You are viewing a plain text version of this content. The canonical link for it is here.
Posted to server-user@james.apache.org by Marc Chamberlin <ma...@marcchamberlin.com> on 2011/07/19 21:40:42 UTC
Re: TLS/SSL problems Solved!
Thanks David for your reply... You were sorta right... Actually
openSuSE is screwed up when it comes to changing the Java installation
(I went from openJDK_x64 to the Sun_X32 version. OpenSuSE uses a lot of
links in /etc/alternatives to point at the correct version of Java
things, which in turn get used by a lot of scripts) Most of these links
were broken after the change over and I had to go through and correct
them all by had. Additionally, openSuSE left a lot of files, dirs, and
links in the /usr/lib64/jvm install directory which further confused a
number of scripts and cause them to mis-set environment variables...
Cleaning up all this mess, made James a happy camper again...
I am continuing to try and get James installed in Eclipse so I can see
what is going on within some of my mail lists that I support... Spam and
in particular bounce messages are getting through and I am trying to
figure out why... Also the built in Bayesian filters is now catching
legit emails and I need a way to correct the filter since these get
dropped into a special spam repository before I get a chance to reteach
the filter that these are in fact legit....
Marc..
On 7/18/2011 5:26 PM, david garvey wrote:
> Marc,
>
> It looks like the new install is missing the crypto stuff?
>
> http://fandry.blogspot.com/2011/06/problem-initializing-class.html
>
> I also checked the content of the content of the jar file
> ./Java/jre6/lib/jce.jar which should
> contain the missing class in question: javax.crypto.SunJCE_b
>
> On 07/18/2011 09:23 AM, Marc Chamberlin wrote:
> > On 7/18/2011 12:10 AM, Eric Charles wrote:
> >> Hi Marc,
> >>
> >> Why do you go to x32 and not x64?
> > Thanks Eric for replying... I couldn't get Eclipse to work under
> x64 so
> > was advised to use the x32 bit version of Java instead. I want to bring
> > James up in Eclipse so I can better understand and debug it when I
> > encounter problems and try to better handle spam/bounce notifications
> > about attempts being made to break into some mail lists that I
> host.....
> >>
> >> Also, http://wiki.apache.org/james/UsingSSL says you need to
> >> add/configure bouncycastle. I don't think it will help with the
> >> NoClassDefFoundError, but I would give it a try.
> > I will look into this further and see if I need to do anything to
> handle
> > the x32 bit version of Java, otherwise I am surprised if I need to do
> > anything that I have not already done, since I had SSL working fine
> > before I switched to x32 Java....
>
> > Marc...
> >>
> >> Thx.
> >>
> >> On 18/07/11 08:45, Marc Chamberlin wrote:
> >>> I recently had to change the JAVA vm on my server from
> >>> java-1_6_0-openJDK_X64 to java-1_6_0-sun_586 (x32) and restarted
> James
> >>> 2.3.2 under the new runtime environment. Before this switch, James
> >>> worked fine, but afterwords whenever a client such as Thunderbird
> tries
> >>> to connect I am getting the following sort of error when using
> TLS/SSL
> >>> connections -
> >>>
> >>> An error occurred during a connection to mail.mydomain.com:995.
> >>>
> >>> Cannot communicate securely with peer: no common encryption
> >>> algorithm(s).
> >>>
> >>> (Error code: ssl_error_no_cypher_overlap)
> >>>
> >>>
> >>> Looking in the James logs files I found this stack walkback in the
> >>> connections log file - (I am guessing it is related?)
> >>>
> >>> marc@bigbang:/james/james-2.3.2/apps/james/logs> cat
> >>> connections-2011-07-17-21-52.log
> >>> 17/07/11 21:54:16 ERROR connections: Error handling connection
> >>> java.lang.NoClassDefFoundError: Could not initialize class
> >>> javax.crypto.SunJCE_b
> >>> at javax.crypto.Cipher.getInstance(DashoA13*..)
