Gmail error with maileater Failed to make connection with STARTTLS
search cancel

Gmail error with maileater Failed to make connection with STARTTLS

book

Article ID: 217087

calendar_today

Updated On:

Products

CA Service Desk Manager CA Service Management - Service Desk Manager

Issue/Introduction

While maileater with gmail appears to be working, there is a message in the maileater_nxd.log that states:

20XX-01-01 00:00:00:000 ERROR  [ForkJoinPool-1-worker-3] c.c.S.m.c.JavaMailIMAPClient - getIMAPHostInfo() + Failed to make connection with STARTTLS to server imap.gmail.com, port 993, trying SSL connection

Is this error message of any concern?

Environment

CA Service Management 17.x and higher

Cause

The above message is the initial attempt by maileater to make a connection to imap.gmail.com:993 via the STARTTLS protocol.  This connection attempt is expected to fail and a subsequent attempt to connect will be made using a direct SSL connection instead and should be successful.

Resolution

The above message is safe to ignore as it does not represent the actual connection that maileater will eventually make to imap.gmail.com:993.  Maileater relies on making a direct SSL connection instead of using STARTTLS 

Additional Information

OpenSSL can be downloaded here:  https://www.openssl.org/

If one downloads and runs openssl, one can run this command to view what happens when a connection attempt is made to imap.gmail.com:993 using STARTTLS:

openssl s_client -starttls imap -connect imap.gmail.com:993 

In this case, the output will resemble:

CONNECTED(000001C4)
Didn't find STARTTLS in server response, trying anyway...
write:errno=0
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and written 342 bytes
Verification: OK
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---

 

The above output demonstrates that the STARTTLS connection method is not supported (as indicated in the bold sections of the above output)

However, if one makes a direct SSL connection via openssl, ie:

openssl s_client -connect imap.gmail.com:993

The output received will read as:

CONNECTED(000001C4)
depth=1 C = US, O = Google Trust Services, CN = GTS CA 1O1
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 C = US, ST = California, L = Mountain View, O = Google LLC, CN = imap.gmail.com
verify return:1
---
Certificate chain
 0 s:C = US, ST = California, L = Mountain View, O = Google LLC, CN = imap.gmail.com
   i:C = US, O = Google Trust Services, CN = GTS CA 1O1
 1 s:C = US, O = Google Trust Services, CN = GTS CA 1O1
   i:OU = GlobalSign Root CA - R2, O = GlobalSign, CN = GlobalSign
---

<omitted>


---
read R BLOCK
* OK Gimap ready for requests from XXX.XXX.XXX.XXX b125mb121879520ivb

 

Here, we see a valid connection has been made and matches how maileater connects to imap.gmail.com. 

 

See also:

Failed to connect to the Store error when using CA SDM maileater against Office 365 server
https://knowledge.broadcom.com/external/article?articleId=123126

Powered by Wolken Software