我正在使用 Ability 邮件服务器 (AMS) 工具来测试我的 SMTP 服务器网络在各种配置(SMTP、带 TLS 的 SMTP、基于 SSL 的 SMTP 等)中的可用性。我的服务器端是用 java 编写的,并使用 SubethaSmtp 库来实现。
在我决定将服务器从 java 6 升级到 java 7 之前,AMS 运行良好并且可以很好地满足我的测试需求。从那时起,我无法使用此实用程序来测试我的 SMTP over SSL 和 SMTP 与 TLS 连接,因为每次尝试我越来越:
Outgoing Route: Relay localhost:40125 rejected connection with
我也写在 java 上的其他集成测试是成功的,但是这个问题仍然困扰着我。我无法找出,有什么不同。
我的 java 6 成功的 SSL 握手调试输出
org.subethamail.smtp.server.Session-/, READ: TLSv1 Handshake, length = 205
org.subethamail.smtp.server.ServerThread *:40125, setSoTimeout(60000) called
*** ClientHello, TLSv1
RandomCookie: GMT: 1366202273 bytes = { 29, 88, 44, 226, 58, 30, 188, 76, 46, 113, 18, 193, 226, 156, 129, 241, 160, 23, 39, 190, 177, 37, 141, 173, 175, 6, 125, 195 }
Session ID: {}
Compression Methods: { 0 }
Extension ec_point_formats, formats: [uncompressed, ansiX962_compressed_prime, ansiX962_compressed_char2]
Extension elliptic_curves, curve names: {sect163k1, sect163r1, sect163r2, sect193r1, sect193r2, sect233k1, sect233r1, sect239k1, sect283k1, sect283r1, sect409k1, sect409r1, sect571k1, sect571r1, secp160k1, secp160r1, secp160r2, secp192k1, secp192r1, secp224k1, secp224r1, secp256k1, secp256r1, secp384r1, secp521r1}
Unsupported extension type_35, data:
%% Created: [Session-1, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA]
*** ServerHello, TLSv1
RandomCookie: GMT: 1366202273 bytes = { 239, 167, 83, 82, 189, 146, 43, 152, 2, 25, 247, 132, 153, 169, 208, 74, 207, 219, 235, 179, 154, 225, 199, 147, 238, 91, 114, 53 }
Session ID: {81, 111, 152, 161, 109, 178, 13, 166, 232, 166, 36, 148, 10, 94, 92, 222, 61, 86, 245, 119, 215, 130, 31, 150, 99, 74, 121, 252, 181, 255, 30, 22}
Compression Method: 0
Extension renegotiation_info, renegotiated_connection: <empty>
*** Certificate chain
Finalizer, called close()
Finalizer, called closeInternal(true)
Finalizer, called closeSocket(selfInitiated)
chain [0] = [
Version: V3
Subject: CN=U, OU=U, O=U, L=Unknown, ST=Unknown, C=Unknown
Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11
Key: Sun RSA public key, 2048 bits
modulus: 16529753809247247111312284751522134978177807492128325820211425902224490010793234062180928535488108823704586950959318642289246645463583464189812207858850010614046945230962602914709480782247492980056070065328765412779951346605688731554625592721596539401530793434052536122002537683254913189373178145181405215449627192067321602357247727580287704588004112308611398315890251445283600299225291631455558225388037583805230035932707731947473961715066552985380371964947081577833023069202844021620640680874794841415527496125781091471359903204493217693952167487019116813691991952393229097684735681407566394557493095017917012563127
public exponent: 65537
Validity: [From: Tue Sep 18 11:41:33 GMT+04:00 2012,
To: Wed Sep 18 11:41:33 GMT+04:00 2013]
Issuer: CN=U, OU=U, O=U, L=Unknown, ST=Unknown, C=Unknown
SerialNumber: [ 6e640d68]
Certificate Extensions: 1
[1]: ObjectId: Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 07 CC 44 CE D3 FD EA 07 18 67 A0 BE F0 70 E9 97 ..D......g...p..
0010: D2 D7 1B E3 ....
Algorithm: [SHA256withRSA]
0000: 12 8A E0 40 EB 91 7F 6D A5 06 E8 F8 A2 CD D5 EF ...@...m........
0010: AC E1 3A 95 7C 99 09 D7 04 AA 5E 59 4D FC 45 92 ..:.......^YM.E.
0020: CD 9F 58 95 8F F1 F4 17 D4 73 8D B4 D3 BC 8C DD ..X......s......
