starttls參數後的Spring郵件錯誤在SMTP服務器中傳遞

Question

需要一些幫助修復連接到SMTP服務器（Lotus Notes服務器）的應用程序的錯誤。我已經在SO中嘗試過幾個建議，但沒有一個可行。該應用程序能夠連接到SMTP服務器並進行握手。
但是，啓動starttls後會出現錯誤。由於我們使用的是Java 8，但它仍然不起作用，所以也在Oracle網站上建議的java.security文件中註釋掉一行。
還有一些小工具可用來檢查啓用了哪些SSL協議，並啓用SSLv3，TLS，TLSv1和TLSv1.2。無法理解服務器爲什麼要使用SSLv3，然後說無法將套接字轉換爲TLS。這沒有任何意義。

代碼截斷

@Service 
public class ManifestEmailService { 

    private static final Logger logger = Logger.getLogger(ManifestEmailService.class); 

    @Autowired 
    private JavaMailSender mailSender; 

    public void sendManifestMail(MailProperties prop, String recipient, String msgBody) { 

     logger.info("Creating Email Body"); 

     logger.info("Sender mail: "+ prop.getSender()+ " Sender Subject: "+ prop.getMailSubject()); 

     SimpleMailMessage msg = new SimpleMailMessage(); 
     msg.setFrom(prop.getSender()); 
     msg.setTo(recipient); 
     msg.setSubject("FHL"); 
     msg.setText(msgBody); 

     try { 
      logger.info("Sending mail message"); 
      mailSender.send(msg); 
     } catch (MailException mEx) { 
      logger.error("Problem sending email..." + mEx); 
     } 
    } 
} 

@Configuration 
public ManifestoConfig { 

    @Bean 
    public JavaMailSender getJavaMailSender() { 
     JavaMailSenderImpl mailSender = new JavaMailSenderImpl(); 
     FileProcessor io = new FileProcessor(); 

     Properties props = io.loadManifestoProperties(manifestoPropPath); 

     logger.info("Configure Mail Properties ... "); 

     mailSender.setHost(props.getProperty("sender.mail.host")); 
     mailSender.setPort(Integer.valueOf(props.getProperty("sender.mail.port"))); 
     mailSender.setUsername(props.getProperty("sender.mail.username")); 
     mailSender.setPassword(props.getProperty("sender.mail.password")); 

     mailSender.setJavaMailProperties(io.loadManifestoProperties(manifestoPropPath)); 

     return mailSender; 
    } 
} 

屬性文件

sender.mail.username=rubbishemail1@lt.com 
sender.mail.password=rubbishpassword1 
sender.mail.subject=FHL 
sender.mail.host=smtp.lotus.server.com 
sender.mail.port=25 

mail.transport.protocol=smtp 
mail.smtp.auth=true 
mail.smtp.starttls.enable=true 
mail.smtp.timeout=5000 
mail.smtp.ssl.enable=false 
mail.debug=true 

錯誤日誌

2017-05-18 11:53:27.206 INFO 4804 --- [nio-8080-exec-6] org.fhl.service.Manifes 
tEmailService  : Sending mail message 
DEBUG: getProvider() returning javax.mail.Provider[TRANSPORT,smtp,com.sun.mail.s 
mtp.SMTPTransport,Oracle] 
DEBUG SMTP: useEhlo true, useAuth true 
DEBUG SMTP: trying to connect to host "smtp.lotus.server.com", port 25, isSSL fals 
e 
220 lotus.mail.server ESMTP Service (Lotus Domino Release 8.5.3FP6) read 
y at Thu, 18 May 2017 08:53:27 +0100 
DEBUG SMTP: connected to host "smtp.lotus.server.com", port: 25 

EHLO client_user 
250-lotus.mail.server Hello client_user ([10.210.136.6]), pleased 
to meet you 
250-TLS 
250-HELP 
250-STARTTLS 
250-DSN 
250-SIZE 52428800 
250 PIPELINING 
DEBUG SMTP: Found extension "TLS", arg "" 
DEBUG SMTP: Found extension "HELP", arg "" 
DEBUG SMTP: Found extension "STARTTLS", arg "" 
DEBUG SMTP: Found extension "DSN", arg "" 
DEBUG SMTP: Found extension "SIZE", arg "52428800" 
DEBUG SMTP: Found extension "PIPELINING", arg "" 
STARTTLS 
220 Ready to start TLS 
2017-05-18 11:53:28.236 ERROR 4804 --- [nio-8080-exec-6] org.fhl.service.Manifes 
tEmailService  : Problem sending email...org.springframework.mail.MailSendExc 
eption: Mail server connection failed; nested exception is javax.mail.MessagingE 
xception: Could not convert socket to TLS; 
    nested exception is: 
     javax.net.ssl.SSLHandshakeException: Server chose SSLv3, but that protoc 
ol version is not enabled or not supported by the client.. Failed messages: java 
x.mail.MessagingException: Could not convert socket to TLS; 
    nested exception is: 
     javax.net.ssl.SSLHandshakeException: Server chose SSLv3, but that protoc 
ol version is not enabled or not supported by the client.; message exceptions (1 
) are: 
Failed message 1: javax.mail.MessagingException: Could not convert socket to TLS 
; 
    nested exception is: 
     javax.net.ssl.SSLHandshakeException: Server chose SSLv3, but that protoc 
ol version is not enabled or not supported by the client. 

