Java 7 ssl handshake fails when on Java 6 it works

Question

I'm using Ability Mail Server (AMS) tool to test my SMTP server network availablilty in variours configurations (SMTP, SMTP with TLS, SMTP over SSL, etc.). My server side is written on java and uses SubethaSmtp library for implemetation.

AMS works well and serves my testing needs good right until I decide to upgrade my server from java 6 to java 7. Since then, I'm unable to use this utility to test my SMTP over SSL and SMTP with TLS connectivity because with every attempt I'm getting:

Outgoing Route: Relay localhost:40125 rejected connection with

My other integration tests that also writthen on java was successful, but this problem is still bugs me. I'm unable to find out, what can be different.

My java 6 successful SSL handshake debug output

org.subethamail.smtp.server.Session-/127.0.0.1:51806, READ: TLSv1 Handshake, length = 205
org.subethamail.smtp.server.ServerThread *:40125, setSoTimeout(60000) called
*** ClientHello, TLSv1
RandomCookie:  GMT: 1366202273 bytes = { 29, 88, 44, 226, 58, 30, 188, 76, 46, 113, 18, 193, 226, 156, 129, 241, 160, 23, 39, 190, 177, 37, 141, 173, 175, 6, 125, 195 }
Session ID:  {}
Cipher Suites: [TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, Unknown 0x0:0x88, Unknown 0x0:0x87, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, Unknown 0x0:0x84, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, Unknown 0x0:0x9a, Unknown 0x0:0x99, Unknown 0x0:0x45, Unknown 0x0:0x44, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, Unknown 0x0:0x96, Unknown 0x0:0x41, SSL_RSA_WITH_IDEA_CBC_SHA, TLS_ECDHE_RSA_WITH_RC4_128_SHA, TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, TLS_ECDH_RSA_WITH_RC4_128_SHA, TLS_ECDH_ECDSA_WITH_RC4_128_SHA, SSL_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_RC4_128_MD5, SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5, SSL_RSA_EXPORT_WITH_RC4_40_MD5, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
Compression Methods:  { 0 }
Extension ec_point_formats, formats: [uncompressed, ansiX962_compressed_prime, ansiX962_compressed_char2]
Extension elliptic_curves, curve names: {sect163k1, sect163r1, sect163r2, sect193r1, sect193r2, sect233k1, sect233r1, sect239k1, sect283k1, sect283r1, sect409k1, sect409r1, sect571k1, sect571r1, secp160k1, secp160r1, secp160r2, secp192k1, secp192r1, secp224k1, secp224r1, secp256k1, secp256r1, secp384r1, secp521r1}
Unsupported extension type_35, data: 
***
%% Created:  [Session-1, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA]
*** ServerHello, TLSv1
RandomCookie:  GMT: 1366202273 bytes = { 239, 167, 83, 82, 189, 146, 43, 152, 2, 25, 247, 132, 153, 169, 208, 74, 207, 219, 235, 179, 154, 225, 199, 147, 238, 91, 114, 53 }
Session ID:  {81, 111, 152, 161, 109, 178, 13, 166, 232, 166, 36, 148, 10, 94, 92, 222, 61, 86, 245, 119, 215, 130, 31, 150, 99, 74, 121, 252, 181, 255, 30, 22}
Cipher Suite: SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA
Compression Method: 0
Extension renegotiation_info, renegotiated_connection: <empty>
***
Cipher suite:  SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA
*** Certificate chain
Finalizer, called close()
Finalizer, called closeInternal(true)
Finalizer, called closeSocket(selfInitiated)
chain [0] = [
[
  Version: V3
  Subject: CN=U, OU=U, O=U, L=Unknown, ST=Unknown, C=Unknown
  Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11

  Key:  Sun RSA public key, 2048 bits
  modulus: 16529753809247247111312284751522134978177807492128325820211425902224490010793234062180928535488108823704586950959318642289246645463583464189812207858850010614046945230962602914709480782247492980056070065328765412779951346605688731554625592721596539401530793434052536122002537683254913189373178145181405215449627192067321602357247727580287704588004112308611398315890251445283600299225291631455558225388037583805230035932707731947473961715066552985380371964947081577833023069202844021620640680874794841415527496125781091471359903204493217693952167487019116813691991952393229097684735681407566394557493095017917012563127
  public exponent: 65537
  Validity: [From: Tue Sep 18 11:41:33 GMT+04:00 2012,
               To: Wed Sep 18 11:41:33 GMT+04:00 2013]
  Issuer: CN=U, OU=U, O=U, L=Unknown, ST=Unknown, C=Unknown
  SerialNumber: [    6e640d68]