0030: 99 C7 47 5D 4E 22 43 BA 74 C1 4B 2B 76 98 1A AA ..G]N"C.t.K+v...
0040: 1F 6A 62 1E 1E 2B BD 13 3D 36 97 36 05 7F 31 F1 .jb..+..=6.6..1.
0050: 68 A9 60 E1 94 74 84 6A 60 68 B4 8A ED 94 04 43 h.`..t.j`h.....C
0060: 0F 89 D2 83 4F D2 A4 4F E7 24 D5 AE 13 7A CD F2 ....O..O.$...z..
0070: 4D AE DA B2 4C 27 C8 97 7D 10 20 13 A6 B5 83 A5 M...L'.... .....
0080: 79 96 52 CE C0 BC 2F 1E 67 7C 49 DC 3D 2E 55 24 y.R.../.g.I.=.U$
0090: 73 5E F1 95 10 6C 9A 21 1E 5F 2D 9B 75 7A D8 31 s^...l.!._-.uz.1
00A0: 59 42 B0 6C AD 86 6E 05 D9 59 86 67 16 E5 AD C1 YB.l..n..Y.g....
00B0: E8 6C 21 15 19 8A 85 D8 70 59 B4 51 D6 3D 16 CE .l!.....pY.Q.=..
00C0: 2D AD 7B E8 08 32 0D B7 2F F0 15 1C 12 EE 9F 18 -....2../.......
00D0: C3 DE 61 16 C4 D3 A4 1A F2 1E E0 C5 BA 28 49 B8 ..a..........(I.
00E0: 70 0E 19 21 6E 1B 47 CA 1E E9 A0 33 D9 23 D5 CF p..!n.G....3.#..
00F0: CE 91 71 AA 6B 54 0B 24 49 4A CE 2F 92 6D 4D DA ..q.kT.$IJ./.mM.
*** Diffie-Hellman ServerKeyExchange
DH Modulus: { 233, 230, 66, 89, 157, 53, 95, 55, 201, 127, 253, 53, 103, 18, 11, 142, 37, 201, 205, 67, 233, 39, 179, 169, 103, 15, 190, 197, 216, 144, 20, 25, 34, 210, 195, 179, 173, 36, 128, 9, 55, 153, 134, 157, 30, 132, 106, 171, 73, 250, 176, 173, 38, 210, 206, 106, 34, 33, 157, 71, 11, 206, 125, 119, 125, 74, 33, 251, 233, 194, 112, 181, 127, 96, 112, 2, 243, 206, 248, 57, 54, 148, 207, 69, 238, 54, 136, 193, 26, 140, 86, 171, 18, 122, 61, 175 }
DH Base: { 48, 71, 10, 213, 160, 5, 251, 20, 206, 45, 157, 205, 135, 227, 139, 199, 209, 177, 197, 250, 203, 174, 203, 233, 95, 25, 10, 167, 163, 29, 35, 196, 219, 188, 190, 6, 23, 69, 68, 64, 26, 91, 44, 2, 9, 101, 216, 194, 189, 33, 113, 211, 102, 132, 69, 119, 31, 116, 186, 8, 77, 32, 41, 216, 60, 28, 21, 133, 71, 243, 169, 241, 162, 113, 91, 226, 61, 81, 174, 77, 62, 90, 31, 106, 112, 100, 243, 22, 147, 58, 52, 109, 63, 82, 146, 82 }
Server DH Public Key: { 196, 174, 239, 97, 244, 9, 222, 141, 94, 81, 143, 199, 56, 23, 160, 164, 140, 162, 44, 78, 243, 75, 44, 208, 229, 164, 90, 214, 232, 7, 55, 101, 24, 164, 116, 13, 189, 175, 113, 183, 170, 161, 229, 93, 86, 216, 238, 9, 179, 130, 120, 140, 173, 190, 119, 34, 131, 169, 114, 230, 223, 139, 79, 128, 46, 17, 200, 81, 229, 13, 176, 73, 129, 204, 10, 243, 197, 24, 174, 152, 108, 11, 14, 58, 168, 9, 11, 49, 222, 189, 117, 125, 126, 49, 230, 250 }
Signed with a DSA or RSA public key
*** ServerHelloDone
org.subethamail.smtp.server.Session-/, WRITE: TLSv1 Handshake, length = 1570
org.subethamail.smtp.server.Session-/, READ: TLSv1 Handshake, length = 102
*** ClientKeyExchange, DH
DH Public key: { 95, 208, 98, 2, 159, 50, 206, 212, 96, 80, 180, 201, 119, 130, 53, 165, 5, 81, 35, 243, 18, 0, 100, 250, 160, 150, 10, 60, 129, 126, 9, 130, 58, 236, 226, 104, 238, 19, 255, 109, 213, 240, 24, 22, 47, 10, 6, 114, 91, 199, 56, 238, 79, 158, 30, 199, 90, 16, 174, 112, 202, 125, 87, 70, 101, 86, 131, 15, 73, 103, 223, 186, 196, 132, 4, 54, 46, 6, 58, 211, 70, 213, 246, 244, 250, 125, 1, 175, 155, 197, 68, 73, 224, 19, 133, 189 }
PreMaster Secret:
0000: 68 1E 91 97 0A 91 6A E3 B2 41 17 32 41 B9 80 24 h.....j..A.2A..$
0010: 4F C8 84 F2 7F C7 D8 F5 28 BB 84 82 4E C9 C3 53 O.......(...N..S
0020: 0B B8 10 3E 08 0B C0 87 D8 2D FB A1 BA D4 1C FB ...>.....-......
