javax Could not convert socket to TLS;

Asked 30/7, 2021 at 12:34 Answered 7/8, 2024 at 8:57

I have a Problem sending Mails with Javax. We used gmail for about 4 years to send mails from our Java Software. Now i get the following Error:

Exception in thread "main" java.lang.RuntimeException: javax.mail.MessagingException: Could not convert socket to TLS;
  nested exception is:
    javax.net.ssl.SSLHandshakeException: No appropriate protocol (protocol is disabled or cipher suites are inappropriate)
    at SendEmail.sendMissingMailWeek(SendEmail.java:233)
    at main.negVerkaeufeMailenWeek(main.java:368)
    at main.main(main.java:79)
Caused by: javax.mail.MessagingException: Could not convert socket to TLS;
  nested exception is:
    javax.net.ssl.SSLHandshakeException: No appropriate protocol (protocol is disabled or cipher suites are inappropriate)
    at com.sun.mail.smtp.SMTPTransport.startTLS(SMTPTransport.java:1907)
    at com.sun.mail.smtp.SMTPTransport.protocolConnect(SMTPTransport.java:666)
    at javax.mail.Service.connect(Service.java:317)
    at javax.mail.Service.connect(Service.java:176)
    at javax.mail.Service.connect(Service.java:125)
    at javax.mail.Transport.send0(Transport.java:194)
    at javax.mail.Transport.send(Transport.java:124)
    at SendEmail.sendMissingMailWeek(SendEmail.java:226)
    ... 2 more
Caused by: javax.net.ssl.SSLHandshakeException: No appropriate protocol (protocol is disabled or cipher suites are inappropriate)
    at sun.security.ssl.HandshakeContext.<init>(HandshakeContext.java:171)
    at sun.security.ssl.ClientHandshakeContext.<init>(ClientHandshakeContext.java:98)
    at sun.security.ssl.TransportContext.kickstart(TransportContext.java:220)
    at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:428)
    at com.sun.mail.util.SocketFetcher.configureSSLSocket(SocketFetcher.java:549)
    at com.sun.mail.util.SocketFetcher.startTLS(SocketFetcher.java:486)
    at com.sun.mail.smtp.SMTPTransport.startTLS(SMTPTransport.java:1902)
    ... 9 more

Process finished with exit code 1

These are my Settings for gmail:

            props.put("mail.smtp.auth", "true");
            props.put("mail.smtp.starttls.enable", "true");
            props.put("mail.smtp.host", "smtp.gmail.com");
            props.put("mail.smtp.port", "587");
            props.put("mail.smtp.ssl.trust", "smtp.gmail.com");
            props.put("mail.smtp.debug", "true");

I also tried other Mailserver (O365, Strato) but got the same Error.

Aleppo answered 30/7, 2021 at 12:34 Comment(6)

Not sure if this will help but try passing -Djdk.tls.client.protocols=TLSv1.2 and -Djavax.net.debug=all might reveal more – Diminuendo 30/7, 2021 at 12:49

Same issue with my client app here. Was working a few weeks ago, now it's throwing an error. – Thurber 11/8, 2021 at 2:58

@Thurber Have you tried providing protocol information in your mail configuration? I mean, please, try including the following code in your mail props: props.put("mail.smtp.ssl.protocols", "TLSv1.2"). In addition, try tweaking ports 465 and 587, and the configuration property mail.smtp.starttls.required. I hope it helps. – Linker 11/8, 2021 at 13:51

Please, consider read this related google groups article, it can be of help as well. – Linker 11/8, 2021 at 16:14

Please, can you provide more information about your jdk and java mail versions? I tested email integration with your configuration and it worked properly. Maybe, the problem can be related to the environment in which your client run? – Linker 11/8, 2021 at 21:43

Possibly related to https://mcmap.net/q/910717/-javax-mail-messagingexception-could-not-convert-socket-to-tls-exception-in-java/14765128 – Miskolc 11/8, 2021 at 23:35

The error indicates some problem related to the TLS protocol required for establishing a secure connection with the mail servers.