Certificate Extensions: 1
[1]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 07 CC 44 CE D3 FD EA 07   18 67 A0 BE F0 70 E9 97  ..D......g...p..
0010: D2 D7 1B E3                                        ....
]
]

]
  Algorithm: [SHA256withRSA]
  Signature:
0000: 12 8A E0 40 EB 91 7F 6D   A5 06 E8 F8 A2 CD D5 EF  ...@...m........
0010: AC E1 3A 95 7C 99 09 D7   04 AA 5E 59 4D FC 45 92  ..:.......^YM.E.
0020: CD 9F 58 95 8F F1 F4 17   D4 73 8D B4 D3 BC 8C DD  ..X......s......
0030: 99 C7 47 5D 4E 22 43 BA   74 C1 4B 2B 76 98 1A AA  ..G]N"C.t.K+v...
0040: 1F 6A 62 1E 1E 2B BD 13   3D 36 97 36 05 7F 31 F1  .jb..+..=6.6..1.
0050: 68 A9 60 E1 94 74 84 6A   60 68 B4 8A ED 94 04 43  h.`..t.j`h.....C
0060: 0F 89 D2 83 4F D2 A4 4F   E7 24 D5 AE 13 7A CD F2  ....O..O.$...z..
0070: 4D AE DA B2 4C 27 C8 97   7D 10 20 13 A6 B5 83 A5  M...L'.... .....
0080: 79 96 52 CE C0 BC 2F 1E   67 7C 49 DC 3D 2E 55 24  y.R.../.g.I.=.U$
0090: 73 5E F1 95 10 6C 9A 21   1E 5F 2D 9B 75 7A D8 31  s^...l.!._-.uz.1
00A0: 59 42 B0 6C AD 86 6E 05   D9 59 86 67 16 E5 AD C1  YB.l..n..Y.g....
00B0: E8 6C 21 15 19 8A 85 D8   70 59 B4 51 D6 3D 16 CE  .l!.....pY.Q.=..
00C0: 2D AD 7B E8 08 32 0D B7   2F F0 15 1C 12 EE 9F 18  -....2../.......
00D0: C3 DE 61 16 C4 D3 A4 1A   F2 1E E0 C5 BA 28 49 B8  ..a..........(I.
00E0: 70 0E 19 21 6E 1B 47 CA   1E E9 A0 33 D9 23 D5 CF  p..!n.G....3.#..
00F0: CE 91 71 AA 6B 54 0B 24   49 4A CE 2F 92 6D 4D DA  ..q.kT.$IJ./.mM.

