ClientHello Fails to negotiate TLS Version During handshake
I am trying to send mail using java mail. My mail server accepts only TLSv1.2. I tried to configure the TLSv1.2 in my client request. But, during TLS handshake my clientHello always using TLSv1. I tried to debug the handshake which is below,
[22:10:45:099]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false|
[22:10:45:100]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1|
[22:10:45:100]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 for TLSv1|
[22:10:45:100]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256 for TLSv1|
[22:10:45:100]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1|
[22:10:45:100]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 for TLSv1|
[22:10:45:100]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 for TLSv1|
[22:10:45:100]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 for TLSv1|
[22:10:45:100]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384|
[22:10:45:100]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384|
[22:10:45:100]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256|
[22:10:45:100]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384|
[22:10:45:100]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384|
[22:10:45:100]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256|
[22:10:45:100]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256|
[22:10:45:100]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256|
[22:10:45:100]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256|
[22:10:45:100]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256|
[22:10:45:100]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256|
[22:10:45:100]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256|
[22:10:45:100]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256|
[22:10:45:100]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256|
[22:10:45:100]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384|
[22:10:45:100]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256|
[22:10:45:101]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384|
[22:10:45:101]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_GCM_SHA384|
[22:10:45:101]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384|
[22:10:45:101]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384|
[22:10:45:101]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_GCM_SHA384|
[22:10:45:101]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_GCM_SHA384|
[22:10:45:101]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256|
[22:10:45:101]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_GCM_SHA256|
[22:10:45:101]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256|
[22:10:45:101]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256|
[22:10:45:101]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_GCM_SHA256|
[22:10:45:101]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_GCM_SHA256|
[22:10:45:101]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: %% No cached client session|
[22:10:45:102]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: *** ClientHello, TLSv1|
[22:10:45:102]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: RandomCookie: |
[22:10:45:102]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: GMT: 1546533645 |
[22:10:45:102]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: bytes = { |
[22:10:45:102]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: 85|
[22:10:45:102]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: , |
[22:10:45:102]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: 83|
[22:10:45:102]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: , |
[22:10:45:102]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: 155|
[22:10:45:102]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: , |
[22:10:45:102]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: 171|
[22:10:45:102]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: , |
[22:10:45:102]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: 182|
[22:10:45:102]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: , |
[22:10:45:102]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: 72|
[22:10:45:102]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: , |
[22:10:45:102]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: 149|
[22:10:45:102]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: , |
[22:10:45:102]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: 172|
[22:10:45:102]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: , |
[22:10:45:102]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: 46|
[22:10:45:102]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: , |
[22:10:45:102]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: 116|
[22:10:45:102]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: , |
[22:10:45:102]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: 34|
[22:10:45:102]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: , |
[22:10:45:102]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: 18|
[22:10:45:102]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: , |
[22:10:45:102]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: 6|
[22:10:45:102]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: , |
[22:10:45:102]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: 97|
[22:10:45:102]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: , |
[22:10:45:102]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: 139|
[22:10:45:102]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: , |
[22:10:45:102]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: 142|
[22:10:45:102]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: , |
[22:10:45:102]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: 6|
[22:10:45:102]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: , |
[22:10:45:102]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: 223|
[22:10:45:102]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: , |
[22:10:45:102]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: 139|
[22:10:45:102]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: , |
[22:10:45:102]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: 14|
[22:10:45:102]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: , |
[22:10:45:102]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: 72|
[22:10:45:102]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: , |
[22:10:45:102]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: 51|
[22:10:45:102]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: , |
[22:10:45:102]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: 129|
[22:10:45:102]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: , |
[22:10:45:103]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: 210|
[22:10:45:103]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: , |
[22:10:45:103]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: 76|
[22:10:45:103]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: , |
[22:10:45:103]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: 177|
[22:10:45:103]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: , |
[22:10:45:103]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: 254|
[22:10:45:103]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: , |
[22:10:45:103]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: 144|
[22:10:45:103]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: }|
[22:10:45:103]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: Session ID: |
[22:10:45:103]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: {}|
[22:10:45:103]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]|
[22:10:45:103]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: Compression Methods: { |
[22:10:45:103]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: 0|
[22:10:45:103]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: }|
[22:10:45:103]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: Extension elliptic_curves, curve names: {secp256r1, sect163k1, sect163r2, secp192r1, secp224r1, sect233k1, sect233r1, sect283k1, sect283r1, secp384r1, sect409k1, sect409r1, secp521r1, sect571k1, sect571r1, secp160k1, secp160r1, secp160r2, sect163r1, secp192k1, sect193r1, sect193r2, secp224k1, sect239k1, secp256k1}|
[22:10:45:103]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: Extension ec_point_formats, formats: [uncompressed]|
[22:10:45:103]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: Extension server_name, server_name: [type=host_name (0), value=mail.someserver.com]|
[22:10:45:103]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: ***|
[22:10:45:103]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: http-nio-8095-exec-3, WRITE: TLSv1 Handshake, length = 175|
[22:10:45:227]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: http-nio-8095-exec-3, received EOFException: error|
[22:10:45:227]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: http-nio-8095-exec-3, handling exception: javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake|
[22:10:45:228]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: http-nio-8095-exec-3|
[22:10:45:228]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: , SEND TLSv1.2 ALERT: |
[22:10:45:228]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: fatal, |
[22:10:45:228]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: description = handshake_failure|
[22:10:45:228]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: http-nio-8095-exec-3, WRITE: TLSv1.2 Alert, length = 2|
[22:10:45:228]|[01-03-2019]|[SYSOUT]|[INFO]|[56]: http-nio-8095-exec-3, called closeSocket()|
[22:10:45:231]|[01-03-2019]|[SYSERR]|[INFO]|[56]: java.lang.Exception: Error in connecting to SMTP host.|I made the below configurations in my client side to proceed the connection with TLSv1.2,
-Dhttps.protocols=TLSv1.2
-Dmail.smtp.ssl.protocols="TLSv1.2"
-Djdk.tls.client.protocols=TLSv1.2
The Error thrown in my Mail server log is
- SSL error 0x80090331 The client and server cannot communicate because they do not possess a common algorithm.