> >>> at java.security.Signature$Delegate.newInstance(Signature.java:932)
> >>> at
> java.security.Signature$Delegate.chooseProvider(Signature.java:1032)
> >>> at
> java.security.Signature$Delegate.engineInitSign(Signature.java:1106)
> >>> at java.security.Signature.initSign(Signature.java:498)
> >>> at
> >>>
> com.sun.net.ssl.internal.ssl.RSASignature.engineInitSign(RSASignature.java:108)
>
> >>>
> >>>
> >>> at java.security.Signature$Delegate.init(Signature.java:1076)
> >>> at
> java.security.Signature$Delegate.chooseProvider(Signature.java:1033)
> >>> at
> java.security.Signature$Delegate.engineInitSign(Signature.java:1106)
> >>> at java.security.Signature.initSign(Signature.java:498)
> >>> at
> >>>
> com.sun.net.ssl.internal.ssl.HandshakeMessage$DH_ServerKeyExchange.<init>(HandshakeMessage.java:721)
>
> >>>
> >>>
> >>> at
> >>>
> com.sun.net.ssl.internal.ssl.ServerHandshaker.clientHello(ServerHandshaker.java:678)
>
> >>>
> >>>
> >>> at
> >>>
> com.sun.net.ssl.internal.ssl.ServerHandshaker.processMessage(ServerHandshaker.java:151)
>
> >>>
> >>>
> >>> at
> >>>
> com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:593)
> >>> at
> >>>
> com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:529)
>
> >>>
> >>> at
> >>>
> com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:893)
>
> >>>
> >>>
> >>> at
> >>>
> com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1138)
>
> >>>
> >>>
> >>> at
> >>>
> com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:632)
>
> >>>
> >>>
> >>> at
> >>>
> com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:59)
>
> >>>
> >>> at
> >>>
> java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65)
> >>> at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:123)
> >>> at sun.nio.cs.StreamEncoder.implFlush(StreamEncoder.java:278)
> >>> at sun.nio.cs.StreamEncoder.flush(StreamEncoder.java:122)
> >>> at java.io.OutputStreamWriter.flush(OutputStreamWriter.java:212)
> >>> at java.io.BufferedWriter.flush(BufferedWriter.java:236)
> >>> at java.io.PrintWriter.flush(PrintWriter.java:276)
> >>> at
> >>>
> org.apache.james.util.InternetPrintWriter.println(InternetPrintWriter.java:92)
>
> >>>
> >>>
> >>> at
> >>>
> org.apache.james.util.InternetPrintWriter.println(InternetPrintWriter.java:189)
>
> >>>
> >>>
> >>> at
> >>>
> org.apache.james.pop3server.POP3Handler.handleConnection(POP3Handler.java:274)
>
> >>>
> >>>
> >>> at
> >>>
> org.apache.james.util.connection.ServerConnection$ClientConnectionRunner.run(ServerConnection.java:432)
>
> >>>
> >>>
> >>> at
> >>>
> org.apache.excalibur.thread.impl.ExecutableRunnable.execute(ExecutableRunnable.java:55)
>
> >>>
> >>>
> >>> at
> >>>
> org.apache.excalibur.thread.impl.WorkerThread.run(WorkerThread.java:116)
> >>>
> >>> I didn't change any of the James configuration files, so anyone
> got any
> >>> ideas about what has gone wrong and what I have to do to fix?
> Going back
> >>> to the openJDK_X64 runtime environment would be a real PITA...
> >>>
> >>> Marc...
> >>>
> >>>
> >>> ---------------------------------------------------------------------
> >>> To unsubscribe, e-mail: server-user-unsubscribe@james.apache.org
> >>> For additional commands, e-mail: server-user-help@james.apache.org
> >>>
> >>
> >>
>
>
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: server-user-unsubscribe@james.apache.org
> > For additional commands, e-mail: server-user-help@james.apache.org
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: server-user-unsubscribe@james.apache.org
> For additional commands, e-mail: server-user-help@james.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: server-user-unsubscribe@james.apache.org
For additional commands, e-mail: server-user-help@james.apache.org
Re: TLS/SSL problems Solved!
