You are viewing a plain text version of this content. The canonical link for it is here.
Posted to server-dev@james.apache.org by Vincenzo Gianferrari Pini <vi...@praxis.it> on 2005/01/10 11:04:53 UTC
Re: JDK 1.5. and secure Pop (James)
Hello Ralf,
Did you put the SunJCE provider jars in the <james>/lib directory (*not*
in the <james>/apps/james/SAR-INF/lib)? The james classloader loads from
there, not from the jre/lib. The jre/lib/security/java.security
registration entry obviously must be in place, but the jars must be in
the said above library.
As another option/example, have a look at the currrent branch_2_1_fcs in
SVN: you find three BouncyCastle jars already in <james>/lib (they are
needed - because of SMIME support - by the SMIMESign mailet); the
registration is automatically done (statically) by
org.apache.james.security.KeyHolder when loaded by
org.apache.james.transport.mailets.SMIMESign - if such mailet is
referenced in config.xml. You may otherwise register
org.bouncycastle.jce.provider.BouncyCastleProvider in
jre/lib/security/java.security.
Let me know,
Vincenzo
P.S. I'm posting this mail also to the server-dev list as it may be of interest to others.
Ralf Hauser wrote:
>Vincenzo,
>
>You had shown some interest in secure james services in
>http://issues.apache.org/jira/browse/JAMES-301 .
>Now, I am trying to get james2.2.0 working with JDK1.5 and I get strange
>errors when using TLS/SSL with the pop3server:
>a) When accessing with outlook, it dies with "bad handshake record MAC"
>(Stacktrace below PS 1)
>b) When accessing it with thunderbird, it dies with "DiffieHellman
>KeyPairGenerator not available" (Stacktrace in PS 2)
>
>I noticed that the SunJCE provider is not registered in
>java.security.Security despite being put into the
>jre/lib/security/java.security file, but manually doing this in the
>pop3server.init()results in:
>Reason: java.lang.NoClassDefFoundError: com/sun/crypto/provider/SunJCE).
>Reading
>http://java.sun.com/j2se/1.5.0/docs/guide/security/jce/JCERefGuide.html#Inst
>allProvider didn't really
>
>Any idea what happens? (or might the swallowed parts of the Stacktrace
>reveal more - how can I get them printed in full?)
>
> Many thanks for any hints in advance!
>
> Ralf
>
>
>PS 1: and with outlook and jdk1.5 and jam2.2.0, I get
>javax.net.ssl.SSLException: Connection has been shutdown:
>javax.net.ssl.SSLHandshakeException: bad handshake record MAC
> at
>com.sun.net.ssl.internal.ssl.SSLSocketImpl.checkEOF(SSLSocketImpl.java:1154)
> at
>com.sun.net.ssl.internal.ssl.AppInputStream.read(AppInputStream.java:65)
> at java.io.BufferedInputStream.read1(BufferedInputStream.java:254)
> at java.io.BufferedInputStream.read(BufferedInputStream.java:313)
> at
>sun.nio.cs.StreamDecoder$CharsetSD.readBytes(StreamDecoder.java:411)
> at
>sun.nio.cs.StreamDecoder$CharsetSD.implRead(StreamDecoder.java:453)
> at sun.nio.cs.StreamDecoder.read(StreamDecoder.java:183)
> at java.io.InputStreamReader.read(InputStreamReader.java:167)
> at java.io.BufferedReader.fill(BufferedReader.java:136)
> at java.io.BufferedReader.read(BufferedReader.java:157)
> at
>org.apache.james.util.CRLFTerminatedReader.readLine(CRLFTerminatedReader.jav
>a:98)
> at
>com.privasphere.privalope.mail.JamesPOP3Handler.readCommandLine(JamesPOP3Han
>dler.java:485)
> at
>com.privasphere.privalope.mail.JamesPOP3Handler.handleConnection(JamesPOP3Ha
>ndler.java:309)
> at
>org.apache.james.util.connection.ServerConnection$ClientConnectionRunner.run
>(ServerConnection.java:417)
> at
>org.apache.james.util.thread.ExecutableRunnable.execute(ExecutableRunnable.j
>ava:55)
> at
>org.apache.james.util.thread.WorkerThread.run(WorkerThread.java:90)
>Caused by: javax.net.ssl.SSLHandshakeException: bad handshake record MAC
> at
>com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:150)
> at
>com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1476)
> at
>com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1438)
> at
>com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:778
>)
> at
>com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocket
>Impl.java:1025)
> at
