{"id":3111,"date":"2013-08-07T22:24:49","date_gmt":"2013-08-07T22:24:49","guid":{"rendered":"http:\/\/www.gubatron.com\/blog\/?p=3111"},"modified":"2013-08-07T22:26:48","modified_gmt":"2013-08-07T22:26:48","slug":"solved-java7-smtp-issue-caused-by-sun-security-pkcs11-wrapper-pkcs11exception","status":"publish","type":"post","link":"https:\/\/www.gubatron.com\/blog\/solved-java7-smtp-issue-caused-by-sun-security-pkcs11-wrapper-pkcs11exception\/","title":{"rendered":"[SOLVED] Java7 SMTP Issue (Caused by: sun.security.pkcs11.wrapper.PKCS11Exception)"},"content":{"rendered":"<p>So you had your little program that would use AWS to send emails, and all of a sudden after a Java 7 update you get a stack trace like this:<\/p>\n<p>[java]<br \/>\njavax.mail.MessagingException: Could not connect to SMTP host: email-smtp.us-east-1.amazonaws.com, port: 465;<br \/>\n  nested exception is:<br \/>\n\tjavax.net.ssl.SSLException: Server key<br \/>\n\tat com.sun.mail.smtp.SMTPTransport.openServer(SMTPTransport.java:1962)<br \/>\n\tat com.sun.mail.smtp.SMTPTransport.protocolConnect(SMTPTransport.java:654)<br \/>\n\tat javax.mail.Service.connect(Service.java:295)<br \/>\n\tat javax.mail.Service.connect(Service.java:176)<br \/>\n\tat javax.mail.Service.connect(Service.java:196)<br \/>\n&#8230;<br \/>\nCaused by: javax.net.ssl.SSLException: Server key<br \/>\n\tat sun.security.ssl.Handshaker.throwSSLException(Handshaker.java:1274)<br \/>\n&#8230;<br \/>\nCaused by: java.security.spec.InvalidKeySpecException: Could not create EC public key<br \/>\n\tat sun.security.pkcs11.P11ECKeyFactory.engineGeneratePublic(P11ECKeyFactory.java:169)<br \/>\n\tat java.security.KeyFactory.generatePublic(KeyFactory.java:334)<br \/>\n&#8230;<br \/>\nCaused by: sun.security.pkcs11.wrapper.PKCS11Exception: CKR_DOMAIN_PARAMS_INVALID<br \/>\n\tat sun.security.pkcs11.wrapper.PKCS11.C_CreateObject(Native Method)<br \/>\n\tat sun.security.pkcs11.P11ECKeyFactory.generatePublic(P11ECKeyFactory.java:233)<br \/>\n[\/java]<\/p>\n<p>It seems like the SSL Socket Factory in Java 7 is missing some of the Ciphers when it comes to setting up SSL socket cipher suits (<a href=\"http:\/\/docs.oracle.com\/javase\/7\/docs\/api\/javax\/net\/ssl\/SSLSocket.html#setEnabledCipherSuites(java.lang.String[])\">see SSLSocket.setEnabledCipherSuites<\/a>)<\/p>\n<p>so&#8230; the question is now,<br \/>\n<strong>how do I tell java mail to use the cipher suit I used to use in java 6?<\/strong><\/p>\n<p>Easy, when you&#8217;re setting up your Session properties, make sure to include the following key:<\/p>\n<p>[java]properties.put(&#8220;mail.smtp.ssl.ciphersuites&#8221;,&#8221;SSL_RSA_WITH_RC4_128_MD5 SSL_RSA_WITH_RC4_128_SHA TLS_RSA_WITH_AES_128_CBC_SHA TLS_DHE_RSA_WITH_AES_128_CBC_SHA TLS_DHE_DSS_WITH_AES_128_CBC_SHA SSL_RSA_WITH_3DES_EDE_CBC_SHA SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA SSL_RSA_WITH_DES_CBC_SHA SSL_DHE_RSA_WITH_DES_CBC_SHA SSL_DHE_DSS_WITH_DES_CBC_SHA SSL_RSA_EXPORT_WITH_RC4_40_MD5 SSL_RSA_EXPORT_WITH_DES40_CBC_SHA SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA TLS_EMPTY_RENEGOTIATION_INFO_SCSV&#8221;);[\/java]<\/p>\n<p>which specifies in a space separated String a list of tokens that represent the cipher suites the SSL sockets will use. At some point that list gets split into a String[] and passed to SSLSocket.setEnabledCipherSuites.