I have to read some emails in inbox from an email account. I need the TLSv1.2 like system update and when I send an email I can correctly do this but this methodology does not work when I have to read from the inbox folder.
Following my java code about connection preparation:
props.put("mail.pop3.socketFactory.class", "javax.net.ssl.SSLSocketFactory");
props.put("mail.pop3.socketFactory.port", Integer.valueOf(extProperties.getPortInbox().trim()));
props.put("mail.pop3.ssl.protocols", "TLSv1.2");
props.put("mail.pop3.starttls.enable", Boolean.TRUE);
props.put("mail.pop3.ssl.enable", Boolean.FALSE);
props.put("mail.mime.multipart.ignoreexistingboundaryparameter", Boolean.TRUE);
props.put("mail.mime.parameters.strict", Boolean.FALSE);
the params that I have are:
Protocol Type: POP3
Inbox server: (my server url)
Port: 995
I have this errors when I try to connect and read from the inbox folder:
...
(SimpleAsyncTaskExecutor-1) SimpleAsyncTaskExecutor-1, received EOFException: error
(SimpleAsyncTaskExecutor-1) SimpleAsyncTaskExecutor-1, handling exception: javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
(SimpleAsyncTaskExecutor-1) SimpleAsyncTaskExecutor-1, SEND TLSv1 ALERT: fatal, description = handshake_failure
(SimpleAsyncTaskExecutor-1) SimpleAsyncTaskExecutor-1, WRITE: TLSv1 Alert, length = 2
(SimpleAsyncTaskExecutor-1) SimpleAsyncTaskExecutor-1, called closeSocket()
...
In the log above, we can see the handshake error and the tlsv1 instead of the tlsv1.2 that I have setted.
How can I solve my problem? I have tried many ways found on stakoverflow/internet but I didn't resolve my problem and now I have no idea about the next step to do.
Thank you for the help
Related
I made a rdp protocol
so I used TLSv1.2 protocol.
but I had a problem with TLSv1.2
when I send packet to window server(RDP), do i make a certification?
or just use rdp certification?
[
but finally they had a issue about alert(21)
I don't know what's wrong with it....
and i enrolled window rdp certification in cacerts.
On server I've got a certificate which I am using to connect to other webservice.
Certificate is correctly installed on server, because when I am using curl to make a request, everything works fine. The problem is when I am using rest request through my webservice in Spring.
I've got exception:
handling exception: javax.net.ssl.SSLHandshakeException:
I was trying changing tls protocols and it didn't help.
What may cause the problem?
There is a code of a debugger:
https-jsse-nio-8080-exec-4, WRITE: TLSv1 Handshake, length = 120
https-jsse-nio-8080-exec-4, received EOFException: error
https-jsse-nio-8080-exec-4, handling exception: javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
https-jsse-nio-8080-exec-4, SEND TLSv1.2 ALERT: fatal, description = handshake_failure
https-jsse-nio-8080-exec-4, WRITE: TLSv1.2 Alert, length = 2
https-jsse-nio-8080-exec-4, called closeSocket()
https-jsse-nio-8080-exec-4, called close()
https-jsse-nio-8080-exec-4, called closeInternal(true)
Java 7u9
Error msg in title is: "fatal error: 80: problem unwrapping net record". SO wouldn't let me put "problem" in the title.
I am building a Java HTTPS client against Netty. The SSL handshake was working until I added added the "HTTPS" endpoint identification algorithm to enable server hostname verification:
SSLEngine engine = tcpHelper.getSSLContext().createSSLEngine();
SSLParameters sslParameters = engine.getSSLParameters();
sslParameters.setEndpointIdentificationAlgorithm("HTTPS");
engine.setSSLParameters(sslParameters);
engine.setUseClientMode(true);
After adding the algorithm, the SSL handshake hangs and the connection eventually times out. With SSL debugging enabled (javax.net.debug=all), I can see that the handshake now fails after ServerHello, after the server sends it's cert chain, after
*** ServerHelloDone
1761586552#qtp-1653588482-2, WRITE: TLSv1.2 Handshake, length = 3294
on the server. The client receives and displays the cert chain, and then fails with:
New I/O worker #3, fatal error: 80: problem unwrapping net record
java.lang.RuntimeException: Delegated task threw Exception/Error
%% Invalidated: [Session-1, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256]
New I/O worker #3, SEND TLSv1.2 ALERT: fatal, description = internal_error
New I/O worker #3, WRITE: TLSv1.2 Alert, length = 2
Java 7u9
First, thanks to Bruno for his help on this related question which lead me to final answer.
Answering my own question. Hard won knowledge.
The solution is to add the host and port of the request target to the constructor when you create the SSL Engine:
SSLEngine engine = tcpHelper.getSSLContext().createSSLEngine(targetHost, targetPort);
Without this, Java will ultimately throw a NullPointerException way down deep in the SSL libs (IPAddressUtil.textToNumericFormatV4), which results in the not-very-helpful error message in the SSL debug output.
I am trying to get mutual SSL working from a Java client. My soapUI configuration works where I have specified keystore and truststore in WS-security configurations.
When I do the same with a Java client with the following system params
System.setProperty("javax.net.ssl.keyStore", "D:\\certs\\client_keystore.jks");
System.setProperty("javax.net.ssl.keyStorePassword", "changeit");
System.setProperty("javax.net.debug", "all");
System.setProperty("javax.net.ssl.trustStore", "D:\\certs\\truststore.jks");
System.setProperty("javax.net.ssl.trustStorePassword", "trustpass");
I get this error
main, received EOFException: error
main, handling exception: javax.net.ssl.SSLHandshakeException: Remote host closed
connection during handshake
main, SEND TLSv1 ALERT: fatal, description = handshake_failure
Padded plaintext before ENCRYPTION: len = 18
I have enabled this: System.setProperty("javax.net.debug", "all");
From the debug logs I see this:
*** Certificate chain
***
How do I debug this issue?
I'm using:
not-yet-commons-ssl-0.3.9.jar
opensaml-2.3.1.jar
I'm getting the following error in my logs:
SSLException: Received fatal alert: unexpected_message
Turning on SSLDebug gives the following:
TP-Processor2, READ: TLSv1 Alert, length = 2
TP-Processor2, RECV TLSv1 ALERT: fatal, unexpected_message
TP-Processor2, called closeSocket()
TP-Processor2, handling exception: javax.net.ssl.SSLException: Received fatal alert: unexpected_message
%% Client cached [Session-40, SSL_RSA_WITH_RC4_128_MD5]
%% Try resuming [Session-40, SSL_RSA_WITH_RC4_128_MD5] from port 2903
*** ClientHello, TLSv1
The behaviour is that SSL connections work for five minutes - and then they fail with the message above. My guess is that this is an SSL session cache issue.
Has anyone resolved this?
So it turned out that bouncy-castle (a jar dependency of opensaml) adds a bunch of extra ciphers into the SSL negotiation. The TIBCO server has a spew at these extra ciphers. Rolling back the Bouncy Castle Jar to 1.3.5 (pre-elliptic SLL Ciphers) solved this issue.