0030: 01 DA 8F F2 10 E0 63 EA BF 41 90 D5 25 1C EC 52 ......c..A..%..R
0040: 00 6A 33 92 C3 84 78 C4 2D 5B 8D 87 9A CE CC E9 .j3...x.-[......
0050: 23 36 49 58 9C 20 20 15 DD 4D AC 01 10 FE D6 DD #6IX. ..M......
Client Nonce:
0000: 51 6F 98 A1 1D 58 2C E2 3A 1E BC 4C 2E 71 12 C1 Qo...X,.:..L.q..
0010: E2 9C 81 F1 A0 17 27 BE B1 25 8D AD AF 06 7D C3 ......'..%......
Server Nonce:
0000: 51 6F 98 A1 EF A7 53 52 BD 92 2B 98 02 19 F7 84 Qo....SR..+.....
0010: 99 A9 D0 4A CF DB EB B3 9A E1 C7 93 EE 5B 72 35 ...J.........[r5
Master Secret:
0000: DD 91 8B 8B 81 B8 DA 9F EC 60 E9 F4 DF 0E C3 27 .........`.....'
0010: F8 BD 3E B1 A7 28 03 FB A7 E7 24 DB D6 80 D5 3F ..>..(....$....?
0020: 8C 90 F0 EF 31 65 51 03 20 CB CA 12 D8 0A 05 AB ....1eQ. .......
Client MAC write Secret:
0000: F2 6C AE B6 C0 3B 2D D7 8E 7C D7 00 6A 3B 80 D3 .l...;-.....j;..
0010: 16 73 B2 57 .s.W
Server MAC write Secret:
0000: 69 2C A7 C1 32 B9 D3 3A FD 30 15 F0 78 4E DE 76 i,..2..:.0..xN.v
0010: 6B F2 EE F2 k...
Client write key:
0000: C3 33 CC EC 07 6C 4F 51 1C B6 14 74 29 6C 82 59 .3...lOQ...t)l.Y
0010: 02 1D A1 99 EA 4A 10 45 .....J.E
Server write key:
0000: 4B 6F 90 B3 C3 C0 00 35 EA DF 0F C7 7F 2D 77 3A Ko.....5.....-w:
0010: 12 C8 34 C9 8B 6E E6 7E ..4..n..
Client write IV:
0000: C2 23 F2 38 C0 E2 46 99 .#.8..F.