Posted by david garvey <dg...@collab.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
That is great news... Fedora/Redhat has the same issues:
[dgarvey@dgarvey .ssh]$ ls -l /etc/alternatives/jre
lrwxrwxrwx 1 root root 29 Mar 10 12:25 /etc/alternatives/jre -> /home/dgarvey/jdk1.6.0_21/jre
[dgarvey@dgarvey .ssh]$
On 07/19/2011 12:40 PM, Marc Chamberlin wrote:
> Thanks David for your reply... You were sorta right... Actually
> openSuSE is screwed up when it comes to changing the Java installation
> (I went from openJDK_x64 to the Sun_X32 version. OpenSuSE uses a lot of
> links in /etc/alternatives to point at the correct version of Java
> things, which in turn get used by a lot of scripts) Most of these links
> were broken after the change over and I had to go through and correct
> them all by had. Additionally, openSuSE left a lot of files, dirs, and
> links in the /usr/lib64/jvm install directory which further confused a
> number of scripts and cause them to mis-set environment variables...
> Cleaning up all this mess, made James a happy camper again...
>
> I am continuing to try and get James installed in Eclipse so I can see
> what is going on within some of my mail lists that I support... Spam and
> in particular bounce messages are getting through and I am trying to
> figure out why... Also the built in Bayesian filters is now catching
> legit emails and I need a way to correct the filter since these get
> dropped into a special spam repository before I get a chance to reteach
> the filter that these are in fact legit....
>
> Marc..
>
>
>
> On 7/18/2011 5:26 PM, david garvey wrote:
>> Marc,
>>
>> It looks like the new install is missing the crypto stuff?
>>
>> http://fandry.blogspot.com/2011/06/problem-initializing-class.html
>>
>> I also checked the content of the content of the jar file
>> ./Java/jre6/lib/jce.jar which should
>> contain the missing class in question: javax.crypto.SunJCE_b
>>
>> On 07/18/2011 09:23 AM, Marc Chamberlin wrote:
>>> On 7/18/2011 12:10 AM, Eric Charles wrote:
>>>> Hi Marc,
>>>>
>>>> Why do you go to x32 and not x64?
>>> Thanks Eric for replying... I couldn't get Eclipse to work under
>> x64 so
>>> was advised to use the x32 bit version of Java instead. I want to bring
>>> James up in Eclipse so I can better understand and debug it when I
>>> encounter problems and try to better handle spam/bounce notifications
>>> about attempts being made to break into some mail lists that I
>> host.....
>>>>
>>>> Also, http://wiki.apache.org/james/UsingSSL says you need to
>>>> add/configure bouncycastle. I don't think it will help with the
>>>> NoClassDefFoundError, but I would give it a try.
>>> I will look into this further and see if I need to do anything to
>> handle
>>> the x32 bit version of Java, otherwise I am surprised if I need to do
>>> anything that I have not already done, since I had SSL working fine
>>> before I switched to x32 Java....
>>
>>> Marc...
>>>>
>>>> Thx.
>>>>
>>>> On 18/07/11 08:45, Marc Chamberlin wrote:
>>>>> I recently had to change the JAVA vm on my server from
>>>>> java-1_6_0-openJDK_X64 to java-1_6_0-sun_586 (x32) and restarted
>> James
>>>>> 2.3.2 under the new runtime environment. Before this switch, James
>>>>> worked fine, but afterwords whenever a client such as Thunderbird
>> tries
>>>>> to connect I am getting the following sort of error when using
>> TLS/SSL
>>>>> connections -
>>>>>
>>>>> An error occurred during a connection to mail.mydomain.com:995.
>>>>>
>>>>> Cannot communicate securely with peer: no common encryption
>>>>> algorithm(s).
>>>>>
>>>>> (Error code: ssl_error_no_cypher_overlap)
>>>>>
>>>>>
>>>>> Looking in the James logs files I found this stack walkback in the
>>>>> connections log file - (I am guessing it is related?)
>>>>>
>>>>> marc@bigbang:/james/james-2.3.2/apps/james/logs> cat
>>>>> connections-2011-07-17-21-52.log
>>>>> 17/07/11 21:54:16 ERROR connections: Error handling connection
>>>>> java.lang.NoClassDefFoundError: Could not initialize class
>>>>> javax.crypto.SunJCE_b
>>>>> at javax.crypto.Cipher.getInstance(DashoA13*..)
