I have a java complied package to speak with the https server on net. Running the compilation gives the following exception:
javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection?
at com.sun.net.ssl.internal.ssl.InputRecord.handleUnknownRecord(Unknown Source)
at com.sun.net.ssl.internal.ssl.InputRecord.read(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(Unknown Source)
I think this is due to the connection established with the client machine is not secure. Is there any way to configure the local machine or ports in order to connect to the remote https server?
I think this is due to the connection
established with the client machine is
not secure.
It is due to the fact that you are talking to an HTTP server, not an HTTPS server. Probably you didn't use the correct port number for HTTPS.
javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection?
You should have a local SMTP domain name that will contact the mail server and establishes a new connection as well you should change the SSL property in your programming below
javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection
props.put("mail.smtp.socketFactory.fallback", "true"); // Should be true
I got the same error message when I forgot to log in to the company firewall, before performing a POST request through a proxy.
I got the same error. it was because I was accessing the https port using http.. The issue solved when I changed http to https.
Adding this as an answer as it might help someone later.
I had to force jvm to use the IPv4 stack to resolve the error. My application used to work within company network, but while connecting from home it gave the same exception. No proxy involved. Added the jvm argument
-Djava.net.preferIPv4Stack=true and all the https requests were behaving normally.
If you are running local using spring i'd suggest use:
#Bean
public AmazonDynamoDB amazonDynamoDB() throws IOException {
return AmazonDynamoDBClientBuilder.standard()
.withCredentials(
new AWSStaticCredentialsProvider(
new BasicAWSCredentials("fake", "credencial")
)
)
.withClientConfiguration(new ClientConfigurationFactory().getConfig().withProtocol(Protocol.HTTP))
.withEndpointConfiguration(new AwsClientBuilder.EndpointConfiguration("localhost:8443", "central"))
.build();
}
It works for me using unit test.
Hope it's help!
I face the same issue from Java application built in Jdevelopr 11.1.1.7 IDE. I solved the issue by unchecking the use of proxy form Project properties.
You can find it in the following:
Project Properties -> (from left panle )Run/Debug/Profile ->Click (edit) form the right panel -> Tool Setting from the left panel -> uncheck (Use Proxy) option.
i solved my problem using port 25 and Following prop
mailSender.javaMailProperties.putAll([
"mail.smtp.auth": "true",
"mail.smtp.starttls.enable": "false",
"mail.smtp.ssl.enable": "false",
"mail.smtp.socketFactory.fallback": "true",
]);
In case you use Jetty version 9 or earlier you need to add it to jetty
by
RUN java -jar ${JETTY_HOME}/start.jar --add-to-startd=https
and according to this
Jetty: How to use SSL in Jetty client side
from Jetty version 10 it should work out of the box
In case you are running
Cisco AnyConnect Secure Mobility Agent
Cisco AnyConnect Web Security Agent
try stopping the service(s).
In our corporate network this IS the solution to the issue.
It worked for me now, I have change the setting of my google account as below:
System.out.println("Start");
final String username = "myemail#gmail.com";
final String password = "************";
Properties props = new Properties();
props.put("mail.smtp.auth", "true");
props.put("mail.smtp.host", "smtp.gmail.com");
props.put("mail.smtp.port", "465");
props.put("mail.transport.protocol", "smtp");
props.put("mail.smtp.starttls.enable", "true");
props.put("mail.smtp.starttls.enable", "true");
props.put("mail.smtp.socketFactory.class", "javax.net.ssl.SSLSocketFactory");
Session session = Session.getInstance(props,
new javax.mail.Authenticator() {
protected PasswordAuthentication getPasswordAuthentication() {
return new PasswordAuthentication(username, password);
}
});
try {
Transport transport=session.getTransport();
Message message = new MimeMessage(session);
message.setFrom(new InternetAddress("myemail#gmail.com"));//formBean.getString("fromEmail")
message.setRecipients(Message.RecipientType.TO,InternetAddress.parse("myemail#gmail.com"));
message.setSubject("subject");//formBean.getString(
message.setText("mailBody");
transport.connect();
transport.send(message, InternetAddress.parse("myemail#gmail.com"));//(message);
System.out.println("Done");
} catch (MessagingException e) {
System.out.println("e="+e);
e.printStackTrace();
throw new RuntimeException(e);
}
Though I have enabled SSL and TSL while running program in this link of same post. I spend a lot of time but than I realized and found this link.
