Articles in this section

See more

javax.net.ssl.SSLException: Unsupported or unrecognized SSL message

Greg Hudson
  • Updated
Follow

Version/Environment (if relevant):

Not version specific

 

Issue:

After specifying new SMTP settings for email notifications in Central Config a customer failed to receive any notifications.   To find more detail we triggered a quick job and tailed the nucleus-dispatcher log.  We found an exception occurring.  The "caused by" provided a clue:

Caused by: javax.net.ssl.SSLException: Unsupported or unrecognized SSL message
at java.base/sun.security.ssl.SSLSocketInputRecord.handleUnknownRecord(SSLSocketInputRecord.java:451)
at java.base/sun.security.ssl.SSLSocketInputRecord.decode(SSLSocketInputRecord.java:175)
at java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:110)
at java.base/sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1418)
at java.base/sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1324)
at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:440)
at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:411)
at com.sun.mail.util.SocketFetcher.configureSSLSocket(SocketFetcher.java:626)
at com.sun.mail.util.SocketFetcher.createSocket(SocketFetcher.java:400)
at com.sun.mail.util.SocketFetcher.getSocket(SocketFetcher.java:238)
at com.sun.mail.smtp.SMTPTransport.openServer(SMTPTransport.java:2175)
... 22 common frames omitted

 

 

Root Cause:

javax.net.ssl.SSLException: Unsupported or unrecognized SSL message can occur if protocols are incorrect.   For example if your specify a port that is NOT SSL but you chose settings that trying to connect via SSL, this can occur.  It is the equivalent of trying to browse https protocol on a webserver port that is only listening for http protocol.  

 

Resolution:

You need to correct either the port or the protocol.   Double-check your values forcom.cerebro.domino.email.smtp.ssl and com.cerebro.domino.email.channel and ensure they're aligned with the mailserver's specifications on the port you've designated. 

For example if your mailserver administrator told you to use port 25 then you probably need com.cerebro.domino.email.smtp.ssl=false rather than true since 25 is usually is not SSL-based.

If your mailserver requires TLS then use:
com.cerebro.domino.email.smtp.ssl: false
com.cerebro.domino.email.smtp.channel : starttls
and your port would likely be 587 (but confirm with your mailserver admin).

 

Notes/Information:

Tail dispatcher with timestamps:
kubectl logs deployment.apps/nucleus-dispatcher -n <your namespace> --container=nucleus-frontend --follow --timestamps=true

 

DOMINO SUPPORT Help Center home page

Related articles

Comments

0 comments

Please sign in to leave a comment.