search

mguessan / davmail

DavMail POP/IMAP/SMTP/Caldav/Carddav/LDAP Exchange and Office 365 Gateway - Synced with main subversion repository at
http://davmail.sourceforge.net
GNU General Public License v2.0
558 stars 82 forks source link

SSL handshake throwing "No common named group" exception #361

Open hudcap opened 5 days ago

hudcap commented 5 days ago

First of all, thank you for this awesome software!

I'm running DavMail in server mode with SSL on Windows 11, using the standalone davmail version that comes with Java Everything worked fine in 6.2.1-3496 Upgraded to 6.2.2-3546, and now when Gmail fetches via POP, Java throws a "No common named group" exception It works fine when I test the connection from Python

Error log:


2024-07-03 09:59:07,566 INFO  [main] davmail  - DavMail Gateway 6.2.2-3546 listening on SMTP port 465 POP port 1110
2024-07-03 09:59:07,790 DEBUG [CheckRelease] davmail.http.HttpClientAdapter  - GET https://davmail.sourceforge.net/version.txt
2024-07-03 09:59:07,873 DEBUG [CheckRelease] davmail.http.DavGatewaySSLSocketFactory  - createSocket davmail.sourceforge.net 443
2024-07-03 09:59:08,226 DEBUG [CheckRelease] davmail.DavGateway  - DavMail released version: 6.2.2-3546
2024-07-03 09:59:30,613 DEBUG [davmail.pop.PopServer] davmail  - Connection from /*** on port 1110
2024-07-03 09:59:30,616 INFO  [davmail.pop.PopServer] davmail.connection  - CONNECT - ***
2024-07-03 09:59:30,670 DEBUG [PopConnection-***] davmail.http.DavGatewaySSLSocketFactory  - createSocket outlook.office365.com 443
2024-07-03 09:59:30,771 DEBUG [PopConnection-***] davmail.exchange.ExchangeSession  - Test configuration status: 401
2024-07-03 09:59:30,780 DEBUG [PopConnection-***] davmail  - > +OK DavMail 6.2.2-3546 POP ready at Wed Jul 03 09:59:30 EDT 2024
2024-07-03 09:59:30,789 ERROR [PopConnection-***] davmail  - No common named group
javax.net.ssl.SSLProtocolException: No common named group
        at java.base/sun.security.ssl.Alert.createSSLException(Unknown Source)
        at java.base/sun.security.ssl.Alert.createSSLException(Unknown Source)
        at java.base/sun.security.ssl.TransportContext.fatal(Unknown Source)
        at java.base/sun.security.ssl.TransportContext.fatal(Unknown Source)
        at java.base/sun.security.ssl.TransportContext.fatal(Unknown Source)
        at java.base/sun.security.ssl.KeyShareExtension$HRRKeyShareProducer.produce(Unknown Source)
        at java.base/sun.security.ssl.SSLExtension.produce(Unknown Source)
        at java.base/sun.security.ssl.SSLExtensions.produce(Unknown Source)
        at java.base/sun.security.ssl.ServerHello$T13HelloRetryRequestProducer.produce(Unknown Source)
        at java.base/sun.security.ssl.SSLHandshake.produce(Unknown Source)
        at java.base/sun.security.ssl.ClientHello$T13ClientHelloConsumer.goHelloRetryRequest(Unknown Source)
        at java.base/sun.security.ssl.ClientHello$T13ClientHelloConsumer.consume(Unknown Source)
        at java.base/sun.security.ssl.ClientHello$ClientHelloConsumer.onClientHello(Unknown Source)
        at java.base/sun.security.ssl.ClientHello$ClientHelloConsumer.consume(Unknown Source)
        at java.base/sun.security.ssl.SSLHandshake.consume(Unknown Source)
        at java.base/sun.security.ssl.HandshakeContext.dispatch(Unknown Source)
        at java.base/sun.security.ssl.HandshakeContext.dispatch(Unknown Source)
        at java.base/sun.security.ssl.TransportContext.dispatch(Unknown Source)
        at java.base/sun.security.ssl.SSLTransport.decode(Unknown Source)
        at java.base/sun.security.ssl.SSLSocketImpl.decode(Unknown Source)
        at java.base/sun.security.ssl.SSLSocketImpl.readHandshakeRecord(Unknown Source)
        at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
        at java.base/sun.security.ssl.SSLSocketImpl.ensureNegotiated(Unknown Source)
        at java.base/sun.security.ssl.SSLSocketImpl$AppOutputStream.write(Unknown Source)
        at java.base/java.io.BufferedOutputStream.flushBuffer(Unknown Source)
        at java.base/java.io.BufferedOutputStream.flush(Unknown Source)
        at davmail.AbstractConnection.sendClient(AbstractConnection.java:186)
        at davmail.pop.PopConnection.sendOK(PopConnection.java:289)
        at davmail.pop.PopConnection.run(PopConnection.java:99)
2024-07-03 09:59:30,796 DEBUG [PopConnection-***] davmail  - > -ERR No common named group
2024-07-03 09:59:30,801 DEBUG [PopConnection-***] davmail  - Exception sending error to client Connection or outbound has closed
java.net.SocketException: Connection or outbound has closed
        at java.base/sun.security.ssl.SSLSocketImpl$AppOutputStream.write(Unknown Source)
        at java.base/java.io.BufferedOutputStream.flushBuffer(Unknown Source)
        at java.base/java.io.BufferedOutputStream.flush(Unknown Source)
        at davmail.AbstractConnection.sendClient(AbstractConnection.java:186)
        at davmail.pop.PopConnection.sendERR(PopConnection.java:301)
        at davmail.pop.PopConnection.run(PopConnection.java:278)
2024-07-03 09:59:30,802 INFO  [PopConnection-***] davmail.connection  - DISCONNECT - ***```
esabol commented 5 days ago

My web searching says this error is due to a bug in Java 11.0.11 or a specific version of OpenJDK. What version of Java are you using? Which JDK? The solution might be to upgrade either or both.

https://bugs.openjdk.org/browse/JDK-8242565 https://stackoverflow.com/questions/68380510/java-11-0-11-ssl-handshake-fails-with-exception-no-common-named-group

hudcap commented 5 days ago

Thanks, I found that, but I'm using the standalone version of davmail, so I believe it's whatever Java comes packaged with davmail. Also, when I restore the previous version into my active folder, everything works fine again, which shouldn't be the case if it was picking up some other Java on the system (which shouldn't exist, to my knowledge).

The reference bug seems to have been resolved a few years ago, so it's strange that a recent update would introduce it. Unless the bug was reintroduced to a new version of Java. I tried figuring out what changed in between versions, but couldn't make heads or tails of it.

esabol commented 5 days ago

Standalone version of DavMail? What do you mean?

hudcap commented 5 days ago

https://sourceforge.net/projects/davmail/files/davmail/6.2.2/davmail-6.2.2-3546-windows-standalone.zip/download I guess I should add this to the original post

esabol commented 5 days ago

Ah, I don't use Windows. On Linux and the Mac (I think), you have to install Java separately to use DavMail. Maybe the standalone version for Windows just needs to include a newer version of Java or OpenJDK, but I don't know how that's packaged.

hudcap commented 5 days ago

Interesting. I'll try installing OpenJDK on the system and use the non-standalone version to see if that resolves the issue. Thanks! I'll leave the issue open, since I believe it's still a bug.

hudcap commented 5 days ago

Yup, that fixed it, thanks! Had to follow this to get davmail to find the jvm.dll, but all is good now.