SMTP and TLS

Peter · September 26, 2025, 12:02am

Our corporate SMTP server requires TLS1.2. I expected that all that would be required is to tick the TLS box for mail in Lucee Administrator. It didn’t work. As an interim solution I used the local Windows SMTP Service as a relay. On revisiting this, AI suggested adding the following Java Options to the Tomcat settings.

-Dmail.smtp.ssl.protocols=TLSv1.2
-Dmail.smtp.starttls.enable=true
-Dmail.smtp.starttls.required=true

The TLS box now works. Is this the correct procedure to get Lucee mail to use TLS1.2 ?

Lucee 6.2.2.91, Java 21.0.8, Tomcat 11.0.11, Windows 2022.

dawesi · September 30, 2025, 7:45am

Thanks #watching thread

BK_BK · November 4, 2025, 10:13am

Yes, I think that is the correct way to get Lucee mail to use TLS 1.2.

Zackster · November 4, 2025, 12:30pm

The problem is currently Lucee announces all the versions it supports, given it’s 2025, i think we should consider not announcing by default versions less than 1.2, and perhaps exposing via the smtp settings the protocol

github.com

lucee/Lucee/blob/7.0/core/src/main/java/lucee/runtime/net/mail/MailUtil.java#L230


      
          			}
          		}
          		return addr;
          	}
          
          	/**
          	 * This method should be called when TLS is used to ensure that the supported protocols are set.
          	 * Some servers, e.g. Outlook365, reject lists with older protocols so we only pass protocols that
          	 * start with the prefix "TLS"
          	 */
          	public static void setSystemPropMailSslProtocols() {
          		String protocols = SystemUtil.getSystemPropOrEnvVar(SYSTEM_PROP_MAIL_SSL_PROTOCOLS, "");
          		if (protocols.isEmpty()) {
          			List<String> supportedProtocols = SSLConnectionSocketFactoryImpl.getSupportedSslProtocols();
          			protocols = supportedProtocols.stream().filter(el -> el.startsWith("TLS")).collect(Collectors.joining(" "));
          			if (!protocols.isEmpty()) {
          				System.setProperty(SYSTEM_PROP_MAIL_SSL_PROTOCOLS, protocols);
          				Config config = ThreadLocalPageContext.getConfig();
          				if (config != null)
          					ThreadLocalPageContext.getLog(config, "mail").info("mail", "Lucee system property " + SYSTEM_PROP_MAIL_SSL_PROTOCOLS + " set to [" + protocols + "]");
          			}

Zackster · November 6, 2025, 10:15am

Allow specifying tlsProtocol(s) in mail server definitions

https://luceeserver.atlassian.net/browse/LDEV-5892

default to only TLS v1.2 and newer for SMTP

https://luceeserver.atlassian.net/browse/LDEV-5893