<\/p>\n<p>This is how my session properties look like in case you want to know:<\/p>\n<p>[java]<br \/>\n        Properties properties = new Properties();<br \/>\n        properties.put(&#8220;mail.transport.protocol&#8221;, &#8220;smtp&#8221;);<br \/>\n        properties.put(&#8220;mail.smtp.auth&#8221;, true);<br \/>\n        properties.put(&#8220;mail.smtp.ssl.enable&#8221;,true);<br \/>\n        properties.put(&#8220;mail.smtp.port&#8221;, emailSMTPPort);<br \/>\n        properties.put(&#8220;mail.smtp.host&#8221;, emailSMTPHost);<br \/>\n        properties.put(&#8220;mail.smtp.ssl.ciphersuites&#8221;,&#8221;SSL_RSA_WITH_RC4_128_MD5 SSL_RSA_WITH_RC4_128_SHA TLS_RSA_WITH_AES_128_CBC_SHA TLS_DHE_RSA_WITH_AES_128_CBC_SHA TLS_DHE_DSS_WITH_AES_128_CBC_SHA SSL_RSA_WITH_3DES_EDE_CBC_SHA SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA SSL_RSA_WITH_DES_CBC_SHA SSL_DHE_RSA_WITH_DES_CBC_SHA SSL_DHE_DSS_WITH_DES_CBC_SHA SSL_RSA_EXPORT_WITH_RC4_40_MD5 SSL_RSA_EXPORT_WITH_DES40_CBC_SHA SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA TLS_EMPTY_RENEGOTIATION_INFO_SCSV&#8221;);<br \/>\n[\/java]<\/p>\n<p>Cheers, don&#8217;t forget to tip If I saved your ass.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>So you had your little program that would use AWS to send emails, and all of a sudden after a Java 7 update you get a stack trace like this: [java] javax.mail.MessagingException: Could not connect to SMTP host: email-smtp.us-east-1.amazonaws.com, port: 465; nested exception is: javax.net.ssl.SSLException: Server key at com.sun.mail.smtp.SMTPTransport.openServer(SMTPTransport.java:1962) at com.sun.mail.smtp.SMTPTransport.protocolConnect(SMTPTransport.java:654) at javax.mail.Service.connect(Service.java:295) at javax.mail.Service.connect(Service.java:176) [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_feature_clip_id":0,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2},"jetpack_post_was_ever_published":false},"categories":[15],"tags":[1301,1156,1302,583,1303,1304,1305],"class_list":["post-3111","post","type-post","status-publish","format-standard","hentry","category-code","tag-amazon-web-services","tag-aws","tag-email","tag-java","tag-java-mail","tag-java7","tag-jdk7"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p5Unzf-Ob","jetpack-related-posts":[{"id":4073,"url":"https:\/\/www.gubatron.com\/blog\/remotely-code-signing-windows-apps-using-aws-virtual-servers-and-a-physical-usb-key\/","url_meta":{"origin":3111,"position":0},"title":"Remotely Code Signing Windows Apps Using AWS Virtual Servers and a Physical USB Key","author":"gubatron","date":"April 25, 2024","format":false,"excerpt":"As a developer, you may find yourself in a situation where you need to code sign your Windows applications using a physical USB signing key, but you don't have direct access to a Windows machine. Fortunately, with the power of cloud computing and remote desktop technology, you can set up\u2026","rel":"","context":"Similar post","block_context":{"text":"Similar post","link":""},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/www.gubatron.com\/blog\/wp-content\/uploads\/2024\/04\/GMBy5ZwWIAAnizc.jpeg?fit=1024%2C1024&ssl=1&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/www.gubatron.com\/blog\/wp-content\/uploads\/2024\/04\/GMBy5ZwWIAAnizc.jpeg?fit=1024%2C1024&ssl=1&resize=350%2C200 