SSL handshake throwing "No common named group" exception

[hudcap]

First of all, thank you for this awesome software!

I'm running DavMail in server mode with SSL on Windows 11, using the standalone davmail version that comes with Java
Everything worked fine in 6.2.1-3496
Upgraded to 6.2.2-3546, and now when Gmail fetches via POP, Java throws a "No common named group" exception
It works fine when I test the connection from Python

Error log:

2024-07-03 09:59:07,566 INFO  [main] davmail  - DavMail Gateway 6.2.2-3546 listening on SMTP port 465 POP port 1110
2024-07-03 09:59:07,790 DEBUG [CheckRelease] davmail.http.HttpClientAdapter  - GET https://davmail.sourceforge.net/version.txt
2024-07-03 09:59:07,873 DEBUG [CheckRelease] davmail.http.DavGatewaySSLSocketFactory  - createSocket davmail.sourceforge.net 443
2024-07-03 09:59:08,226 DEBUG [CheckRelease] davmail.DavGateway  - DavMail released version: 6.2.2-3546
2024-07-03 09:59:30,613 DEBUG [davmail.pop.PopServer] davmail  - Connection from /*** on port 1110
2024-07-03 09:59:30,616 INFO  [davmail.pop.PopServer] davmail.connection  - CONNECT - ***
2024-07-03 09:59:30,670 DEBUG [PopConnection-***] davmail.http.DavGatewaySSLSocketFactory  - createSocket outlook.office365.com 443
2024-07-03 09:59:30,771 DEBUG [PopConnection-***] davmail.exchange.ExchangeSession  - Test configuration status: 401
2024-07-03 09:59:30,780 DEBUG [PopConnection-***] davmail  - > +OK DavMail 6.2.2-3546 POP ready at Wed Jul 03 09:59:30 EDT 2024
2024-07-03 09:59:30,789 ERROR [PopConnection-***] davmail  - No common named group
javax.net.ssl.SSLProtocolException: No common named group
        at java.base/sun.security.ssl.Alert.createSSLException(Unknown Source)
        at java.base/sun.security.ssl.Alert.createSSLException(Unknown Source)
        at java.base/sun.security.ssl.TransportContext.fatal(Unknown Source)
        at java.base/sun.security.ssl.TransportContext.fatal(Unknown Source)
        at java.base/sun.security.ssl.TransportContext.fatal(Unknown Source)
        at java.base/sun.security.ssl.KeyShareExtension$HRRKeyShareProducer.produce(Unknown Source)
        at java.base/sun.security.ssl.SSLExtension.produce(Unknown Source)
        at java.base/sun.security.ssl.SSLExtensions.produce(Unknown Source)
        at java.base/sun.security.ssl.ServerHello$T13HelloRetryRequestProducer.produce(Unknown Source)
        at java.base/sun.security.ssl.SSLHandshake.produce(Unknown Source)
        at java.base/sun.security.ssl.ClientHello$T13ClientHelloConsumer.goHelloRetryRequest(Unknown Source)
        at java.base/sun.security.ssl.ClientHello$T13ClientHelloConsumer.consume(Unknown Source)
        at java.base/sun.security.ssl.ClientHello$ClientHelloConsumer.onClientHello(Unknown Source)
        at java.base/sun.security.ssl.ClientHello$ClientHelloConsumer.consume(Unknown Source)
        at java.base/sun.security.ssl.SSLHandshake.consume(Unknown Source)
        at java.base/sun.security.ssl.HandshakeContext.dispatch(Unknown Source)
        at java.base/sun.security.ssl.HandshakeContext.dispatch(Unknown Source)
        at java.base/sun.security.ssl.TransportContext.dispatch(Unknown Source)
        at java.base/sun.security.ssl.SSLTransport.decode(Unknown Source)
        at java.base/sun.security.ssl.SSLSocketImpl.decode(Unknown Source)
        at java.base/sun.security.ssl.SSLSocketImpl.readHandshakeRecord(Unknown Source)
        at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
        at java.base/sun.security.ssl.SSLSocketImpl.ensureNegotiated(Unknown Source)
        at java.base/sun.security.ssl.SSLSocketImpl$AppOutputStream.write(Unknown Source)
        at java.base/java.io.BufferedOutputStream.flushBuffer(Unknown Source)
        at java.base/java.io.BufferedOutputStream.flush(Unknown Source)
        at davmail.AbstractConnection.sendClient(AbstractConnection.java:186)
        at davmail.pop.PopConnection.sendOK(PopConnection.java:289)
        at davmail.pop.PopConnection.run(PopConnection.java:99)
2024-07-03 09:59:30,796 DEBUG [PopConnection-***] davmail  - > -ERR No common named group
2024-07-03 09:59:30,801 DEBUG [PopConnection-***] davmail  - Exception sending error to client Connection or outbound has closed
java.net.SocketException: Connection or outbound has closed
        at java.base/sun.security.ssl.SSLSocketImpl$AppOutputStream.write(Unknown Source)
        at java.base/java.io.BufferedOutputStream.flushBuffer(Unknown Source)
        at java.base/java.io.BufferedOutputStream.flush(Unknown Source)
        at davmail.AbstractConnection.sendClient(AbstractConnection.java:186)
        at davmail.pop.PopConnection.sendERR(PopConnection.java:301)
        at davmail.pop.PopConnection.run(PopConnection.java:278)
2024-07-03 09:59:30,802 INFO  [PopConnection-***] davmail.connection  - DISCONNECT - ***```

