java - 即使我已经添加了证书，如何修复 javax.net.ssl.SSLHandshakeException

Question

我正在编写一个脚本来控制我的灯光，因为我很懒，所以通过电子邮件进行通信(我知道它运行得相当快，因为​​它曾经在 python 上运行，但由于某些单独的原因，我正在用 java 编写它)知道问题是我不断收到 javax.net.ssl.SSLHandshakeException 错误，我尝试了此 overflow page但即使我添加了受信任的证书，它也不起作用，并且我不断收到相同的错误，以下是我的代码、完整的错误和显示我已添加证书的图片

import java.util.Properties;

import javax.mail.Folder;
import javax.mail.Message;
import javax.mail.MessagingException;
import javax.mail.NoSuchProviderException;
import javax.mail.Session;
import javax.mail.Store;

public class test {

    public static void check(String host, String storeType, String user,
                             String password)
    {
        try {

            //create properties field
            Properties properties = new Properties();

            properties.put("mail.pop3.host", host);
            properties.put("mail.pop3.port", "995");
            properties.put("mail.pop3.starttls.enable", "true");
            Session emailSession = Session.getDefaultInstance(properties);

            //create the POP3 store object and connect with the pop server
            Store store = emailSession.getStore("pop3s");

            store.connect(host, user, password);

            //create the folder object and open it
            Folder emailFolder = store.getFolder("INBOX");
            emailFolder.open(Folder.READ_ONLY);

            // retrieve the messages from the folder in an array and print it
            Message[] messages = emailFolder.getMessages();
            System.out.println("messages.length---" + messages.length);

            for (int i = 0, n = messages.length; i < n; i++) {
                Message message = messages[i];
                System.out.println("---------------------------------");
                System.out.println("Email Number " + (i + 1));
                System.out.println("Subject: " + message.getSubject());
                System.out.println("From: " + message.getFrom()[0]);
                System.out.println("Text: " + message.getContent().toString());

            }

            //close the store and folder objects
            emailFolder.close(false);
            store.close();

        } catch (NoSuchProviderException e) {
            e.printStackTrace();
        } catch (MessagingException e) {
            e.printStackTrace();
        } catch (Exception e) {
            e.printStackTrace();
        }
    }

    public static void main(String[] args) {

        String host = "pop.gmail.com";// change accordingly
        String mailStoreType = "pop3";
        String username = "EMAIL";// change accordingly
        String password = "PASSWORD";// change accordingly

        check(host, mailStoreType, username, password);
    
        }

}

错误

javax.mail.MessagingException: Connect failed;
  nested exception is:
    javax.net.ssl.SSLHandshakeException: No appropriate protocol (protocol is disabled or cipher suites are inappropriate)
    at com.sun.mail.pop3.POP3Store.protocolConnect(POP3Store.java:160)
    at javax.mail.Service.connect(Service.java:291)
    at javax.mail.Service.connect(Service.java:172)
    at test.check(test.java:28)
    at test.main(test.java:68)
Caused by: javax.net.ssl.SSLHandshakeException: No appropriate protocol (protocol is disabled or cipher suites are inappropriate)
    at java.base/sun.security.ssl.HandshakeContext.<init>(HandshakeContext.java:172)
    at java.base/sun.security.ssl.ClientHandshakeContext.<init>(ClientHandshakeContext.java:98)
    at java.base/sun.security.ssl.TransportContext.kickstart(TransportContext.java:238)
    at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:434)
    at java.base/sun.security.ssl.SSLSocketImpl.ensureNegotiated(SSLSocketImpl.java:904)
    at java.base/sun.security.ssl.SSLSocketImpl$AppInputStream.read(SSLSocketImpl.java:995)
    at java.base/java.io.BufferedInputStream.fill(BufferedInputStream.java:244)
    at java.base/java.io.BufferedInputStream.read(BufferedInputStream.java:263)
    at java.base/java.io.DataInputStream.readLine(DataInputStream.java:519)
    at com.sun.mail.pop3.Protocol.simpleCommand(Protocol.java:359)
    at com.sun.mail.pop3.Protocol.<init>(Protocol.java:101)
    at com.sun.mail.pop3.POP3Store.getPort(POP3Store.java:213)
    at com.sun.mail.pop3.POP3Store.protocolConnect(POP3Store.java:156)
    ... 4 more

Process finished with exit code 0

Java.安全性

这是删除 TLS1 并保留 TSL 1.1 时出现的错误

Exception in thread "main" java.lang.NoClassDefFoundError: javax/activation/DataSource
    at com.sun.mail.pop3.POP3Folder.createMessage(POP3Folder.java:326)
    at com.sun.mail.pop3.POP3Folder.getMessage(POP3Folder.java:307)
    at javax.mail.Folder.getMessages(Folder.java:943)
    at test.check(test.java:35)
    at test.main(test.java:68)
Caused by: java.lang.ClassNotFoundException: javax.activation.DataSource
    at java.base/jdk.internal.loader.BuiltinClassLoader.loadClass(BuiltinClassLoader.java:636)
    at java.base/jdk.internal.loader.ClassLoaders$AppClassLoader.loadClass(ClassLoaders.java:182)
    at java.base/java.lang.ClassLoader.loadClass(ClassLoader.java:519)
    ... 5 more

Answer 1

根据日志，此阶段的问题与客户端缺少验证服务器身份所需的证书无关。在您的情况下，SSL握手过程中需要协议(protocol)或密码套件不匹配的问题。

No appropriate protocol (protocol is disabled or cipher suites are inappropriate)

据我所知，您使用的是最新版本的 java，其中对旧版本 TLS 协议(protocol)(例如 TLSv1 和 TLSv1.1)的支持已被禁用默认情况下，因此您可以通过从 java.security 配置文件中的 jdk.tls.disabledAlgorithms 安全属性中删除禁用的来启用它们。

jdk.tls.disabledAlgorithms=SSLv3, TLSv1, TLSv1.1, RC4, DES, MD5withRSA,
DH keySize < 1024, EC keySize < 224, 3DES_EDE_CBC, anon, NULL

对于旧版本的 Java，可以在以下位置找到安全文件: JAVA_HOME/jre/lib/security/java.security

特定于较新版本和 Java 16

JAVA_HOME/conf/security