And done 2 following steps and setting control in google. :
Disable the 2-step verification (password and OTP)
Enabling to allow to access less secure app(Allow less secure apps:
ON.)
Now I am able to send mail using above program.
As EJP said, it's a message shown because of a call to a non-https protocol.
If you are sure it is HTTPS, check your bypass proxy settings, and in case add your webservice host url to the bypass proxy list
if connection is FTPS test:
FTPSClient ftpClient = new FTPSClient(protocol, false);
protocol = TLS,SSL
and false = isImplicit.
I got the same issue and it got resolved by setting "proxyUser" and "proxyPassword" in system properties.
System.setProperty("http.proxyUser", PROXY_USER);
System.setProperty("http.proxyPassword", PROXY_PASSWORD);
along with "proxyHost" and "proxyPort"
System.setProperty("http.proxyHost", PROXY_ADDRESS);
System.setProperty("http.proxyPort", PROXY_PORT);
Hope it will work.
I was facing this exception when using Gmail.
In order to use Gmail I had to turn ON "Allow less secure apps".
This Gmail setting can be found at https://www.google.com/settings/security/lesssecureapps after login the gmail account.
I've got similar error using camel-mail component to send e-mails by gmail smtp.
The solution was changing from TLS port (587) to SSL port (465) as below:
<route id="sendMail">
<from uri="jason:toEmail"/>
<convertBodyTo type="java.lang.String"/>
<setHeader headerName="Subject"><constant>Something</constant></setHeader>
<to uri="smtps://smtp.gmail.com:465?username=myemail#gmail.com&password=mypw&to=someemail#gmail.com&debugMode=true&mail.smtp.starttls.enable=true"/>
</route>
Maybe your default cerficate has expired. to renew it through admin console go "Security >SSL certificate and key management > Key stores and certificates > NodeDefaultKeyStore > Personal certificates" select the "default" alias and click on "renew" after then restart WAS.
If you're running the Java process from the command line on Java 6 or earlier, adding this switch solved the issue above for me:
-Dhttps.protocols="TLSv1"
Related
I have a java complied package to speak with the https server on net. Running the compilation gives the following exception:
javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection?
at com.sun.net.ssl.internal.ssl.InputRecord.handleUnknownRecord(Unknown Source)
at com.sun.net.ssl.internal.ssl.InputRecord.read(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(Unknown Source)
I think this is due to the connection established with the client machine is not secure. Is there any way to configure the local machine or ports in order to connect to the remote https server?
I think this is due to the connection
established with the client machine is
not secure.
It is due to the fact that you are talking to an HTTP server, not an HTTPS server. Probably you didn't use the correct port number for HTTPS.
javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection?
You should have a local SMTP domain name that will contact the mail server and establishes a new connection as well you should change the SSL property in your programming below
javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection
props.put("mail.smtp.socketFactory.fallback", "true"); // Should be true
I got the same error message when I forgot to log in to the company firewall, before performing a POST request through a proxy.
I got the same error. it was because I was accessing the https port using http.. The issue solved when I changed http to https.
Adding this as an answer as it might help someone later.
I had to force jvm to use the IPv4 stack to resolve the error. My application used to work within company network, but while connecting from home it gave the same exception. No proxy involved. Added the jvm argument
-Djava.net.preferIPv4Stack=true and all the https requests were behaving normally.
If you are running local using spring i'd suggest use:
#Bean
public AmazonDynamoDB amazonDynamoDB() throws IOException {
return AmazonDynamoDBClientBuilder.standard()
.withCredentials(
new AWSStaticCredentialsProvider(
new BasicAWSCredentials("fake", "credencial")
)
)
.withClientConfiguration(new ClientConfigurationFactory().getConfig().withProtocol(Protocol.HTTP))
.withEndpointConfiguration(new AwsClientBuilder.EndpointConfiguration("localhost:8443", "central"))
.build();
}
It works for me using unit test.
Hope it's help!
