Hi ,
I dont have much idea about SSL/TLS so please correct me if I have put anything wrong . I am working on sending alert mails using
JAVA Mail API using SMTP protocol . The mail server can be anything like gmail ,hotmail etc.
Now gmail and hotmail works over secure layer . From the net and the examples I have tried , I have found that HOTMAIL works only over TLS , SSL cant't be used for hotmail. While GMAIL works both over SSL and TLS
i.e for HOTMAIL only the following property setting works :-
Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
Properties props = new Properties();
props.put("mail.host","smtp.live.com");
props.put("mail.smtp.port", 587);
props.put("mail.smtp.auth", "true");
While for Gmail both sets of configuration works :-
1) Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
Properties props = new Properties();
props.put("mail.host","smtp.gmail.com");
props.put("mail.smtp.port", 587);
props.put("mail.smtp.auth", "true");
2)
Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
Properties props = new Properties();
props.put("mail.host","smtp.gmail.com");
props.put("mail.smtp.port", 465);
props.put("mail.smtp.socketFactory.class","javax.net.ssl.SSLSocketFactory");
props.put("mail.smtp.socketFactory.fallback", "false");
props.setProperty("mail.smtp.quitwait", "false");
props.put("mail.smtp.auth", "true");
Note the port has to be 587 in first set of configuration and 465 in second .
So I have the following doubts in my mind
1) I have read that TLS is a newer version of SSL but they are almost similar . What is exactly the difference between TLS and SSL . When specific cases each will be used (examples will be appreciated) .
2 ) Are all those mail servers which requires SSL autentication , will work with TLS .i.e like GMAIL ,all those servers which require SSL authentication ,the first set of configuration will work always ?
3) I have come across this post ->
http://stackoverflow.com/questions/411331/using-javamail-with-tls which says :-
"props.put("mail.smtp.socketFactory.class", "javax.net.ssl.SSLSocketFactory");
is mandatory if the SMTP server uses SSL Authentication, like the GMail SMTP server does. However if the server uses Plaintext Authentication over TLS, it should not be present, because Java Mail will complain about the initial connection being plaintext. "
What is "Plaintext Authentication over TLS" and how is it different from SSL authentication ?
Thanks in advance