I couldn't figure out why the clientHello is always choosing TLSv1 instead of TLSv1.2 . Please help me with this.
public static void sendMail(JSONObject mailProps, JSONObject serverProps) throws Exception {
boolean var2 = true;
String mailPort;
try {
String mailServer = serverProps.getString("SERVER_NAME");
mailPort = serverProps.getString("PORT");
String mailAuthenUser = serverProps.has("USER_NAME") ? serverProps.getString("USER_NAME") : "";
String mailAuthenPwd = serverProps.has("PASSWORD") ? serverProps.getString("PASSWORD") : "";
String securityType = serverProps.has("CONNECTION_SECURITY") ? serverProps.getString("CONNECTION_SECURITY") : "";
boolean isHtmlFormat = false;
if (mailProps.has("ENABLE_HTML_FORMAT") && mailProps.getBoolean("ENABLE_HTML_FORMAT") || serverProps.has("ENABLE_HTML_FORMAT") && serverProps.getBoolean("ENABLE_HTML_FORMAT")) {
isHtmlFormat = true;
}
String fromAddress = mailProps.has("FROM_MAIL_ID") ? mailProps.getString("FROM_MAIL_ID") : serverProps.getString("FROM_MAIL_ID");
String toAddress = mailProps.has("TO_ADDRESSES") ? mailProps.getString("TO_ADDRESSES") : serverProps.getString("ADMIN_MAIL_ID");
String subject = mailProps.getString("SUBJECT");
String message = mailProps.getString("MESSAGE");
Properties systemProps = System.getProperties();
Properties properties = (Properties)systemProps.clone();
properties.put("mail.smtp.host", mailServer);
properties.put("mail.smtp.port", mailPort);
properties.put("mail.smtp.sendpartial", "true");
Session session = null;
boolean authRequired = false;
properties.put("mail.smtp.auth", "false");
if (mailAuthenUser != null && mailAuthenPwd != null && (!mailAuthenUser.equals("") || !mailAuthenPwd.equals(""))) {
properties.put("mail.smtp.auth", "true");
authRequired = true;
}
if ("SSL".equalsIgnoreCase(securityType)) {
properties.put("mail.smtp.socketFactory.port", mailPort);
properties.put("mail.smtp.socketFactory.class", "javax.net.ssl.SSLSocketFactory");
properties.put("mail.smtp.socketFactory.fallback", "false");
} else if ("TLS".equalsIgnoreCase(securityType)) {
properties.put("mail.smtp.starttls.enable", "true");
properties.put("mail.smtp.starttls.required", "true");
}
if (authRequired) {
Authenticator auth = new MailAction.SMTPAuthenticator(mailAuthenUser, mailAuthenPwd);
session = Session.getInstance(properties, auth);
} else {
session = Session.getInstance(properties);
}
session.setDebug(false);
MimeMessage mess = new MimeMessage(session);
if (toAddress != null) {
String[] to = toAddress.split(",");
InternetAddress[] toInternetAddress = new InternetAddress[to.length];
for(int i = 0; i < to.length; ++i) {
toInternetAddress[i] = new InternetAddress(to[i].trim());
}
mess.setRecipients(RecipientType.TO, toInternetAddress);
}
if (fromAddress != null && !fromAddress.equals("")) {
mess.setFrom(new InternetAddress(fromAddress));
}
String type;
if (mailProps.has("PRIORITY")) {
type = mailProps.get("PRIORITY").toString();
if (type.equalsIgnoreCase("High") || type.equalsIgnoreCase("Low")) {
mess.setHeader("Importance", type);
mess.setHeader("X-Priority", type);
}
}
type = isHtmlFormat ? "text/html;charset=UTF-8" : "text/plain;charset=UTF-8";
mess.setContent(message, type);
if (mailProps.has("CC_ADDRESS")) {
String[] cc = (String[])((String[])mailProps.get("CC_ADDRESS"));
InternetAddress[] ccInternetAddress = new InternetAddress[cc.length];
for(int i = 0; i < cc.length; ++i) {
ccInternetAddress[i] = new InternetAddress(cc[i].trim());
}
mess.setRecipients(RecipientType.CC, ccInternetAddress);
}
mess.setSentDate(new Date());
mess.setSubject(subject, "UTF-8");
Thread.currentThread().setContextClassLoader(mess.getClass().getClassLoader());
Transport.send(mess);
} catch (Exception var29) {
out.log(Level.INFO, " ", var29);
}
}
Eddie
Community0 Answers
Nobody has answered this question yet.
User contributions licensed under CC BY-SA 3.0