I face the same issue from Java application built in Jdevelopr 11.1.1.7 IDE. I solved the issue by unchecking the use of proxy form Project properties.
You can find it in the following:
Project Properties -> (from left panle )Run/Debug/Profile ->Click (edit) form the right panel -> Tool Setting from the left panel -> uncheck (Use Proxy) option.
i solved my problem using port 25 and Following prop
mailSender.javaMailProperties.putAll([
"mail.smtp.auth": "true",
"mail.smtp.starttls.enable": "false",
"mail.smtp.ssl.enable": "false",
"mail.smtp.socketFactory.fallback": "true",
]);
In case you use Jetty version 9 or earlier you need to add it to jetty
by
RUN java -jar ${JETTY_HOME}/start.jar --add-to-startd=https
and according to this
Jetty: How to use SSL in Jetty client side
from Jetty version 10 it should work out of the box
In case you are running
Cisco AnyConnect Secure Mobility Agent
Cisco AnyConnect Web Security Agent
try stopping the service(s).
In our corporate network this IS the solution to the issue.
It worked for me now, I have change the setting of my google account as below:
System.out.println("Start");
final String username = "myemail#gmail.com";
final String password = "************";
Properties props = new Properties();
props.put("mail.smtp.auth", "true");
props.put("mail.smtp.host", "smtp.gmail.com");
props.put("mail.smtp.port", "465");
props.put("mail.transport.protocol", "smtp");
props.put("mail.smtp.starttls.enable", "true");
props.put("mail.smtp.starttls.enable", "true");
props.put("mail.smtp.socketFactory.class", "javax.net.ssl.SSLSocketFactory");
Session session = Session.getInstance(props,
new javax.mail.Authenticator() {
protected PasswordAuthentication getPasswordAuthentication() {
return new PasswordAuthentication(username, password);
}
});
try {
Transport transport=session.getTransport();
Message message = new MimeMessage(session);
message.setFrom(new InternetAddress("myemail#gmail.com"));//formBean.getString("fromEmail")
message.setRecipients(Message.RecipientType.TO,InternetAddress.parse("myemail#gmail.com"));
message.setSubject("subject");//formBean.getString(
message.setText("mailBody");
transport.connect();
transport.send(message, InternetAddress.parse("myemail#gmail.com"));//(message);
System.out.println("Done");
} catch (MessagingException e) {
System.out.println("e="+e);
e.printStackTrace();
throw new RuntimeException(e);
}
Though I have enabled SSL and TSL while running program in this link of same post. I spend a lot of time but than I realized and found this link.
And done 2 following steps and setting control in google. :
Disable the 2-step verification (password and OTP)
Enabling to allow to access less secure app(Allow less secure apps:
ON.)
Now I am able to send mail using above program.
As EJP said, it's a message shown because of a call to a non-https protocol.
If you are sure it is HTTPS, check your bypass proxy settings, and in case add your webservice host url to the bypass proxy list
if connection is FTPS test:
FTPSClient ftpClient = new FTPSClient(protocol, false);
protocol = TLS,SSL
and false = isImplicit.
I got the same issue and it got resolved by setting "proxyUser" and "proxyPassword" in system properties.
System.setProperty("http.proxyUser", PROXY_USER);
System.setProperty("http.proxyPassword", PROXY_PASSWORD);
along with "proxyHost" and "proxyPort"
System.setProperty("http.proxyHost", PROXY_ADDRESS);
System.setProperty("http.proxyPort", PROXY_PORT);
Hope it will work.
I was facing this exception when using Gmail.
In order to use Gmail I had to turn ON "Allow less secure apps".
This Gmail setting can be found at https://www.google.com/settings/security/lesssecureapps after login the gmail account.
I've got similar error using camel-mail component to send e-mails by gmail smtp.
The solution was changing from TLS port (587) to SSL port (465) as below:
<route id="sendMail">
<from uri="jason:toEmail"/>
<convertBodyTo type="java.lang.String"/>
<setHeader headerName="Subject"><constant>Something</constant></setHeader>
<to uri="smtps://smtp.gmail.com:465?username=myemail#gmail.com&password=mypw&to=someemail#gmail.com&debugMode=true&mail.smtp.starttls.enable=true"/>
</route>
Maybe your default cerficate has expired. to renew it through admin console go "Security >SSL certificate and key management > Key stores and certificates > NodeDefaultKeyStore > Personal certificates" select the "default" alias and click on "renew" after then restart WAS.