Server write IV:
0000: 08 CC 53 9B 23 D6 23 6B ..S.#.#k
org.subethamail.smtp.server.Session-/, READ: TLSv1 Change Cipher Spec, length = 1
org.subethamail.smtp.server.Session-/, READ: TLSv1 Handshake, length = 40
*** Finished
verify_data: { 76, 73, 162, 146, 43, 189, 56, 224, 219, 30, 197, 162 }
org.subethamail.smtp.server.Session-/, WRITE: TLSv1 Change Cipher Spec, length = 1
*** Finished
verify_data: { 253, 203, 94, 73, 30, 8, 230, 39, 100, 105, 142, 219 }
org.subethamail.smtp.server.Session-/, WRITE: TLSv1 Handshake, length = 40
%% Cached server session: [Session-1, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA]
org.subethamail.smtp.server.Session-/, WRITE: TLSv1 Application Data, length = 80
org.subethamail.smtp.server.Session-/, READ: TLSv1 Application Data, length = 24
org.subethamail.smtp.server.Session-/, READ: TLSv1 Application Data, length = 48
org.subethamail.smtp.server.Session-/, WRITE: TLSv1 Application Data, length = 24
org.subethamail.smtp.server.Session-/, WRITE: TLSv1 Application Data, length = 80
org.subethamail.smtp.server.Session-/, READ: TLSv1 Alert, length = 24
org.subethamail.smtp.server.Session-/, RECV TLSv1 ALERT: warning, close_notify
org.subethamail.smtp.server.Session-/, called closeInternal(false)
org.subethamail.smtp.server.Session-/, SEND TLSv1 ALERT: warning, description = close_notify
org.subethamail.smtp.server.Session-/, WRITE: TLSv1 Alert, length = 24
org.subethamail.smtp.server.Session-/, called closeSocket(selfInitiated)
org.subethamail.smtp.server.Session-/, called close()
org.subethamail.smtp.server.Session-/, called closeInternal(true)
org.subethamail.smtp.server.Session-/, called close()
org.subethamail.smtp.server.Session-/, called closeInternal(true)
我的 java 7 总是失败 SSL 握手调试输出
Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
org.subethamail.smtp.server.ServerThread *:40125, setSoTimeout(60000) called
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for SSLv2Hello
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for SSLv2Hello
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for SSLv2Hello
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for SSLv2Hello
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for SSLv2Hello
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for SSLv2Hello
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for SSLv2Hello
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for SSLv3
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for SSLv3
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for SSLv3
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for SSLv3
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for SSLv3
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for SSLv3
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for SSLv3
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for TLSv1.1
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA
org.subethamail.smtp.server.Session-/, READ: TLSv1 Handshake, length = 205
*** ClientHello, TLSv1
RandomCookie: GMT: 1366202735 bytes = { 148, 248, 66, 243, 154, 205, 184, 147, 105, 230, 198, 110, 97, 132, 40, 233, 246, 125, 120, 183, 97, 219, 182, 40, 20, 87, 103, 53 }
Session ID: {}
Compression Methods: { 0 }
Extension ec_point_formats, formats: [uncompressed, ansiX962_compressed_prime, ansiX962_compressed_char2]
Extension elliptic_curves, curve names: {sect163k1, sect163r1, sect163r2, sect193r1, sect193r2, sect233k1, sect233r1, sect239k1, sect283k1, sect283r1, sect409k1, sect409r1, sect571k1, sect571r1, secp160k1, secp160r1, secp160r2, secp192k1, secp192r1, secp224k1, secp224r1, secp256k1, secp256r1, secp384r1, secp521r1}
Unsupported extension type_35, data:
%% Initialized: [Session-1, SSL_NULL_WITH_NULL_NULL]
matching alias: server_certificate
%% Negotiating: [Session-1, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA]
*** ServerHello, TLSv1
RandomCookie: GMT: 1366202735 bytes = { 218, 177, 74, 98, 93, 153, 110, 141, 95, 69, 218, 102, 107, 215, 209, 26, 0, 157, 60, 33, 94, 70, 40, 77, 46, 103, 173, 224 }
Session ID: {81, 111, 153, 111, 235, 17, 119, 190, 82, 45, 15, 130, 77, 69, 37, 136, 91, 110, 135, 121, 204, 13, 56, 171, 101, 52, 110, 122, 85, 126, 15, 109}
Compression Method: 0
Extension renegotiation_info, renegotiated_connection: <empty>
*** Certificate chain
chain [0] = [
Version: V3
Subject: CN=U, OU=U, O=U, L=Unknown, ST=Unknown, C=Unknown
Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11
Key: Sun RSA public key, 2048 bits
modulus: 16529753809247247111312284751522134978177807492128325820211425902224490010793234062180928535488108823704586950959318642289246645463583464189812207858850010614046945230962602914709480782247492980056070065328765412779951346605688731554625592721596539401530793434052536122002537683254913189373178145181405215449627192067321602357247727580287704588004112308611398315890251445283600299225291631455558225388037583805230035932707731947473961715066552985380371964947081577833023069202844021620640680874794841415527496125781091471359903204493217693952167487019116813691991952393229097684735681407566394557493095017917012563127
public exponent: 65537
Validity: [From: Tue Sep 18 11:41:33 GMT+04:00 2012,
To: Wed Sep 18 11:41:33 GMT+04:00 2013]
Issuer: CN=U, OU=U, O=U, L=Unknown, ST=Unknown, C=Unknown
SerialNumber: [ 6e640d68]
Certificate Extensions: 1
[1]: ObjectId: Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 07 CC 44 CE D3 FD EA 07 18 67 A0 BE F0 70 E9 97 ..D......g...p..