1x, https:\/\/i0.wp.com\/www.gubatron.com\/blog\/wp-content\/uploads\/2024\/04\/GMBy5ZwWIAAnizc.jpeg?fit=1024%2C1024&ssl=1&resize=525%2C300 1.5x, https:\/\/i0.wp.com\/www.gubatron.com\/blog\/wp-content\/uploads\/2024\/04\/GMBy5ZwWIAAnizc.jpeg?fit=1024%2C1024&ssl=1&resize=700%2C400 2x"},"classes":[]},{"id":2767,"url":"https:\/\/www.gubatron.com\/blog\/ubuntu-packages-for-a-kick-ass-web-server\/","url_meta":{"origin":3111,"position":1},"title":"ubuntu packages for a kick ass web server","author":"gubatron","date":"September 7, 2012","format":false,"excerpt":"Copy and paste the following list on a file, say \"packages.txt\". To install all just do: sudo apt-get install $(cat packages.txt) accountsservice acpid adduser ant ant-optional apache2-utils apparmor apport apport-symptoms apt apt-transport-https apt-utils apt-xapian-index aptitude at base-files base-passwd bash bash-completion bc bind9-host bsdmainutils bsdutils busybox-initramfs busybox-static byobu bzip2 ca-certificates ca-certificates-java\u2026","rel":"","context":"In &quot;Code&quot;","block_context":{"text":"Code","link":"https:\/\/www.gubatron.com\/blog\/category\/code\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":2105,"url":"https:\/\/www.gubatron.com\/blog\/jconsole-connection-failed-retry-solved-java-jmx\/","url_meta":{"origin":3111,"position":2},"title":"jconsole: &#8220;Connection Failed: Retry?&#8221; #SOLVED #java #jmx","author":"gubatron","date":"November 21, 2010","format":false,"excerpt":"So you wrote a piece of server software and you found out about JMX and the jconsole tool to remotely monitor all sorts of interesting metrics remotely, all without adding a single line of code to your project. Say you want to run it the simplest way possible with no\u2026","rel":"","context":"In &quot;Code&quot;","block_context":{"text":"Code","link":"https:\/\/www.gubatron.com\/blog\/category\/code\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/www.gubatron.com\/blog\/wp-content\/uploads\/2010\/11\/jconsole_connection_failed.png?resize=350%2C200","width":350,"height":200},"classes":[]},{"id":3453,"url":"https:\/\/www.gubatron.com\/blog\/command-line-speed-test-see-how-fast-is-your-servers-connection\/","url_meta":{"origin":3111,"position":3},"title":"command line speed test, see how fast is your server&#8217;s connection","author":"gubatron","date":"January 6, 2016","format":false,"excerpt":"Save the following script in a file called speed_test #!\/bin\/bash # Requirements # sudo apt-get install lftp iperf lftp -e 'pget http:\/\/releases.ubuntu.com\/14.04.3\/ubuntu-14.04.3-desktop-amd64.iso; exit; ' make sure the file is executable: sudo chmod +x speed_test Once you have installed lftp and iperf make sure you have the script somewhere in your\u2026","rel":"","context":"In &quot;Code&quot;","block_context":{"text":"Code","link":"https:\/\/www.gubatron.com\/blog\/category\/code\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/www.gubatron.com\/blog\/wp-content\/uploads\/2016\/01\/Fiber-optics.jpg?fit=892%2C538&ssl=1&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/www.gubatron.com\/blog\/wp-content\/uploads\/2016\/01\/Fiber-optics.jpg?fit=892%2C538&ssl=1&resize=350%2C200 