If you're running the Java process from the command line on Java 6 or earlier, adding this switch solved the issue above for me:
-Dhttps.protocols="TLSv1"
I have a java complied package to speak with the https server on net. Running the compilation gives the following exception:
javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection?
at com.sun.net.ssl.internal.ssl.InputRecord.handleUnknownRecord(Unknown Source)
at com.sun.net.ssl.internal.ssl.InputRecord.read(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(Unknown Source)
I think this is due to the connection established with the client machine is not secure. Is there any way to configure the local machine or ports in order to connect to the remote https server?
I think this is due to the connection
established with the client machine is
not secure.
It is due to the fact that you are talking to an HTTP server, not an HTTPS server. Probably you didn't use the correct port number for HTTPS.
javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection?
You should have a local SMTP domain name that will contact the mail server and establishes a new connection as well you should change the SSL property in your programming below
javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection
props.put("mail.smtp.socketFactory.fallback", "true"); // Should be true
I got the same error message when I forgot to log in to the company firewall, before performing a POST request through a proxy.
I got the same error. it was because I was accessing the https port using http.. The issue solved when I changed http to https.
Adding this as an answer as it might help someone later.
I had to force jvm to use the IPv4 stack to resolve the error. My application used to work within company network, but while connecting from home it gave the same exception. No proxy involved. Added the jvm argument
-Djava.net.preferIPv4Stack=true and all the https requests were behaving normally.
If you are running local using spring i'd suggest use:
#Bean
public AmazonDynamoDB amazonDynamoDB() throws IOException {
return AmazonDynamoDBClientBuilder.standard()
.withCredentials(
new AWSStaticCredentialsProvider(
new BasicAWSCredentials("fake", "credencial")
)
)
.withClientConfiguration(new ClientConfigurationFactory().getConfig().withProtocol(Protocol.HTTP))
.withEndpointConfiguration(new AwsClientBuilder.EndpointConfiguration("localhost:8443", "central"))
.build();
}
It works for me using unit test.
Hope it's help!
I face the same issue from Java application built in Jdevelopr 11.1.1.7 IDE. I solved the issue by unchecking the use of proxy form Project properties.
You can find it in the following:
Project Properties -> (from left panle )Run/Debug/Profile ->Click (edit) form the right panel -> Tool Setting from the left panel -> uncheck (Use Proxy) option.
i solved my problem using port 25 and Following prop
mailSender.javaMailProperties.putAll([
"mail.smtp.auth": "true",
"mail.smtp.starttls.enable": "false",
"mail.smtp.ssl.enable": "false",
"mail.smtp.socketFactory.fallback": "true",
]);
In case you use Jetty version 9 or earlier you need to add it to jetty
by
RUN java -jar ${JETTY_HOME}/start.jar --add-to-startd=https
and according to this
Jetty: How to use SSL in Jetty client side
from Jetty version 10 it should work out of the box
In case you are running
Cisco AnyConnect Secure Mobility Agent
Cisco AnyConnect Web Security Agent
try stopping the service(s).
In our corporate network this IS the solution to the issue.
It worked for me now, I have change the setting of my google account as below:
System.out.println("Start");
final String username = "myemail#gmail.com";
final String password = "************";
Properties props = new Properties();
props.put("mail.smtp.auth", "true");
props.put("mail.smtp.host", "smtp.gmail.com");
props.put("mail.smtp.port", "465");
props.put("mail.transport.protocol", "smtp");
props.put("mail.smtp.starttls.enable", "true");
props.put("mail.smtp.starttls.enable", "true");
props.put("mail.smtp.socketFactory.class", "javax.net.ssl.SSLSocketFactory");
Session session = Session.getInstance(props,
new javax.mail.Authenticator() {
protected PasswordAuthentication getPasswordAuthentication() {
return new PasswordAuthentication(username, password);
}
});
try {
Transport transport=session.getTransport();
Message message = new MimeMessage(session);
message.setFrom(new InternetAddress("myemail#gmail.com"));//formBean.getString("fromEmail")
message.setRecipients(Message.RecipientType.TO,InternetAddress.parse("myemail#gmail.com"));
message.setSubject("subject");//formBean.getString(
message.setText("mailBody");
transport.connect();
transport.send(message, InternetAddress.parse("myemail#gmail.com"));//(message);
System.out.println("Done");
} catch (MessagingException e) {
System.out.println("e="+e);
e.printStackTrace();
throw new RuntimeException(e);
}
Though I have enabled SSL and TSL while running program in this link of same post. I spend a lot of time but than I realized and found this link.