]
***
*** Diffie-Hellman ServerKeyExchange
DH Modulus:  { 233, 230, 66, 89, 157, 53, 95, 55, 201, 127, 253, 53, 103, 18, 11, 142, 37, 201, 205, 67, 233, 39, 179, 169, 103, 15, 190, 197, 216, 144, 20, 25, 34, 210, 195, 179, 173, 36, 128, 9, 55, 153, 134, 157, 30, 132, 106, 171, 73, 250, 176, 173, 38, 210, 206, 106, 34, 33, 157, 71, 11, 206, 125, 119, 125, 74, 33, 251, 233, 194, 112, 181, 127, 96, 112, 2, 243, 206, 248, 57, 54, 148, 207, 69, 238, 54, 136, 193, 26, 140, 86, 171, 18, 122, 61, 175 }
DH Base:  { 48, 71, 10, 213, 160, 5, 251, 20, 206, 45, 157, 205, 135, 227, 139, 199, 209, 177, 197, 250, 203, 174, 203, 233, 95, 25, 10, 167, 163, 29, 35, 196, 219, 188, 190, 6, 23, 69, 68, 64, 26, 91, 44, 2, 9, 101, 216, 194, 189, 33, 113, 211, 102, 132, 69, 119, 31, 116, 186, 8, 77, 32, 41, 216, 60, 28, 21, 133, 71, 243, 169, 241, 162, 113, 91, 226, 61, 81, 174, 77, 62, 90, 31, 106, 112, 100, 243, 22, 147, 58, 52, 109, 63, 82, 146, 82 }
Server DH Public Key:  { 196, 174, 239, 97, 244, 9, 222, 141, 94, 81, 143, 199, 56, 23, 160, 164, 140, 162, 44, 78, 243, 75, 44, 208, 229, 164, 90, 214, 232, 7, 55, 101, 24, 164, 116, 13, 189, 175, 113, 183, 170, 161, 229, 93, 86, 216, 238, 9, 179, 130, 120, 140, 173, 190, 119, 34, 131, 169, 114, 230, 223, 139, 79, 128, 46, 17, 200, 81, 229, 13, 176, 73, 129, 204, 10, 243, 197, 24, 174, 152, 108, 11, 14, 58, 168, 9, 11, 49, 222, 189, 117, 125, 126, 49, 230, 250 }
Signed with a DSA or RSA public key
*** ServerHelloDone
org.subethamail.smtp.server.Session-/127.0.0.1:51806, WRITE: TLSv1 Handshake, length = 1570
org.subethamail.smtp.server.Session-/127.0.0.1:51806, READ: TLSv1 Handshake, length = 102
*** ClientKeyExchange, DH
DH Public key:  { 95, 208, 98, 2, 159, 50, 206, 212, 96, 80, 180, 201, 119, 130, 53, 165, 5, 81, 35, 243, 18, 0, 100, 250, 160, 150, 10, 60, 129, 126, 9, 130, 58, 236, 226, 104, 238, 19, 255, 109, 213, 240, 24, 22, 47, 10, 6, 114, 91, 199, 56, 238, 79, 158, 30, 199, 90, 16, 174, 112, 202, 125, 87, 70, 101, 86, 131, 15, 73, 103, 223, 186, 196, 132, 4, 54, 46, 6, 58, 211, 70, 213, 246, 244, 250, 125, 1, 175, 155, 197, 68, 73, 224, 19, 133, 189 }
SESSION KEYGEN:
PreMaster Secret:
0000: 68 1E 91 97 0A 91 6A E3   B2 41 17 32 41 B9 80 24  h.....j..A.2A..$
0010: 4F C8 84 F2 7F C7 D8 F5   28 BB 84 82 4E C9 C3 53  O.......(...N..S
0020: 0B B8 10 3E 08 0B C0 87   D8 2D FB A1 BA D4 1C FB  ...>.....-......
0030: 01 DA 8F F2 10 E0 63 EA   BF 41 90 D5 25 1C EC 52  ......c..A..%..R
0040: 00 6A 33 92 C3 84 78 C4   2D 5B 8D 87 9A CE CC E9  .j3...x.-[......
0050: 23 36 49 58 9C 20 20 15   DD 4D AC 01 10 FE D6 DD  #6IX.  ..M......
CONNECTION KEYGEN:
Client Nonce:
0000: 51 6F 98 A1 1D 58 2C E2   3A 1E BC 4C 2E 71 12 C1  Qo...X,.:..L.q..
0010: E2 9C 81 F1 A0 17 27 BE   B1 25 8D AD AF 06 7D C3  ......'..%......
Server Nonce:
0000: 51 6F 98 A1 EF A7 53 52   BD 92 2B 98 02 19 F7 84  Qo....SR..+.....
0010: 99 A9 D0 4A CF DB EB B3   9A E1 C7 93 EE 5B 72 35  ...J.........[r5
Master Secret:
