Hey there, let’s tackle this TLS handshake issue you’re running into—it’s a common problem when JDK security settings or outdated libraries clash with modern mail server requirements. Since you’ve tried multiple mail providers and still see the same error, the issue is almost certainly on your local Java environment side, not the servers.

Root Cause #

The error javax.net.ssl.SSLHandshakeException: No appropriate protocol (protocol is disabled or cipher suites are inappropriate) typically happens because:

• Your JDK has disabled the TLS protocol versions that modern mail servers require (most use TLS 1.2 or 1.3)
• Your JavaMail library is outdated and doesn’t support newer TLS protocols
• The cipher suites supported by your JDK don’t match what the mail servers accept

Step-by-Step Solutions #

1. Explicitly Specify TLS Protocol Version in Your Code

Add this property to your mail configuration to force using a widely supported TLS version (TLS 1.2 works with all major mail providers):

props.put("mail.smtp.ssl.protocols", "TLSv1.2");
// If your mail server supports it, you can also try TLS 1.3:
// props.put("mail.smtp.ssl.protocols", "TLSv1.3");

This overrides the default protocol selection and ensures your code uses a version that isn’t disabled in your JDK.

2. Update Your JavaMail Library

Older versions of JavaMail (javax.mail/jakarta.mail) may not properly handle modern TLS configurations. Upgrade to the latest compatible version:

• For Java 11+ (Jakarta Mail):

  <dependency>
      <groupId>com.sun.mail</groupId>
      <artifactId>jakarta.mail</artifactId>
      <version>2.1.0</version>
  </dependency>
  

• For Java 8 (Legacy javax.mail):

  <dependency>
      <groupId>javax.mail</groupId>
      <artifactId>mail</artifactId>
      <version>1.6.2</version>
  </dependency>
  

Updating often fixes protocol negotiation issues out of the box.

3. Adjust JDK Security Configuration

If the first two steps don’t work, check your JDK’s security settings to make sure the required TLS protocol isn’t disabled:

1. Locate the java.security file in your JDK installation:
   • JDK 8: <JDK_HOME>/jre/lib/security/java.security
   • JDK 9+: <JDK_HOME>/conf/security/java.security
2. Find the line starting with jdk.tls.disabledAlgorithms
3. Remove TLSv1.2 (or TLSv1.3 if needed) from the disabled list. For example:

   # Before (might have TLSv1.2 disabled)
   jdk.tls.disabledAlgorithms=SSLv3, TLSv1, TLSv1.1, TLSv1.2
   
   # After (enable TLSv1.2)
   jdk.tls.disabledAlgorithms=SSLv3, TLSv1, TLSv1.1
   

4. Save the file and restart your application.

4. Verify Your JDK's Supported TLS Protocols

To confirm which protocols your JDK allows, run this quick test class:

import javax.net.ssl.SSLSocketFactory;
import java.util.Arrays;

public class TLSProtocolChecker {
    public static void main(String[] args) {
        SSLSocketFactory factory = (SSLSocketFactory) SSLSocketFactory.getDefault();
        
        System.out.println("Supported TLS Protocols:");
        Arrays.stream(factory.getSupportedProtocols())
              .filter(protocol -> protocol.startsWith("TLS"))
              .forEach(System.out::println);
        
        System.out.println("\nEnabled Cipher Suites:");
        Arrays.stream(factory.getDefaultCipherSuites())
              .forEach(System.out::println);
    }
}

If TLSv1.2 or TLSv1.3 don’t appear in the supported list, you’ll need to adjust the JDK security settings as described in step 3.

Final Notes #

Since the issue occurs across multiple mail servers, focusing on your local Java environment (protocol settings, library versions) will resolve the problem. Start with step 1 (explicit protocol setting) as it’s the easiest and least intrusive fix.

内容的提问来源于stack exchange，提问作者Fabian Schmitz