Cannot send emails from tomcat application
I'm having some trouble with our servers, we run in a ubuntu 18.04 as VM from Vmware ESXI 6.5 with a pfSense firewall as another vm, we have multiple tomcat instances running with no problem.
In the last few days, out of nothing, the application with java stopped sending emails and returning "COULD NOT CONVERT SOCKET TO TLS". I tried to replicate in another vmware server of mine, hosted at home, with same estructure, but it had the same problem.
Someone told me it could be the cacerts from java. Tried to apply update-ca-certificates, and update-ca-certificates. In my home server, it worked, all emails sent with no problem, but when I applied this in my production vmware server (hosted by IBM bare metal) it didn't worked.
The most unusual, it happens with any smtp server (gmail, and others). We use all emails with TLS and port 587.
Any ideas to solve this kind of problem, or any workaround ?
Thanks
The problem was with the last versions of Java.
I had installed openjdk 1.8.0_292
, since _291, doesn't allow TLS 1.0 and 1.1, protocol that Gmail has by default until today.
So, to be able to solve my problem without install another versions of java, I had edited the file
/usr/lib/jvm/java-8-openjdk-amd64/jre/lib/security/java.security
And commented that part:
#jdk.tls.disabledAlgorithms=SSLv3, TLSv1, TLSv1.1, RC4, DES, MD5withRSA, \
#DH keySize < 1024, EC keySize < 224, 3DES_EDE_CBC, anon, NULL, \
#include jdk.disabled.namedCurves
And add this part right after:
jdk.tls.disabledAlgorithms=SSLv3, RC4, DES, MD5withRSA, \
DH keySize < 1024, EC keySize < 224, 3DES_EDE_CBC, anon, NULL, \
include jdk.disabled.namedCurves1
As you can see, the java had explicity disabled some protocols, returning the COULD NOT CONVERT SOCKET TO TLS
error. Hope this help others who may find that problem.
PS: This is not right at all, it just worked for me so we could work while find another alternative. Here in Brazil we use some smtp server the didn't upgrade to v1.3 yet.