0000: DD 91 8B 8B 81 B8 DA 9F   EC 60 E9 F4 DF 0E C3 27  .........`.....'
0010: F8 BD 3E B1 A7 28 03 FB   A7 E7 24 DB D6 80 D5 3F  ..>..(....$....?
0020: 8C 90 F0 EF 31 65 51 03   20 CB CA 12 D8 0A 05 AB  ....1eQ. .......
Client MAC write Secret:
0000: F2 6C AE B6 C0 3B 2D D7   8E 7C D7 00 6A 3B 80 D3  .l...;-.....j;..
0010: 16 73 B2 57                                        .s.W
Server MAC write Secret:
0000: 69 2C A7 C1 32 B9 D3 3A   FD 30 15 F0 78 4E DE 76  i,..2..:.0..xN.v
0010: 6B F2 EE F2                                        k...
Client write key:
0000: C3 33 CC EC 07 6C 4F 51   1C B6 14 74 29 6C 82 59  .3...lOQ...t)l.Y
0010: 02 1D A1 99 EA 4A 10 45                            .....J.E
Server write key:
0000: 4B 6F 90 B3 C3 C0 00 35   EA DF 0F C7 7F 2D 77 3A  Ko.....5.....-w:
0010: 12 C8 34 C9 8B 6E E6 7E                            ..4..n..
Client write IV:
0000: C2 23 F2 38 C0 E2 46 99                            .#.8..F.
Server write IV:
0000: 08 CC 53 9B 23 D6 23 6B                            ..S.#.#k
org.subethamail.smtp.server.Session-/127.0.0.1:51806, READ: TLSv1 Change Cipher Spec, length = 1
org.subethamail.smtp.server.Session-/127.0.0.1:51806, READ: TLSv1 Handshake, length = 40
*** Finished
verify_data:  { 76, 73, 162, 146, 43, 189, 56, 224, 219, 30, 197, 162 }
***
org.subethamail.smtp.server.Session-/127.0.0.1:51806, WRITE: TLSv1 Change Cipher Spec, length = 1
*** Finished
verify_data:  { 253, 203, 94, 73, 30, 8, 230, 39, 100, 105, 142, 219 }
***
org.subethamail.smtp.server.Session-/127.0.0.1:51806, WRITE: TLSv1 Handshake, length = 40
%% Cached server session: [Session-1, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA]
org.subethamail.smtp.server.Session-/127.0.0.1:51806, WRITE: TLSv1 Application Data, length = 80
org.subethamail.smtp.server.Session-/127.0.0.1:51806, READ: TLSv1 Application Data, length = 24
org.subethamail.smtp.server.Session-/127.0.0.1:51806, READ: TLSv1 Application Data, length = 48
org.subethamail.smtp.server.Session-/127.0.0.1:51806, WRITE: TLSv1 Application Data, length = 24
org.subethamail.smtp.server.Session-/127.0.0.1:51806, WRITE: TLSv1 Application Data, length = 80
org.subethamail.smtp.server.Session-/127.0.0.1:51806, READ: TLSv1 Alert, length = 24
org.subethamail.smtp.server.Session-/127.0.0.1:51806, RECV TLSv1 ALERT:  warning, close_notify
org.subethamail.smtp.server.Session-/127.0.0.1:51806, called closeInternal(false)
org.subethamail.smtp.server.Session-/127.0.0.1:51806, SEND TLSv1 ALERT:  warning, description = close_notify
org.subethamail.smtp.server.Session-/127.0.0.1:51806, WRITE: TLSv1 Alert, length = 24
org.subethamail.smtp.server.Session-/127.0.0.1:51806, called closeSocket(selfInitiated)
org.subethamail.smtp.server.Session-/127.0.0.1:51806, called close()
org.subethamail.smtp.server.Session-/127.0.0.1:51806, called closeInternal(true)
org.subethamail.smtp.server.Session-/127.0.0.1:51806, called close()
org.subethamail.smtp.server.Session-/127.0.0.1:51806, called closeInternal(true)

