CF2021 email setting issue

Report · Jan 27, 2022

Hi all,

I just upgraded our CF2018 to CF2021 on the same machine.

CF2021 works as the webpages are loading. However, <cfmail> is not sending email out.

When I tried to send an email out using <cfmail>, the email in in the "Undeliver" folder.

From coldfusion-out.log

Jan 27, 2022 17:39:04 PM Error [scheduler-0] - javax.mail.MessagingException: Could not convert socket to TLS; nested exception is: java.net.SocketException: java.security.NoSuchAlgorithmException: Error constructing implementation (algorithm: Default, provider: SunJSSE, class: sun.security.ssl.SSLContextImpl$DefaultSSLContext)

From Mail.log

"Error","scheduler-0","01/27/22","17:39:04","","javax.mail.MessagingException: Could not convert socket to TLS; nested exception is: java.net.SocketException: java.security.NoSuchAlgorithmException: Error constructing implementation (algorithm: Default, provider: SunJSSE, class: sun.security.ssl.SSLContextImpl$DefaultSSLContext)"

I compared my settings in CF2021 with CF2018 and they are the same.

I am sure the password used in CF2021 is correct. If it is not, the error should be about "Authentication unsuccessful" in the Mail.log

JVM is 11.0.12 in CF2021, just like in my CF2018 install.

Any idea how to fix?

Thanks.

Dchan

Report · Jan 27, 2022

Dchan, this problem has happened over the years, and folks have solved it various ways. Consider the following. Some are easier than others. Best to try one at a time, to find what fixes this. (Even better would be to try ONLY one at a time, undoing it if it doesn't work, before trying the next you'd choose.)

Sometimes it's solved by updating Java. Fwiw, your 11.0.12 is fairly updated, though the latest is 11.0.14, from last week
Sometimes it's solved by updating cf. You don't say what Cf2021 update you're on. The latest is 3, from last month
Sometimes it's about an anti-virus running on the cf server. Is there any? If so, what one? Can you try disabling it momentarily to see if mail goes out then? If so, consider adding cf as an exception for the a/v
Sometimes it's about your OS. What is running your cf server, and what update level? While you may not feel you can update it, hearing what it is might help understand the problem
Finally, the problem may be solved by a JVM arg:

-Dmail.smtp.ssl.protocols=TLSv1.2

There is still more analysis that COULD be done by enabling tls connection debugging in the jvm, but its resulting log entries can be quite challenging to sort through, especially in a busy prod server. Consider the other options above, either because they're easier or have longer-term benefits for you.

Let us know how it goes.

PS You don't have to go all this alone. There are consultants like myself who can help you remotely, quickly. But I realize some feel it's too difficult to arrange in their org. Just consider that the time may fit under the level of a departmental credit card, which may require far lower effort to get approved.

/Charlie (troubleshooter, carehart.org)

Report · Jan 27, 2022

Hi @Charlie Arehart ,

My CF2018 had update 13 on it. My CF2021 has no updates to Core package.

Both CF2018 and CF2021 are running on the same VM. Our anti-virus software is Cisco Secure Endpoint. I don't see any exception for either CF2018 or CF2021 folder. One of my colleague control the anti-virus software.

The "kicker" here was that CF2021 email worked at first. Then, I discovered the DateFormat issue with "D" vs "d". In some of our codes, "D" was used. And that would mean calendar date in a year. I was following this https://helpx.adobe.com/coldfusion/kb/dateformat-function-coldfusion-2021.html to correct. I downloaded the hf202100-4210921.jar and put it in cfusion/lib/updates. But, I was unable to change the jvm.config file (CF_HOME/cfusion/bin) by adding this argument , -Dcoldfusion.datemask.useDasdayofmonth=true.

May be because ColdFusion is running and the JVM.config file cannot be changed?

Then I decided to change my codes to replace all "D" with "d" on DateFormat.

Then, CF2021 email failed. Then, I remove the hf202100-4210921.jar from the update folder, restarted ColdFusion again and email continued to be undelivered.