And done 2 following steps and setting control in google. :
Disable the 2-step verification (password and OTP)
Enabling to allow to access less secure app(Allow less secure apps:
ON.)
Now I am able to send mail using above program.
As EJP said, it's a message shown because of a call to a non-https protocol.
If you are sure it is HTTPS, check your bypass proxy settings, and in case add your webservice host url to the bypass proxy list
if connection is FTPS test:
FTPSClient ftpClient = new FTPSClient(protocol, false);
protocol = TLS,SSL
and false = isImplicit.
I got the same issue and it got resolved by setting "proxyUser" and "proxyPassword" in system properties.
System.setProperty("http.proxyUser", PROXY_USER);
System.setProperty("http.proxyPassword", PROXY_PASSWORD);
along with "proxyHost" and "proxyPort"
System.setProperty("http.proxyHost", PROXY_ADDRESS);
System.setProperty("http.proxyPort", PROXY_PORT);
Hope it will work.
I was facing this exception when using Gmail.
In order to use Gmail I had to turn ON "Allow less secure apps".
This Gmail setting can be found at https://www.google.com/settings/security/lesssecureapps after login the gmail account.
I've got similar error using camel-mail component to send e-mails by gmail smtp.
The solution was changing from TLS port (587) to SSL port (465) as below:
<route id="sendMail">
<from uri="jason:toEmail"/>
<convertBodyTo type="java.lang.String"/>
<setHeader headerName="Subject"><constant>Something</constant></setHeader>
<to uri="smtps://smtp.gmail.com:465?username=myemail#gmail.com&password=mypw&to=someemail#gmail.com&debugMode=true&mail.smtp.starttls.enable=true"/>
</route>
Maybe your default cerficate has expired. to renew it through admin console go "Security >SSL certificate and key management > Key stores and certificates > NodeDefaultKeyStore > Personal certificates" select the "default" alias and click on "renew" after then restart WAS.
If you're running the Java process from the command line on Java 6 or earlier, adding this switch solved the issue above for me:
-Dhttps.protocols="TLSv1"
after my web-server provider disabled old security protocol(versions) and cipher suites, I am no longer able to connect to the smtpserver. this was my original configuration, but no encrypted communication (SSL, TLS) is longer possible.
What could be the source of this problem?
DEBUG: setDebug: JavaMail version 1.5.5 (JDK 1.7)
when I try the same without SSL (commented in code), it works fine, so there has to be a problem with the webserver. Funny fact: Outlook works just fine (with same credentials)!
public static void main(final String[] args) throws Exception {
System.setProperty("javax.net.debug", "all");
final Properties props = new Properties();
// use SSL (worked before ssl-update on mailserver, where old security protocols were disabled)
props.put("mail.smtp.ssl.socketFactory", "javax.net.ssl.SSLSocketFactory");
props.put("mail.smtp.socketFactory.port", "465");
props.put("mail.smtp.socketFactory.fallback", "false");
props.put("mail.smtp.host", "alfa3022.alfahosting-server.de");
props.put("mail.smtp.port", "465");
props.put("mail.smtp.ssl.enable", "true");
// no ssl (works fine!):
// props.put("mail.debug", "true");
// props.put("mail.smtp.host", SMTP_HOST_NAME);
// props.put("mail.smtp.auth", "true");
// props.put("mail.smtp.port", 587);
final Session session = Session.getInstance(props, new javax.mail.Authenticator() {
#Override
protected PasswordAuthentication getPasswordAuthentication() {
return new PasswordAuthentication(getEmailUsername(), getEmailPassword());
}
});
session.setDebug(true);
final Message msg = new MimeMessage(session);
final InternetAddress addressFrom = new InternetAddress("test#test.com");
msg.setFrom(addressFrom);
// [...] create email object and add contents to msg
msg.setRecipient(Message.RecipientType.BCC, new InternetAddress("dummy#test.com"));
Transport.send(msg);
}
When I execute a Handshake-Simulation of the email-server it tells me that java is not working??
https://www.ssllabs.com/ssltest/analyze.html?d=alfa3022.alfahosting-server.de
What could be the difference or what am I failed to see?
