Trouble using StartTLS

[David-USC]

I need to use StartTLS so I configure requireTLS to true but I have this issue and I don't know how to solve it !

`2023-04-24T14:59:21.757+02:00 WARN 8440 --- [127.0.0.1:51328] d.g.f.smtp.command.StartTLSCommand : startTLS() failed:

javax.net.ssl.SSLHandshakeException: No available authentication scheme
at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[na:na]
at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:117) ~[na:na]
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:365) ~[na:na]
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:321) ~[na:na]
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:312) ~[na:na]
at java.base/sun.security.ssl.CertificateMessage$T13CertificateProducer.onProduceCertificate(CertificateMessage.java:972) ~[na:na]
at java.base/sun.security.ssl.CertificateMessage$T13CertificateProducer.produce(CertificateMessage.java:961) ~[na:na]
at java.base/sun.security.ssl.SSLHandshake.produce(SSLHandshake.java:440) ~[na:na]
at java.base/sun.security.ssl.ClientHello$T13ClientHelloConsumer.goServerHello(ClientHello.java:1246) ~[na:na]
at java.base/sun.security.ssl.ClientHello$T13ClientHelloConsumer.consume(ClientHello.java:1182) ~[na:na]
at java.base/sun.security.ssl.ClientHello$ClientHelloConsumer.onClientHello(ClientHello.java:840) ~[na:na]
at java.base/sun.security.ssl.ClientHello$ClientHelloConsumer.consume(ClientHello.java:801) ~[na:na]
at java.base/sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[na:na]
at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[na:na]
at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:458) ~[na:na]
at java.base/sun.security.ssl.TransportContext.dispatch(TransportContext.java:201) ~[na:na]
at java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:172) ~[na:na]
at java.base/sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1506) ~[na:na]
at java.base/sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1421) ~[na:na]
at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:455) ~[na:na]
at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:426) ~[na:na]
at de.gessnerfl.fakesmtp.smtp.command.StartTLSCommand.execute(StartTLSCommand.java:43) ~[classes!/:2.0.1]
at de.gessnerfl.fakesmtp.smtp.command.CommandHandler.handleCommand(CommandHandler.java:18) ~[classes!/:2.0.1]
at de.gessnerfl.fakesmtp.smtp.server.Session.onCommandLoop(Session.java:224) ~[classes!/:2.0.1]
at de.gessnerfl.fakesmtp.smtp.server.Session.runCommandLoop(Session.java:215) ~[classes!/:2.0.1]
at de.gessnerfl.fakesmtp.smtp.server.Session.run(Session.java:147) ~[classes!/:2.0.1]
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136) ~[na:na]
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635) ~[na:na]
at java.base/java.lang.Thread.run(Thread.java:833) ~[na:na]
`

[gessnerfl]

@David-USC to be honest, TLS support is not tested so far. It is supported by https://github.com/voodoodyne/subethasmtp. subethasmtp was the foundation of the application before version 2.x. With version 2.x I had to include the library to port it to Jakarta EE.
This blog might help with the configuration https://blog.trifork.com/2009/11/10/securing-connections-with-tls/. Contribution would be much appreciated.

[ph1823]

@David-USC to be honest, TLS support is not tested so far. It is supported by https://github.com/voodoodyne/subethasmtp. subethasmtp was the foundation of the application before version 2.x. With version 2.x I had to include the library to port it to Jakarta EE. This blog might help with the configuration https://blog.trifork.com/2009/11/10/securing-connections-with-tls/. Contribution would be much appreciated.

We need to modify code to configure key file ? (new link: https://trifork.nl/blog/securing-connections-with-tls/) Because i dont see ls config in you readme

[gessnerfl]

@David-USC I released version 2.3.0 which comes with improved TLS support. See also https://github.com/gessnerfl/fake-smtp-server#tls. I hope this helps

[sympati]

@gessnerfl Thank you for fake-smtp-server! It is really handy.

I tried the latest 2.3.0 release as I also need to test with a TLS connection.

I am using the application.yaml file with the settings from the README page as is, adding the following section:

  authentication:
    username: myuser
    password: mysecretpassword

  requireTLS: true
  tlsKeystore:
    location: ./as2_certs.p12
    password: testas2
    type: PKCS12

The as2_certs.p12 keystore comes from the example keystore provided by OpenAS2.

Both application.yaml and the keystore are in the same directory as fake-smtp-server-2.3.9.jar. I also tried an absolute path to the keystore in the settings. I also tried using my own keystore generated with KeyStore Explorer.

Unfortunately I am getting the following error and I have no idea on how to debug it:

SMTP server
2024-06-28T17:48:40.929+02:00 INFO 13348 --- [ main] d.g.f.config.BaseSmtpServerConfig : Setup TLS keystore of SMTP server
2024-06-28T17:48:40.935+02:00 WARN 13348 --- [ main] ConfigServletWebServerApplicationContext : Exception encountered during context initialization - cancelling refresh attempt: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'smtpServer' defined in class path resource [de/gessnerfl/fakesmtp/config/BaseSmtpServerConfig.class]: Failed to instantiate [de.gessnerfl.fakesmtp.smtp.server.SmtpServer]: Factory method 'smtpServer' threw exception with message: Failed to setup TLS keystore of SMTP server

Any help would be appreciated.

Thanks

[gessnerfl]

@sympati I think you already fixed this issue with the file:// uri prefix. Hence, I'm closing the ticket. Please reopen the ticket if you still face issues with the TLS connection settings