>com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:61
>9)
> at
>com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:59)
> at
>java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65)
> at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:123)
> at
>sun.nio.cs.StreamEncoder$CharsetSE.implFlush(StreamEncoder.java:410)
> at sun.nio.cs.StreamEncoder.flush(StreamEncoder.java:152)
> at java.io.OutputStreamWriter.flush(OutputStreamWriter.java:213)
> at java.io.BufferedWriter.flush(BufferedWriter.java:236)
> at java.io.PrintWriter.flush(PrintWriter.java:270)
> at
>org.apache.james.util.InternetPrintWriter.println(InternetPrintWriter.java:9
>0)
> at java.io.PrintWriter.flush(PrintWriter.java:270)
> at
>org.apache.james.util.InternetPrintWriter.println(InternetPrintWriter.java:9
>0)
> at
>org.apache.james.util.InternetPrintWriter.println(InternetPrintWriter.java:1
>87)
> at
>com.privasphere.privalope.mail.JamesPOP3Handler.handleConnection(JamesPOP3Ha
>ndler.java:301)
> ... 3 more
>DEBUG [default Worker #11] (JamesPOP3Handler.java:269) -
>socket.getLocalPort():
>2995, remoteIP: 81.63.33.47, remoteHost: 47.33.63.81.cust.bluewin.ch
>DEBUG [default Worker #11] (JamesPOP3Handler.java:322) - Connection has been
>shutdown: javax.net.ssl.SSLHandshakeException: Remote host closed connection
>during handshake
>javax.net.ssl.SSLException: Connection has been shutdown:
>javax.net.ssl.SSLHandshakeException: Remote host closed connection during
>handshake
> at
>com.sun.net.ssl.internal.ssl.SSLSocketImpl.checkEOF(SSLSocketImpl.java:1154)
> at
>com.sun.net.ssl.internal.ssl.AppInputStream.read(AppInputStream.java:65)
> at java.io.BufferedInputStream.read1(BufferedInputStream.java:254)
> at java.io.BufferedInputStream.read(BufferedInputStream.java:313)
> at
>sun.nio.cs.StreamDecoder$CharsetSD.readBytes(StreamDecoder.java:411)
> at
>sun.nio.cs.StreamDecoder$CharsetSD.implRead(StreamDecoder.java:453)
> at sun.nio.cs.StreamDecoder.read(StreamDecoder.java:183)
> at java.io.InputStreamReader.read(InputStreamReader.java:167)
> at java.io.BufferedReader.fill(BufferedReader.java:136)
> at java.io.BufferedReader.read(BufferedReader.java:157)
> at
>org.apache.james.util.CRLFTerminatedReader.readLine(CRLFTerminatedReader.jav
>a:98)
> at
>com.privasphere.privalope.mail.JamesPOP3Handler.readCommandLine(JamesPOP3Han
>dler.java:485)
> at
>com.privasphere.privalope.mail.JamesPOP3Handler.handleConnection(JamesPOP3Ha
>ndler.java:309)
> at
>org.apache.james.util.connection.ServerConnection$ClientConnectionRunner.run
>(ServerConnection.java:417)
> at
>org.apache.james.util.thread.ExecutableRunnable.execute(ExecutableRunnable.j
>ava:55)
> at
>org.apache.james.util.thread.WorkerThread.run(WorkerThread.java:90)
>Caused by: javax.net.ssl.SSLHandshakeException: Remote host closed
>connection
>during handshake
> at
>com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:739
>)
> at
>com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocket
>Impl.java:1025)
> at
>com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:61
>9)
> at
>com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:59)
> at
>java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65)
> at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:123)
> at
>sun.nio.cs.StreamEncoder$CharsetSE.implFlush(StreamEncoder.java:410)
> at sun.nio.cs.StreamEncoder.flush(StreamEncoder.java:152)
> at java.io.OutputStreamWriter.flush(OutputStreamWriter.java:213)
> at java.io.BufferedWriter.flush(BufferedWriter.java:236)
> at java.io.PrintWriter.flush(PrintWriter.java:270)
> at
>org.apache.james.util.InternetPrintWriter.println(InternetPrintWriter.java:9
>0)
> at
>org.apache.james.util.InternetPrintWriter.println(InternetPrintWriter.java:1
>87)
> at
>com.privasphere.privalope.mail.JamesPOP3Handler.handleConnection(JamesPOP3Ha
>ndler.java:301)
> ... 3 more
>Caused by: java.io.EOFException: SSL peer shut down incorrectly
> at
>com.sun.net.ssl.internal.ssl.InputRecord.read(InputRecord.java:321)
> at
>com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:720
>)
> ... 16 more
>
>
>PS 2) DEBUG [default Worker #7] (JamesPOP3Handler.java:322) - Connection has