My java 7 always failing SSL handshake debug output

Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
org.subethamail.smtp.server.ServerThread *:40125, setSoTimeout(60000) called
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for SSLv2Hello
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for SSLv2Hello
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for SSLv2Hello
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for SSLv2Hello
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for SSLv2Hello
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for SSLv2Hello
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for SSLv2Hello
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for SSLv3
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for SSLv3
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for SSLv3
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for SSLv3
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for SSLv3
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for SSLv3
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for SSLv3
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for TLSv1.1
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA
org.subethamail.smtp.server.Session-/127.0.0.1:51856, READ: TLSv1 Handshake, length = 205
*** ClientHello, TLSv1
RandomCookie:  GMT: 1366202735 bytes = { 148, 248, 66, 243, 154, 205, 184, 147, 105, 230, 198, 110, 97, 132, 40, 233, 246, 125, 120, 183, 97, 219, 182, 40, 20, 87, 103, 53 }
Session ID:  {}
Cipher Suites: [TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_CAMELLIA_256_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_SEED_CBC_SHA, TLS_DHE_DSS_WITH_SEED_CBC_SHA, TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_SEED_CBC_SHA, TLS_RSA_WITH_CAMELLIA_128_CBC_SHA, SSL_RSA_WITH_IDEA_CBC_SHA, TLS_ECDHE_RSA_WITH_RC4_128_SHA, TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, TLS_ECDH_RSA_WITH_RC4_128_SHA, TLS_ECDH_ECDSA_WITH_RC4_128_SHA, SSL_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_RC4_128_MD5, SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5, SSL_RSA_EXPORT_WITH_RC4_40_MD5, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
Compression Methods:  { 0 }
Extension ec_point_formats, formats: [uncompressed, ansiX962_compressed_prime, ansiX962_compressed_char2]
Extension elliptic_curves, curve names: {sect163k1, sect163r1, sect163r2, sect193r1, sect193r2, sect233k1, sect233r1, sect239k1, sect283k1, sect283r1, sect409k1, sect409r1, sect571k1, sect571r1, secp160k1, secp160r1, secp160r2, secp192k1, secp192r1, secp224k1, secp224r1, secp256k1, secp256r1, secp384r1, secp521r1}
Unsupported extension type_35, data: 
***
%% Initialized:  [Session-1, SSL_NULL_WITH_NULL_NULL]
matching alias: server_certificate
%% Negotiating:  [Session-1, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA]
*** ServerHello, TLSv1
RandomCookie:  GMT: 1366202735 bytes = { 218, 177, 74, 98, 93, 153, 110, 141, 95, 69, 218, 102, 107, 215, 209, 26, 0, 157, 60, 33, 94, 70, 40, 77, 46, 103, 173, 224 }
Session ID:  {81, 111, 153, 111, 235, 17, 119, 190, 82, 45, 15, 130, 77, 69, 37, 136, 91, 110, 135, 121, 204, 13, 56, 171, 101, 52, 110, 122, 85, 126, 15, 109}
Cipher Suite: TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
Compression Method: 0
Extension renegotiation_info, renegotiated_connection: <empty>
***
Cipher suite:  TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
*** Certificate chain
chain [0] = [
[
  Version: V3
  Subject: CN=U, OU=U, O=U, L=Unknown, ST=Unknown, C=Unknown
  Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11

  Key:  Sun RSA public key, 2048 bits
  modulus: 16529753809247247111312284751522134978177807492128325820211425902224490010793234062180928535488108823704586950959318642289246645463583464189812207858850010614046945230962602914709480782247492980056070065328765412779951346605688731554625592721596539401530793434052536122002537683254913189373178145181405215449627192067321602357247727580287704588004112308611398315890251445283600299225291631455558225388037583805230035932707731947473961715066552985380371964947081577833023069202844021620640680874794841415527496125781091471359903204493217693952167487019116813691991952393229097684735681407566394557493095017917012563127
  public exponent: 65537
  Validity: [From: Tue Sep 18 11:41:33 GMT+04:00 2012,
         To: Wed Sep 18 11:41:33 GMT+04:00 2013]
  Issuer: CN=U, OU=U, O=U, L=Unknown, ST=Unknown, C=Unknown
  SerialNumber: [    6e640d68]

Certificate Extensions: 1
[1]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 07 CC 44 CE D3 FD EA 07   18 67 A0 BE F0 70 E9 97  ..D......g...p..
0010: D2 D7 1B E3                                        ....
]
]