What could be the source of this problem?
Ans:
SSLHandshakeException is a subclass of the IOException, so you do not need to catch is explicitly. Most developers will not need an explicit catch, but it may help you more easily diagnose the cause of any IOException.
When applying the -Djavax.net.debug=all property, the failure associated with this SSLHandshakeException would appear immediately after algorithm negotiation in the logs.
So, System.setProperty("javax.net.debug", "all"); is making error in your code.
What is the root cause of occuring SSLHandshakeException? How to
prevent it?
Ans:
The most likely cause for SSLHandshakeException is algorithm support. The JDK provides a separate package called JCE Unlimited Strength, designed to add stronger algorithm support than what’s available by default. Qualys SSL Labs provides a different server SSL test that will enumerate which algorithms a server supports.
Adding stronger algorithms: JCE Unlimited Strength
In a high security environment, one way of strengthening algorithms in the JDK is through the JCE Unlimited Strength policy files. In this particular case, replacing those policy files within JDK 7 allows it to use the stronger variants of existing algorithms and connect successfully.
JCE Unlimited Strength downloads: JDK 8, JDK 7, or JDK 6.
Resource Link:
Diagnosing TLS, SSL, and HTTPS
You can try with it
you need to set certificate, to access the SMTP port.
System.setProperty("javax.net.ssl.trustStore","key");
System.setProperty("javax.net.ssl.trustStorePassword","password");
for generating a KeyStore and TrustStore, follow the tutorial
From Marvin Pinto's answer,
The javax.net.ssl.SSLHandshakeException exception is usually thrown when the server you're trying to connect to does not have a valid certificate from an authorized CA.
Put simply, the server you're attempting to connect to is most likely using a self-signed certificate and you have to accomodate for that in your Java code. This involves creating a custom KeyStore, etc. See this Stack Overflow answer for full implementation details.
If you want to clarify your conception completely, then read the
tutorial which is for use of SSL with JavaMail.
Related Link:
JAVAMAIL API FAQ
Received fatal alert: handshake_failure through
SSLHandshakeException
You can use openssl to test the certificate and that way you can troubleshoot the handshake failure.
openssl s_client -connect mail.alfahosting-server.de:443
When I did it to that host you mention, I actually got:
Verify return code: 20 (unable to get local issuer certificate)
I set up Dspace to send e-mail using my company's e-mail server, DSpace uses javax.mail to do this.
When I try send outside of my company's network the e-mail is sent successfully, but in the company's network the email is not sent.
Follows the shown error message:
Error: javax.mail.MessagingException: Exception reading response;
nested exception is: javax.net.ssl.SSLException: Unrecognized SSL
message, plaintext connection?
(1) There's no proxy on the way
(2) I tryed to send using gmail, but I've got same scenario
(3) The only related thread that I've found were solved with proxy settings, but because (1) that is not a solution (Java mail doesn't work in the company's network)
(4) The used door (587) is the same configured in Thunderbird which works great both inside and outside my company's network.
WHAT A MISTERY!!! O.O
If some one could help, that would be great!
Thanks a lot!
I found an answer in another thread that guided me:
Javamail non ssl properties are:
Properties props = new Properties();
props.put("mail.smtp.user", "email#mydomain.com");
props.put("mail.smtp.password", "password");
props.put("mail.smtp.protocol", "smtp");
props.put("mail.smtp.host", "smtp.mydomain.com");
props.put("mail.smtp.port", "25");
props.put("mail.smtp.starttls.enable","false");
props.put("mail.smtp.auth", "true");
props.put("mail.smtp.socketFactory.port", "25");
props.put("mail.smtp.socketFactory.class", "");
props.put("mail.smtp.socketFactory.fallback", "false");
The only property that I changed to DSpace start send email was mail.smtp.socketFactory.class="", before was "javax.net.ssl.SSLSocketFactory".