>been
>shutdown: javax.net.ssl.SSLException: java.lang.RuntimeException: Could not
>generate DH keypair
> at
>com.sun.net.ssl.internal.ssl.SSLSocketImpl.checkEOF(SSLSocketImpl.java:1154)
> at
>com.sun.net.ssl.internal.ssl.AppInputStream.read(AppInputStream.java:65)
> at java.io.BufferedInputStream.read1(BufferedInputStream.java:254)
> at java.io.BufferedInputStream.read(BufferedInputStream.java:313)
> at
>sun.nio.cs.StreamDecoder$CharsetSD.readBytes(StreamDecoder.java:411)
> at
>sun.nio.cs.StreamDecoder$CharsetSD.implRead(StreamDecoder.java:453)
> at sun.nio.cs.StreamDecoder.read(StreamDecoder.java:183)
> at java.io.InputStreamReader.read(InputStreamReader.java:167)
> at java.io.BufferedReader.fill(BufferedReader.java:136)
> at java.io.BufferedReader.read(BufferedReader.java:157)
> at
>org.apache.james.util.CRLFTerminatedReader.readLine(CRLFTerminatedReader.jav
>a:98)
> at
>com.privasphere.privalope.mail.JamesPOP3Handler.readCommandLine(JamesPOP3Han
>dler.java:485)
> at
>com.privasphere.privalope.mail.JamesPOP3Handler.handleConnection(JamesPOP3Ha
>ndler.java:309)
> at
>org.apache.james.util.connection.ServerConnection$ClientConnectionRunner.run
>(ServerConnection.java:417)
> at
>org.apache.james.util.thread.ExecutableRunnable.execute(ExecutableRunnable.j
>ava:55)
> at
>org.apache.james.util.thread.WorkerThread.run(WorkerThread.java:90)
>Caused by: javax.net.ssl.SSLException: java.lang.RuntimeException: Could not
>generate DH keypair
> at
>com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:166)
> at
>com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1476)
> at
>com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1443)
> at
>com.sun.net.ssl.internal.ssl.SSLSocketImpl.handleException(SSLSocketImpl.jav
>a:1426)
> at
>com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:64)
> at
>java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65)
> at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:123)
> at
>sun.nio.cs.StreamEncoder$CharsetSE.implFlush(StreamEncoder.java:410)
> at sun.nio.cs.StreamEncoder.flush(StreamEncoder.java:152)
> at java.io.OutputStreamWriter.flush(OutputStreamWriter.java:213)
> at java.io.BufferedWriter.flush(BufferedWriter.java:236)
> at java.io.PrintWriter.flush(PrintWriter.java:270)
> at
>org.apache.james.util.InternetPrintWriter.println(InternetPrintWriter.java:9
>0)
> at
>org.apache.james.util.InternetPrintWriter.println(InternetPrintWriter.java:1
>87)
> at
>com.privasphere.privalope.mail.JamesPOP3Handler.handleConnection(JamesPOP3Ha
>ndler.java:301)
> ... 3 more
>Caused by: java.lang.RuntimeException: Could not generate DH keypair
> at
>com.sun.net.ssl.internal.ssl.DHKeyExchange.generateKeyPair(DHKeyExchange.jav
>a:137)
> at
>com.sun.net.ssl.internal.ssl.ServerHandshaker.getEphemeralDHKeys(ServerHands
>haker.java:132)
> at
>com.sun.net.ssl.internal.ssl.ServerHandshaker.trySetCipherSuite(ServerHandsh
>aker.java:699)
> at
>com.sun.net.ssl.internal.ssl.ServerHandshaker.chooseCipherSuite(ServerHandsh
>aker.java:633)
> at
>com.sun.net.ssl.internal.ssl.ServerHandshaker.clientHello(ServerHandshaker.j
>ava:450)
> at
>com.sun.net.ssl.internal.ssl.ServerHandshaker.processMessage(ServerHandshake
>r.java:178)
> at
>com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:495)
> at
>com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:433)
> at
>com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:815
>)
> at
>com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocket
>Impl.java:1025)
> at
>com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:61
>9)
> at
>com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:59)
> ... 13 more
>Caused by: java.security.NoSuchAlgorithmException: DiffieHellman
>KeyPairGenerator not available
> at
>java.security.KeyPairGenerator.getInstance(KeyPairGenerator.java:169)
> at
>com.sun.net.ssl.internal.ssl.DHKeyExchange.generateKeyPair(DHKeyExchange.jav
>a:121)
> ... 24 more
>
>
>
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: server-dev-unsubscribe@james.apache.org
For additional commands, e-mail: server-dev-help@james.apache.org