As you can see in the questions comments, the problem can be caused by a lot of different things. Without knowing your OS, JDK and JavaMail library versions we can only guest the true reason.

@g00se gives you a good advice: please, try running your program with SSL debugging enabled by providing the following option:

-Djavax.net.debug=all

In addition, try including explicitly the TLS protocol in your configuration properties, it may be of help:

props.put("mail.smtp.ssl.protocols", "TLSv1.2");

In any way, for the symptoms you indicated, and due to the fact that AFAIK Google has not changed any related configuration recently, probably your problem will be related with a change introduced in the JDK distributions in order to disable by default insecure TLS protocol versions:

security-libs/javax.net.ssl
➜ Disable TLS 1.0 and 1.1

TLS 1.0 and 1.1 are versions of the TLS protocol that are no longer considered secure and have been superseded by more secure and modern versions (TLS 1.2 and 1.3).

These versions have now been disabled by default. If you encounter issues, you can, at your own risk, re-enable the versions by removing "TLSv1" and/or "TLSv1.1" from the jdk.tls.disabledAlgorithms security property in the java.security configuration file.

As you can see in the bug description, the change has been backported to different JDK versions.

Perhaps you upgraded your JDK and the problem raised.

If that is the case, as indicated in the quote, try editing your java.security configuration file and remove TLSv1 and/or TLSv1.1 from the jdk.tls.disabledAlgorithms security property.

Linker answered 13/8, 2021 at 14:17 Comment(4)

The change in JDK was the problem. Using props.put("mail.smtp.ssl.protocols", "TLSv1.2"); worked. – Thurber 13/8, 2021 at 14:50

That is great @ryvantage!! I am very happy to hear that you were able to solve the problem and that the answer was helpful. Thank you very much. – Linker 13/8, 2021 at 15:0

For my, a change from AdoptOpenJDK 15 to Zulu JDK 17 triggered the problem. Using props.put("mail.smtp.ssl.protocols", "TLSv1.2"); also solved it for me. – Disused 19/9, 2021 at 21:3

If you are working on an old java version or servlet use "TLSv1.2" – Skeens 6/12, 2021 at 12:47

I found an article with the same error message that is not posted yet:

postfix and openJDK 11: "No appropriate protocol (protocol is disabled or cipher suites are inappropriate)"

The answer there is:

After upgrade JavaMail from 1.4.7 to 1.6.2 the error is gone!

Japeth answered 12/8, 2021 at 14:28 Comment(0)

We use Amazon AWS for email. In order to fix this issue, I had to COMMENT OUT the lines as shown below in my Email Service class:

    this.properties = new Properties();
    this.properties.put("mail.sender",read(mail_sender.name()));
    this.properties.put("mail.smtp.host",read(mail_smtp_host.name()));
    this.properties.put("mail.smtp.port",read(mail_smtp_port.name()));
    this.properties.put("mail.smtp.auth", "true");
    this.properties.put("mail.username",read(mail_username.name()));
    this.properties.put("mail.password",read(mail_password.name()));
    
    // fix issue "Could not convert socket to TLS;"
//      this.properties.put("mail.smtp.starttls.enable","true");
//      this.properties.put("mail.smtp.ssl.trust",mail_smtp_host.name());
//      this.properties.put("mail.smtp.ssl.protocols","TLSv1.2");

Madewell answered 20/6, 2024 at 5:54 Comment(0)

Faced similar issue after upgrading to spring boot 3.1

It seems that mail property mail.smtp.ssl.checkserveridentity was false by default in previous versions but now it is true by default.

Setting mail.smtp.ssl.checkserveridentity to false fixed the issue.

Layman answered 7/8, 2024 at 8:57 Comment(0)

Recommended topics

Hot tags