Unfortunately I still not understand why previous settings were working outside company's network, maybe some rule blocking ssl connections.
#SergeBallesta: Thanks for the help!
In one application, I implemented mail sending logic using java. I used smtp.gmail.com over 587 port with a valid gmail id and password. In development environment everything is working fine. But in production environment I need to use a different mailing server say smtp.xyz.in over port 25 with a valid email id and password on that domain.
When I continue with SSL enable with following code:
I am getting an error
Could not convert socket to TLS
SunCertPathBuilderException: Unable To Find Valid Certification Path To Requested Target
=======================================================
final ResourceBundle rsbd=ResourceBundle.getBundle("main/ResourceBundle/Dyna");
// -- Attaching to default Session, or we could start a new one
props.put("mail.smtp.host", smtpServer);
props.put("mail.smtp.auth", "true");
props.put("mail.debug", "true");
props.put("mail.smtp.port", port);
props.put("mail.smtp.starttls.enable","true");
props.put("mail.smtp.EnableSSL.enable","true");
Session session =Session.getInstance(props, new Authenticator() {protected PasswordAuthentication getPasswordAuthentication() {return new PasswordAuthentication(admin_mail, admin_password);}});
// -- Create a new message --
Message msg = new MimeMessage(session);
// -- Set the FROM and TO fields --
msg.setFrom(new InternetAddress(from));
msg.setRecipients(Message.RecipientType.TO, InternetAddress.parse(email, false));
msg.setSubject(subject);
msg.setText(emailContent);
// -- Set some other header information --
msg.setHeader("X-Mailer", "LOTONtechEmail");
msg.setSentDate(new Date());
// -- Send the message --
Transport.send(msg);
When I am removing EnableSSL and trying by adding the following code:
(getting javax.mail.AuthenticationFailedException:535 5.7.3 Authentication unsuccessful)
==========================================================================
props.put("mail.smtp.socketFactory.port","25");
props.put("mail.smtp.socketFactory.class", "javax.net.ssl.SSLSocketFactory");
props.put("mail.smtp.socketFactory.fallback", "true");
MailSSLSocketFactory sf=new MailSSLSocketFactory();
sf.setTrustAllHosts(true);
props.put("mail.smtp.ssl.socketFactory", sf);
By googling enough in last 3 days, I understand that I need to configure for trusted certificate like given here.
But I want to continue without encryption and without mugging to enable SSL. Is there a way to send emails by java programs through our own domain without enabling SSL.
Any help will be appreciated.
Whether SSL/TLS is required or not is controlled by your mail server. If it requires it, you have to use it.
You can set the mail.smtp.ssl.trust property to ignore the certificate issue, or you can fix it as described in the JavaMail FAQ.
If you are using
props.put("mail.smtp.socketFactory.class",
"javax.net.ssl.SSLSocketFactory");
Please remove this snippet to avoid SSL Configuration from SMTP server.
Hey Deactivate your antivirus it's working for me.
I deactivate only SMTP outbound in antivirus
I've found that we have to set the correct TLS version also, otherwise we may get the same error. Below property settings helped to solve the issue.
<props>
<prop key="mail.smtp.auth">true</prop>
<prop key="mail.smtp.starttls.enable">true</prop>
<prop key="mail.smtp.ssl.protocols">TLSv1.2</prop>
<prop key="mail.smtp.ssl.trust">mail.XyZ.com</prop>
</props>
Usually, all you need to specify is the your SMTP server host, port and whether your SMTP server requires authentication when sending emails or not and if the communication with the SMTP server should be secured over SSL/TLS. You need to specify the corresponding properties correctly and thats it.
But, the above parameters are dictated by the SMTP server. The server decides whether it should accept only secured connections; and whether it should use SSL or more secure TLS and it would be either of them or both. Also, some SMTP servers do need senders authentication when sending emails while some don't. So, you need to check the documentation of the SMTP server you are to use to configure the parameters correctly. Refer here for a working example that uses Gmail to send emails
This error could occur if you use an old JavaMail lib (mail.jar or javax.mail.jar).
Download the newest version from here: https://javaee.github.io/javamail/