SSL記錄

[DEBUG] 2017-06-07 11:27:34.171 [JavaFX Application Thread] ManifestEmailService 
- Load Mail Properties in into Javamail Session 
DEBUG: getProvider() returning javax.mail.Provider[TRANSPORT,smtp,com.sun.mail.s 
mtp.SMTPTransport,Sun Microsystems, Inc] 
DEBUG SMTP: useEhlo true, useAuth true 
DEBUG SMTP: useEhlo true, useAuth true 
DEBUG SMTP: trying to connect to host "164.39.7.92", port 25, isSSL false 
220 lotus.mail.server ESMTP Service (Lotus Domino Release 8.5.3FP6) read 
y at Wed, 7 Jun 2017 08:27:34 +0100 
DEBUG SMTP: connected to host "smtp.lotus.server.com", port: 25 

EHLO CHOL162 
250-lotus.mail.server Hello CHOL162 ([10.210.136.21]), pleased to meet y 
ou 
250-TLS 
250-HELP 
250-STARTTLS 
250-DSN 
250-SIZE 52428800 
250 PIPELINING 
DEBUG SMTP: Found extension "TLS", arg "" 
DEBUG SMTP: Found extension "HELP", arg "" 
DEBUG SMTP: Found extension "STARTTLS", arg "" 
DEBUG SMTP: Found extension "DSN", arg "" 
DEBUG SMTP: Found extension "SIZE", arg "52428800" 
DEBUG SMTP: Found extension "PIPELINING", arg "" 
STARTTLS 
220 Ready to start TLS 
Allow unsafe renegotiation: false 
Allow legacy hello messages: true 
Is initial handshake: true 
Is secure renegotiation: false 
EHLO CHOL162 
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for T 
LSv1 
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for TLS 
v1 
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for TLSv1 
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for TL 
Sv1 
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for TLSv 
1 
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1 

Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for TLSv1 

Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_GCM_SHA256 
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 
%% No cached client session 
*** ClientHello, TLSv1 
RandomCookie: GMT: 1496754662 bytes = { 245, 148, 158, 245, 226, 89, 218, 187, 
38, 214, 67, 188, 66, 204, 91, 194, 210, 37, 14, 168, 255, 103, 89, 232, 246, 99 
, 61, 8 } 
Session ID: {} 
Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128 
_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS 
_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WI 
TH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_3D 
ES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_ 
SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_ 
DHE_DSS_WITH_3DES_EDE_CBC_SHA, TLS_EMPTY_RENEGOTIATION_INFO_SCSV] 
Compression Methods: { 0 } 
Extension elliptic_curves, curve names: {secp256r1, secp384r1, secp521r1, sect28 
3k1, sect283r1, sect409k1, sect409r1, sect571k1, sect571r1, secp256k1} 
Extension ec_point_formats, formats: [uncompressed] 
Extension server_name, server_name: [type=host_name (0), value=gbahelbv3.gb.tntp 
ost.com] 
*** 
JavaFX Application Thread, WRITE: TLSv1 Handshake, length = 140 
JavaFX Application Thread, READ: SSLv3 Handshake, length = 58 
*** ServerHello, SSLv3 
RandomCookie: GMT: 1499415798 bytes = { 174, 160, 140, 96, 215, 83, 21, 198, 21 
4, 57, 208, 183, 191, 65, 44, 179, 197, 159, 101, 44, 176, 53, 215, 81, 122, 49, 
174, 189 } 
Session ID: {193, 186, 187, 85, 52, 17, 137, 84, 154, 122, 240, 123, 100, 244, 
27, 22} 
Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA 
Compression Method: 0 
*** 
JavaFX Application Thread, handling exception: javax.net.ssl.SSLHandshakeExcepti 
on: Server chose SSLv3, but that protocol version is not enabled or not supporte 
d by the client. 
JavaFX Application Thread, SEND TLSv1.2 ALERT: fatal, description = handshake_f 
ailure 
JavaFX Application Thread, WRITE: TLSv1.2 Alert, length = 2 
JavaFX Application Thread, called closeSocket() 
[ERROR] 2017-06-07 11:27:34.911 [JavaFX Application Thread] ManifestEmailService 
- Mail Message crap!!!javax.mail.MessagingException: Can't send command to SMTP 
host; 
    nested exception is: 
     javax.net.ssl.SSLHandshakeException: Server chose SSLv3, but that protoc 
ol version is not enabled or not supported by the client. 

Answer 1

javax.net.ssl.SSLHandshakeException：服務器選擇的SSLv3

這意味着您連接到被使用SSL/TLS，即SSL 3.0的過時和不安全的協議版本的服務器。出於安全原因，默認情況下，此協議在Java 8中被禁用。

最好的方法是修復損壞的服務器，以便它支持較新版本的SSL/TLS。除此之外，僅支持SSL 3.0的服務器可能不僅對SSL/TLS不安全，而且還存在其他一些安全問題。 如果無法升級服務器，請參閱How to enable SSL 3 in Java如何通過允許不安全的SSL 3.0協議來解決此損壞的服務器。