[esabol]

My web searching says this error is due to a bug in Java 11.0.11 or a specific version of OpenJDK. What version of Java are you using? Which JDK? The solution might be to upgrade either or both.

https://bugs.openjdk.org/browse/JDK-8242565
https://stackoverflow.com/questions/68380510/java-11-0-11-ssl-handshake-fails-with-exception-no-common-named-group

[hudcap]

Thanks, I found that, but I'm using the standalone version of davmail, so I believe it's whatever Java comes packaged with davmail.
Also, when I restore the previous version into my active folder, everything works fine again, which shouldn't be the case if it was picking up some other Java on the system (which shouldn't exist, to my knowledge).

The reference bug seems to have been resolved a few years ago, so it's strange that a recent update would introduce it. Unless the bug was reintroduced to a new version of Java. I tried figuring out what changed in between versions, but couldn't make heads or tails of it.

[esabol]

Standalone version of DavMail? What do you mean?

[hudcap]

https://sourceforge.net/projects/davmail/files/davmail/6.2.2/davmail-6.2.2-3546-windows-standalone.zip/download
I guess I should add this to the original post

[esabol]

Ah, I don't use Windows. On Linux and the Mac (I think), you have to install Java separately to use DavMail. Maybe the standalone version for Windows just needs to include a newer version of Java or OpenJDK, but I don't know how that's packaged.

[hudcap]

Interesting. I'll try installing OpenJDK on the system and use the non-standalone version to see if that resolves the issue.
Thanks!
I'll leave the issue open, since I believe it's still a bug.

[hudcap]

Yup, that fixed it, thanks!
Had to follow this to get davmail to find the jvm.dll, but all is good now.

[mguessan]

This means we were unlucky and onboarded a JDK with the issue on release day, anyone can check latest trunk build from Github home page?

[esabol]

Ah, right. @hudcap , can you download https://ci.appveyor.com/api/projects/mguessan/davmail/artifacts/dist%2Fdavmail-6.2.2-trunk-windows-standalone.zip?job=Environment%3A%20JAVA_HOME%3DC%3A%5CProgram%20Files%5CJava%5Cjdk1.8.0 and test it? If it works, then this issue can be closed.

[hudcap]

@esabol Just tried it from that link and unfortunately, I am receiving the same error as before.

[esabol]

Then I guess the JDK included with the trunk builds has not been updated.