Enabling TLS 1.2 in WSO2 EI
If you have used WSO2 EI, you probably already know that we have a MailTo Transport thats supports sending E-Mail over SMTP.
Incase you haven’t, you can learn more on it here : WSO2 MAIL TO TRANSPORT
Given that you probably already know most mail servers including AWS SES, have made TLS 1.2 the minimum TLS protocol level.
Therefore we need to update the WSO2 EI servers to enable TLS 1.2 for SMTP SSL protocols and make sure that the mail sending functionality works smoothly.
Therefore to proceed with this we need to add a global level configuration to set the TLS protocol to TLS 1.2.
We can enable it by adding the below java options flags to your startup shell script and restarting the severs.
-Dmail.smtp.ssl.protocols=TLSv1.2 \
-Djdk.tls.client.protocols=TLSv1.2 \The shell scripts can be found :
- EI: <EI_HOME>/bin/integrator.sh
Once this is added you may not observe issues such as below
ERROR {org.apache.axis2.transport.mail.MailTransportSender} - Error creating mail message or sending it to the configured server {org.apache.axis2.transport.mail.MailTransportSender}
com.sun.mail.smtp.SMTPSendFailedException: 554 Access denied: Amazon SES no longer supports TLS 1.0 and TLS 1.1 connections. You must update your client to use TLS version 1.2 or above. To learn more and to update your clientHope this helps you when developing your mail senders .. :)