0010: D2 D7 1B E3 ....
Algorithm: [SHA256withRSA]
0000: 12 8A E0 40 EB 91 7F 6D A5 06 E8 F8 A2 CD D5 EF ...@...m........
0010: AC E1 3A 95 7C 99 09 D7 04 AA 5E 59 4D FC 45 92 ..:.......^YM.E.
0020: CD 9F 58 95 8F F1 F4 17 D4 73 8D B4 D3 BC 8C DD ..X......s......
0030: 99 C7 47 5D 4E 22 43 BA 74 C1 4B 2B 76 98 1A AA ..G]N"C.t.K+v...
0040: 1F 6A 62 1E 1E 2B BD 13 3D 36 97 36 05 7F 31 F1 .jb..+..=6.6..1.
0050: 68 A9 60 E1 94 74 84 6A 60 68 B4 8A ED 94 04 43 h.`..t.j`h.....C
0060: 0F 89 D2 83 4F D2 A4 4F E7 24 D5 AE 13 7A CD F2 ....O..O.$...z..
0070: 4D AE DA B2 4C 27 C8 97 7D 10 20 13 A6 B5 83 A5 M...L'.... .....
0080: 79 96 52 CE C0 BC 2F 1E 67 7C 49 DC 3D 2E 55 24 y.R.../.g.I.=.U$
0090: 73 5E F1 95 10 6C 9A 21 1E 5F 2D 9B 75 7A D8 31 s^...l.!._-.uz.1
00A0: 59 42 B0 6C AD 86 6E 05 D9 59 86 67 16 E5 AD C1 YB.l..n..Y.g....
00B0: E8 6C 21 15 19 8A 85 D8 70 59 B4 51 D6 3D 16 CE .l!.....pY.Q.=..
00C0: 2D AD 7B E8 08 32 0D B7 2F F0 15 1C 12 EE 9F 18 -....2../.......
00D0: C3 DE 61 16 C4 D3 A4 1A F2 1E E0 C5 BA 28 49 B8 ..a..........(I.
00E0: 70 0E 19 21 6E 1B 47 CA 1E E9 A0 33 D9 23 D5 CF p..!n.G....3.#..
00F0: CE 91 71 AA 6B 54 0B 24 49 4A CE 2F 92 6D 4D DA ..q.kT.$IJ./.mM.
*** ECDH ServerKeyExchange
Server key: Sun EC public key, 163 bits
public x coord: 9136528840887878846890758313033245846487987894913
public y coord: 10222364285200404385822101945158338799500469323918
parameters: sect163k1 [NIST K-163] (
*** ServerHelloDone
org.subethamail.smtp.server.Session-/, WRITE: TLSv1 Handshake, length = 1323
org.subethamail.smtp.server.Session-/, received EOFException: error
org.subethamail.smtp.server.Session-/, handling exception: javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
%% Invalidated: [Session-1, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA]
org.subethamail.smtp.server.Session-/, SEND TLSv1 ALERT: fatal, description = handshake_failure
org.subethamail.smtp.server.Session-/, WRITE: TLSv1 Alert, length = 2
org.subethamail.smtp.server.Session-/, called closeSocket()
Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
org.subethamail.smtp.server.ServerThread *:40125, setSoTimeout(60000) called
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for SSLv2Hello
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for SSLv2Hello
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for SSLv2Hello
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for SSLv2Hello
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for SSLv2Hello
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for SSLv2Hello
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for SSLv2Hello
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for SSLv3
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for SSLv3
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for SSLv3
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for SSLv3
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for SSLv3
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for SSLv3
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for SSLv3
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for TLSv1.1
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA
org.subethamail.smtp.server.Session-/, called close()
org.subethamail.smtp.server.Session-/, called closeInternal(true)
org.subethamail.smtp.server.Session-/, called close()
org.subethamail.smtp.server.Session-/, called closeInternal(true)
我的 SMTP over SSL 服务器实现
private static class SmtpServer extends SMTPServer {
private SSLContext context;
protected SmtpServer(MessageHandlerFactory factory, SSLContext context) {
this.context = context;
public SSLSocket createSSLSocket(Socket socket) throws IOException {
InetSocketAddress remoteAddress = (InetSocketAddress) socket.getRemoteSocketAddress();
SSLSocketFactory sf = context.getSocketFactory();
SSLSocket s = (SSLSocket) sf.createSocket(socket, remoteAddress.getHostName(), socket.getPort(), true);
// we are the server
return s;
实施与以往没有任何区别。唯一的区别是 JDK 的版本。