Since CF2021 email worked for a little bit, I wonder if I should uninstall and reinstall CF2021 and see if email may work again. But, I will not know why it is not working now.

Dchan

Report · Jan 28, 2022

I compared my settings in CF2021 with CF2018 and they are the same.

Dchan

There is at least one "invisible" setting to consider. You apparently use HTTPS. However, you haven't mentioned whether you imported the security certificate into ColdFusion 2021. You should import the necessary certificates.

Did you test Charlie's suggestion of adding the flag -Dmail.smtp.ssl.protocols=TLSv1.2 to the java.args in jvm.config? To do so, you first have to stop ColdFusion.

If that flag fails, then the cause of the mail issue will likely be Java. There was a recent change in Java 11's TLS settings. From Java 11.0.11 onwards, TLSv1 and TLSv1.1 are disabled by default. So if you used Java 11.0.11 or newer with a mail server that uses TLSv1.x, errors would likely occur.

If the test with the TLSv1.2 flag failed, then you could test with the flag -Dmail.smtp.ssl.protocols=“TLSv1 TLSv1.1 TLSv1.2". I am presuming that you would again have stopped ColdFusion. Also, for this test, it would probably be necessary to enable TLSv1 and TLSv1.1. To do so,

open the file {JAVA_HOME}\conf\security\java.security in an editor; (JAVA_HOME = home directory of the Java installation used by ColdFusion)
locate the setting jdk.tls.disabledAlgorithms and remove "TLSv1, TLSv1.1," from it. (WARNING: Java 11.0.11 disabled TLS 1.x for a reason. Enabling it carries a security risk.)

Problem solved?

Given your last post, a further suggestion would be:

Stop ColdFusion 2021;
Revert all the code changes you made (including, of course, the changes from "D" to "d");
Examine jvm.config and ensure it contains no errors. Add the flag -Dcoldfusion.datemask.useDasdayofmonth=true to java.args, making sure you put a space before and after the flag.
Copy hf202100-4210921.jar back to {CF_HOME}/cfusion/lib/updates. The directory should then have the 2 files hf202100-4210921.jar and chf20210003.jar.
Restart ColdFusion.

Report · Jan 28, 2022

I compared my settings in CF2021 with CF2018 and they are the same.

I am sure the password used in CF2021 is correct. If it is not, the error should be about "Authentication unsuccessful" in the Mail.log

Dchan

Not necessarily. If a TLS-related password is incorrect, you won't get "Authentication unsuccessful". You will instead get errors such as those in your first post.

For example, someone else had the same error after forgetting to delete the settings

-Djavax.net.ssl.keyStore=mySrvKeystore -Djavax.net.ssl.keyStorePassword=123456

following a test. See https://stackoverflow.com/questions/9761575/java-nosuchalgorithmexception-sunjsse-sun-security-ssl-s...

Report · Jan 28, 2022

Hi @BKBK @Charlie Arehart ,

The solution I have now is uninstalled the CF2021 I have and reinstall it in a different directory.

I tried to re-install in the same directory as before and CF2021 will not run properly. At one point, event the CF2021 Administrator webpage cannot be pulled up.

In this install, email works. And I used the default Java package in the JRE folder that comes with the install. I just enter the password to the email server again. I did not put the hf202100-4210921.jar in cfusion/lib/updates for "D" as day in month either because I intend to change all the codes that has "D" to "d".

Before I did the above, I tried to put in Java argument

-Dcoldfusion.datemask.useDasdayofmonth=true

-Dmail.smtp.ssl.protocols=TLSv1.2 or -Dmail.smtp.ssl.protocols=“TLSv1 TLSv1.1 TLSv1.2"

in the Administrator page. But, email still will not go.

So, things are working for now.

Thanks guys.

Dchan

Report · Jan 28, 2022

Good news. Thanks for the update, dchan@gfc.state.ga.u .

Have fun with the rest of the project.

Adobe Community

CF2021 email setting issue

1 Correct answer