]
  Algorithm: [SHA256withRSA]
  Signature:
0000: 12 8A E0 40 EB 91 7F 6D   A5 06 E8 F8 A2 CD D5 EF  ...@...m........
0010: AC E1 3A 95 7C 99 09 D7   04 AA 5E 59 4D FC 45 92  ..:.......^YM.E.
0020: CD 9F 58 95 8F F1 F4 17   D4 73 8D B4 D3 BC 8C DD  ..X......s......
0030: 99 C7 47 5D 4E 22 43 BA   74 C1 4B 2B 76 98 1A AA  ..G]N"C.t.K+v...
0040: 1F 6A 62 1E 1E 2B BD 13   3D 36 97 36 05 7F 31 F1  .jb..+..=6.6..1.
0050: 68 A9 60 E1 94 74 84 6A   60 68 B4 8A ED 94 04 43  h.`..t.j`h.....C
0060: 0F 89 D2 83 4F D2 A4 4F   E7 24 D5 AE 13 7A CD F2  ....O..O.$...z..
0070: 4D AE DA B2 4C 27 C8 97   7D 10 20 13 A6 B5 83 A5  M...L'.... .....
0080: 79 96 52 CE C0 BC 2F 1E   67 7C 49 DC 3D 2E 55 24  y.R.../.g.I.=.U$
0090: 73 5E F1 95 10 6C 9A 21   1E 5F 2D 9B 75 7A D8 31  s^...l.!._-.uz.1
00A0: 59 42 B0 6C AD 86 6E 05   D9 59 86 67 16 E5 AD C1  YB.l..n..Y.g....
00B0: E8 6C 21 15 19 8A 85 D8   70 59 B4 51 D6 3D 16 CE  .l!.....pY.Q.=..
00C0: 2D AD 7B E8 08 32 0D B7   2F F0 15 1C 12 EE 9F 18  -....2../.......
00D0: C3 DE 61 16 C4 D3 A4 1A   F2 1E E0 C5 BA 28 49 B8  ..a..........(I.
00E0: 70 0E 19 21 6E 1B 47 CA   1E E9 A0 33 D9 23 D5 CF  p..!n.G....3.#..
00F0: CE 91 71 AA 6B 54 0B 24   49 4A CE 2F 92 6D 4D DA  ..q.kT.$IJ./.mM.

]
***
*** ECDH ServerKeyExchange
Server key: Sun EC public key, 163 bits
  public x coord: 9136528840887878846890758313033245846487987894913
  public y coord: 10222364285200404385822101945158338799500469323918
  parameters: sect163k1 [NIST K-163] (1.3.132.0.1)
*** ServerHelloDone
org.subethamail.smtp.server.Session-/127.0.0.1:51856, WRITE: TLSv1 Handshake, length = 1323
org.subethamail.smtp.server.Session-/127.0.0.1:51856, received EOFException: error
org.subethamail.smtp.server.Session-/127.0.0.1:51856, handling exception: javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
%% Invalidated:  [Session-1, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA]
org.subethamail.smtp.server.Session-/127.0.0.1:51856, SEND TLSv1 ALERT:  fatal, description = handshake_failure
org.subethamail.smtp.server.Session-/127.0.0.1:51856, WRITE: TLSv1 Alert, length = 2
org.subethamail.smtp.server.Session-/127.0.0.1:51856, called closeSocket()
Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
org.subethamail.smtp.server.ServerThread *:40125, setSoTimeout(60000) called
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for SSLv2Hello
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for SSLv2Hello
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for SSLv2Hello
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for SSLv2Hello
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for SSLv2Hello
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for SSLv2Hello
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for SSLv2Hello
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for SSLv3
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for SSLv3
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for SSLv3
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for SSLv3
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for SSLv3
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for SSLv3
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for SSLv3
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for TLSv1.1
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA
org.subethamail.smtp.server.Session-/127.0.0.1:51856, called close()
org.subethamail.smtp.server.Session-/127.0.0.1:51856, called closeInternal(true)
org.subethamail.smtp.server.Session-/127.0.0.1:51856, called close()
org.subethamail.smtp.server.Session-/127.0.0.1:51856, called closeInternal(true)

My SMTP over SSL server implementation

private static class SmtpServer extends SMTPServer {

    private SSLContext context;

    protected SmtpServer(MessageHandlerFactory factory, SSLContext context) {
        super(factory);
        this.context = context;
    }

    @Override
    public SSLSocket createSSLSocket(Socket socket) throws IOException {
        InetSocketAddress remoteAddress = (InetSocketAddress) socket.getRemoteSocketAddress();
        SSLSocketFactory sf = context.getSocketFactory();
        SSLSocket s = (SSLSocket) sf.createSocket(socket, remoteAddress.getHostName(), socket.getPort(), true);
        // we are the server
        s.setUseClientMode(false);
        return s;
    }

}

Implementation has no differences what so ever. The only difference is version of JDK.

I can't find out, what can go wrong during handshake. Is it testing utility problem or should I perform any steps to fix this error from ever happening?

Answer 1

Problem was solved by updating to latest version of openssl distribution binaries, located inside Ability Mail Server installation folder. AMS running with latest version of DLLs don't have described problem.

In other words, answering my own question: This problem was not on our side.