starttls.enabled = true 对于从 Java 代码发送的邮件是否安全?
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/18333594/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
is starttls.enabled = true is safe for mail sending from java code?
提问by Baurzhan
I'm sending emails from java code.My configuration is
我正在从 java 代码发送电子邮件。我的配置是
props.put("mail.smtp.starttls.enable", "true");
props.put("mail.smtp.host", "****");
props.put("mail.smtp.auth", "true");
props.put("mail.smtp.port", "587");
On my other questionEJPanswered
Any protocol that uses STARTTLS is in SSL mode after the STARTTLS command is issued
发出 STARTTLS 命令后,任何使用 STARTTLS 的协议都处于 SSL 模式
But my debug output shows:DEBUG SMTP: trying to connect to host "****", port 587, isSSL false.
但是我的调试输出显示:DEBUG SMTP:试图连接到主机“****”,端口 587,isSSL false。
So my question sounds like
所以我的问题听起来像
Is such configuration really safe and uses SSLas EJPsaid despite of isSSL=false on my debug output?
尽管我的调试输出中有 isSSL=false ,但这样的配置真的安全吗并且SSL像EJP所说的那样使用?
UPDATE
更新
connecting code
连接代码
Transport transport = session.getTransport("smtp");
transport.connect("host", 587,"username", "password");
when I wrote Transport transport = session.getTransport("smtps")I got
当我写 Transport transport = session.getTransport("smtps")我得到
javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection
回答by Ivo Limmen
You should still use the 'smtp' transport as that is the protocol (smtps is not an known protocol). SSL is used for the connection. I myself have used 'javax.mail' in conjunction with Google. Google only allows SSL. So I can only answer yes; it works and it is safe. I should add that the property 'mail.smtp.starttls.enable' is a bit confusing. The startsll property refers to the command that is being issued but it should have been named: 'mail.smtp.secure.enable'.
您仍应使用“smtp”传输,因为这是协议(smtps 不是已知协议)。SSL 用于连接。我自己已经将“javax.mail”与 Google 结合使用。Google 只允许使用 SSL。所以我只能回答是;它有效而且安全。我应该补充一点,属性 'mail.smtp.starttls.enable' 有点令人困惑。startll 属性指的是正在发出的命令,但它应该被命名为:“mail.smtp.secure.enable”。
回答by am5
Set mail.smtp.starttls.required=true This ensures TLS is used or connection won't happen REF: https://javamail.java.net/nonav/docs/api/com/sun/mail/smtp/package-summary.html
设置 mail.smtp.starttls.required=true 这确保使用 TLS 或连接不会发生参考:https: //javamail.java.net/nonav/docs/api/com/sun/mail/smtp/package-summary .html
