Reply
Explorer
Posts: 8
Registered: ‎07-05-2018

Alert Publisher and SMTPS TLSv1.2

Hello everyone,

 

I have recently tested disabling old TLS protocols in order to try and force the usage of TLSv1.2 in encrypted communications. As per the knowledge base, the procedure involves changing a few settings, one of which, is the jdk.tls.disabledAlgorithms property in the java.security file.

 

When disabling TLSv1, the Alert Publisher fails to send e-mails to the configured mail server and the following message can be seen in the logs:

 

 

Caused by: javax.net.ssl.SSLHandshakeException: No appropriate protocol (protocol is disabled or cipher suites are inappropriate)
	at sun.security.ssl.Handshaker.activate(Handshaker.java:529)
	at sun.security.ssl.SSLSocketImpl.kickstartHandshake(SSLSocketImpl.java:1492)
	at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1361)
	at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1413)
	at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1397)
	at com.sun.mail.util.SocketFetcher.configureSSLSocket(SocketFetcher.java:503)
	at com.sun.mail.util.SocketFetcher.getSocket(SocketFetcher.java:234)
	at com.sun.mail.smtp.SMTPTransport.openServer(SMTPTransport.java:1672)
	... 34 more

I successfuly connected to the Mail Server with openssl s_client tls1_2. Is this a valid test in this context?

 

I have also tried setting the -Djdk.tls.client.protocols=TLSv1.2 in the Java Configuration Options to no avail. 

 

This is occuring in CM 5.15.1. 

 

Is this expected behaviour from Alert Publisher?

 

Best regards,
Gil Pinheiro.