

Hot tags