1x, https:\/\/i0.wp.com\/www.gubatron.com\/blog\/wp-content\/uploads\/2016\/01\/Fiber-optics.jpg?fit=892%2C538&ssl=1&resize=525%2C300 1.5x, https:\/\/i0.wp.com\/www.gubatron.com\/blog\/wp-content\/uploads\/2016\/01\/Fiber-optics.jpg?fit=892%2C538&ssl=1&resize=700%2C400 2x"},"classes":[]},{"id":156,"url":"https:\/\/www.gubatron.com\/blog\/portscanner-only-60-lines-of-code\/","url_meta":{"origin":3111,"position":4},"title":"PortScanner &#8211; Only 60 lines of code","author":"gubatron","date":"May 19, 2005","format":false,"excerpt":"Hi, here's a simple port scanner I wrote today in Java. I needed to see something on my server, perhaps you can find it useful. I would say its pretty fast, you can tweak the number of threads and timeouts to adjust to your server\/connection. I did't do much testing\u2026","rel":"","context":"In &quot;Gubatron&quot;","block_context":{"text":"Gubatron","link":"https:\/\/www.gubatron.com\/blog\/category\/gubatron\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":3213,"url":"https:\/\/www.gubatron.com\/blog\/aws-troubleshooting-how-to-fix-a-broken-ebs-volume-bad-superblock-on-xfs\/","url_meta":{"origin":3111,"position":5},"title":"AWS troubleshooting: how to fix a broken EBS volume (bad superblock on xfs)","author":"gubatron","date":"January 19, 2014","format":false,"excerpt":"As great as EBS volumes are on Amazon Web Services, they can break and not ever mount again, even though your data could still be there intact, a simple corruption on the filesystem structure can cause a lot of damage. On this post I teach you how to move all\u2026","rel":"","context":"In &quot;Geeklife&quot;","block_context":{"text":"Geeklife","link":"https:\/\/www.gubatron.com\/blog\/category\/geeklife\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/www.gubatron.com\/blog\/wp-content\/uploads\/2014\/01\/car-longshot2.jpg?fit=720%2C482&ssl=1&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/www.gubatron.com\/blog\/wp-content\/uploads\/2014\/01\/car-longshot2.jpg?fit=720%2C482&ssl=1&resize=350%2C200 1x, https:\/\/i0.wp.com\/www.gubatron.com\/blog\/wp-content\/uploads\/2014\/01\/car-longshot2.jpg?fit=720%2C482&ssl=1&resize=525%2C300 1.5x, https:\/\/i0.wp.com\/www.gubatron.com\/blog\/wp-content\/uploads\/2014\/01\/car-longshot2.jpg?fit=720%2C482&ssl=1&resize=700%2C400 2x"},"classes":[]}],"_links":{"self":[{"href":"https:\/\/www.gubatron.com\/blog\/wp-json\/wp\/v2\/posts\/3111","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.gubatron.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.gubatron.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.gubatron.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.gubatron.com\/blog\/wp-json\/wp\/v2\/comments?post=3111"}],"version-history":[{"count":3,"href":"https:\/\/www.gubatron.com\/blog\/wp-json\/wp\/v2\/posts\/3111\/revisions"}],"predecessor-version":[{"id":3114,"href":"https:\/\/www.gubatron.com\/blog\/wp-json\/wp\/v2\/posts\/3111\/revisions\/3114"}],"wp:attachment":[{"href":"https:\/\/www.gubatron.com\/blog\/wp-json\/wp\/v2\/media?parent=3111"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.gubatron.com\/blog\/wp-json\/wp\/v2\/categories?post=3111"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.gubatron.com\/blog\/wp-json\/wp\/v2\/tags?post=3111"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}