科技改变生活-雨落星辰 - 所有的伟大,都源于一个勇敢的开始

    最新消息:雨落星辰是一个专注网站SEO优化、网站SEO诊断、搜索引擎研究、网络营销推广、网站策划运营及站长类的自媒体原创博客
    你的位置: 首页>programmer>Domino java agent connecting to SMTP server with TLS1.2 - Stack Overflow

    Domino java agent connecting to SMTP server with TLS1.2 - Stack Overflow

    programmeradmin13浏览0评论

    We have a specific use case where we have certain emails need to be sent direct from a Domino java agent (using mailapi-1.6.2.jar) to a remote SMTP server where TLS1.2 is required. Depending on business logic, different user names and passwords are used when authenticating with the remote server. TLS 1.0 and TLS 1.1 has been disabled on the remote server.

    The error received is: javax.mail.MessagingException: Can't send command to SMTP host; nested exception is: javax.ssl.SSLHandshakeException: No appropriate protocol, may be no appropriate cipher suite specified or protocols are deactivated

    We have used WireShark to confirm TLS1.2 is being used.

    Assuming the issue is: the cipher being used by Domino is incorrect? We are unsure how to verify which cipher suite is missing\attempting to be used.

    Any and all suggestions or pointers would be greatly appreciated as we are struggling with this one.

    Thanks in advance.

    We have tried the following on a v9 Domino server and a v14 Domino server.

    Ciphers in Domino 9 Server document
RC4 encryption with 128-bit key and MD5 MAC
RC4 encryption with 128-bit key and SHA-1 MAC
Triple DES encryption with 168-bit key and SHA-1 MAC
DES encryption with 56-bit key and SHA-1 MAC
RC4 encryption with 40-bit key and MD5 MAC
 
Ciphers on Domino 14 server document and website
ECDHE_RSA_WITH_AES_256_GCM_SHA384 [C030]
DHE_RSA_WITH_AES_256_GCM_SHA384 [9F]
ECDHE_RSA_WITH_AES_128_GCM_SHA256 [C02F]
DHE_RSA_WITH_AES_128_GCM_SHA256 [9E]

    Domino 9 specific settings...start

    Java version:
java version "1.8.0_151"
 
 
In the notes.ini:

DISABLE_SSLV3=1
SSL_DISABLE_TLS_10=1
JavaUserOptionsFile=C:\Progra~1\IBM\Lotus\Domino\jvm\jvmoptions.txt
 
In the ....\IBM\Lotus\Domino\jvm\jvmoptions.txt:
 
https.protocols=TLSv1.2
-Dcom.ibm.jsse2.overrideDefaultTLS=true

    Domino v14 java version: openjdk version "17.0.8.1" 2023-08-24

    N.B. The Domino server was upgraded from v9, so maybe inherited some cipher suites that need disabling?

    In the java.security file we have the following disabled.  It's this setting that actually forced the java agent to use TLS1.2
 
jdk.tls.disabledAlgorithms=SSLv3, SHA-0, SHA-1, TLSv1, TLSv1.1, RC4, DES, MD5withRSA, DH keySize < 1024, \
    DH keySize < 1024, EC keySize < 224, 3DES_EDE_CBC, anon, NULL, \
    EC keySize < 224, 3DES_EDE_CBC, anon, NULL, \
    include jdk.disabled.namedCurves

    We have created a test agent (we have replaced the host, credentials, etc. with our own):

    String smtpHost = "smtp.example"; // Replace with your SMTP server
    int smtpPort = 587; // Typically 587 for STARTTLS
    String username = "[email protected]"; // Replace with your email
    String password = "your_password"; // Replace with your password
     
    // Recipient and email content
    String toEmail = "[email protected]"; // Replace with recipient's email
    String subject = "Test Email with TLS 1.2";
    String body = "This is a test email sent using JavaMail 1.5 enforcing TLS 1.2.";
     
    // Set email properties
    Properties props = new Properties();
    props.put("mail.smtp.host", smtpHost);
    props.put("mail.smtp.port", smtpPort);
    props.put("mail.smtp.auth", "true");
    props.put("mail.smtp.starttls.enable", "true"); // Enable STARTTLS
    props.put("mail.smtp.debug", "true");
     
    // Force TLS 1.2
    props.put("mail.smtp.ssl.protocols", "TLSv1.2");
     
    // Create session
    Session session = Session.getInstance(props, new Authenticator() {
    protected PasswordAuthentication getPasswordAuthentication() {
    return new PasswordAuthentication(username, password);
    }
    });
     
    session.setDebug(true);
     
     
    // Create a message
    Message message = new MimeMessage(session);
    message.setFrom(new InternetAddress(username));
    message.setRecipients(Message.RecipientType.TO, InternetAddress.parse(toEmail));
    message.setSubject(subject);
    message.setText(body);
     
    // Send email
    Transport.send(message);
    System.out.println("Email sent successfully with TLS 1.2!");


TLSv1.3    <---printing out versions java mail has available
    TLSv1.2
    TLSv1.1
    TLSv1
    SSLv3
    SSLv2Hello
    NHSNetSMTPClientClass.send()
    DEBUG: setDebug: JavaMail version 1.4ea  <-----version of java mail api we are using
    NHSNetSMTPClientClass.send()
    DEBUG: getProvider() returning javax.mail.Provider[TRANSPORT,smtp,com.sun.mail.smtp.SMTPTransport,Sun Microsystems, Inc]
    DEBUG SMTP: useEhlo true, useAuth true
    DEBUG SMTP: useEhlo true, useAuth true
    DEBUG SMTP: trying to connect to host "send.nhs", port 587, isSSL false
    220 send.nhs ESMTP
    DEBUG SMTP: connected to host "XXXX_HOST_WE_ARE_CONNECTING_TO_XXXX", port: 587 
    EHLO ash-tst-domino
    250-send.nhs  250-PIPELINING  250-SIZE 52428800  250-ETRN  250-STARTTLS  250-ENHANCEDSTATUSCODES  250-8BITMIME  250 DSN
    DEBUG SMTP: Found extension "PIPELINING", arg ""
    DEBUG SMTP: Found extension "SIZE", arg "52428800"
    DEBUG SMTP: Found extension "ETRN", arg ""
    DEBUG SMTP: Found extension "STARTTLS", arg ""
    DEBUG SMTP: Found extension "ENHANCEDSTATUSCODES", arg ""
    DEBUG SMTP: Found extension "8BITMIME", arg ""
    DEBUG SMTP: Found extension "DSN", arg ""
    STARTTLS
    220 2.0.0 Ready to start TLS
    EHLO ash-tst-domino
    javax.mail.MessagingException: Can't send command to SMTP host;   nested exception is:  javax.ssl.SSLHandshakeException: No appropriate protocol (protocol is disabled or cipher suites are inappropriate)

    与本文相关的文章

    发布评论

    评论列表(0)

    1. 暂无评论