>>>>> at java.security.Signature$Delegate.newInstance(Signature.java:932)
>>>>> at
>> java.security.Signature$Delegate.chooseProvider(Signature.java:1032)
>>>>> at
>> java.security.Signature$Delegate.engineInitSign(Signature.java:1106)
>>>>> at java.security.Signature.initSign(Signature.java:498)
>>>>> at
>>>>>
>> com.sun.net.ssl.internal.ssl.RSASignature.engineInitSign(RSASignature.java:108)
>>
>>>>>
>>>>>
>>>>> at java.security.Signature$Delegate.init(Signature.java:1076)
>>>>> at
>> java.security.Signature$Delegate.chooseProvider(Signature.java:1033)
>>>>> at
>> java.security.Signature$Delegate.engineInitSign(Signature.java:1106)
>>>>> at java.security.Signature.initSign(Signature.java:498)
>>>>> at
>>>>>
>> com.sun.net.ssl.internal.ssl.HandshakeMessage$DH_ServerKeyExchange.<init>(HandshakeMessage.java:721)
>>
>>>>>
>>>>>
>>>>> at
>>>>>
>> com.sun.net.ssl.internal.ssl.ServerHandshaker.clientHello(ServerHandshaker.java:678)
>>
>>>>>
>>>>>
>>>>> at
>>>>>
>> com.sun.net.ssl.internal.ssl.ServerHandshaker.processMessage(ServerHandshaker.java:151)
>>
>>>>>
>>>>>
>>>>> at
>>>>>
>> com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:593)
>>>>> at
>>>>>
>> com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:529)
>>
>>>>>
>>>>> at
>>>>>
>> com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:893)
>>
>>>>>
>>>>>
>>>>> at
>>>>>
>> com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1138)
>>
>>>>>
>>>>>
>>>>> at
>>>>>
>> com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:632)
>>
>>>>>
>>>>>
>>>>> at
>>>>>
>> com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:59)
>>
>>>>>
>>>>> at
>>>>>
>> java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65)
>>>>> at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:123)
>>>>> at sun.nio.cs.StreamEncoder.implFlush(StreamEncoder.java:278)
>>>>> at sun.nio.cs.StreamEncoder.flush(StreamEncoder.java:122)
>>>>> at java.io.OutputStreamWriter.flush(OutputStreamWriter.java:212)
>>>>> at java.io.BufferedWriter.flush(BufferedWriter.java:236)
>>>>> at java.io.PrintWriter.flush(PrintWriter.java:276)
>>>>> at
>>>>>
>> org.apache.james.util.InternetPrintWriter.println(InternetPrintWriter.java:92)
>>
>>>>>
>>>>>
>>>>> at
>>>>>
>> org.apache.james.util.InternetPrintWriter.println(InternetPrintWriter.java:189)
>>
>>>>>
>>>>>
>>>>> at
>>>>>
>> org.apache.james.pop3server.POP3Handler.handleConnection(POP3Handler.java:274)
>>
>>>>>
>>>>>
>>>>> at
>>>>>
>> org.apache.james.util.connection.ServerConnection$ClientConnectionRunner.run(ServerConnection.java:432)
>>
>>>>>
>>>>>
>>>>> at
>>>>>
>> org.apache.excalibur.thread.impl.ExecutableRunnable.execute(ExecutableRunnable.java:55)
>>
>>>>>
>>>>>
>>>>> at
>>>>>
>> org.apache.excalibur.thread.impl.WorkerThread.run(WorkerThread.java:116)
>>>>>
>>>>> I didn't change any of the James configuration files, so anyone
>> got any
>>>>> ideas about what has gone wrong and what I have to do to fix?
>> Going back
>>>>> to the openJDK_X64 runtime environment would be a real PITA...
>>>>>
>>>>> Marc...
>>>>>
>>>>>
>>>>> ---------------------------------------------------------------------
>>>>> To unsubscribe, e-mail: server-user-unsubscribe@james.apache.org
>>>>> For additional commands, e-mail: server-user-help@james.apache.org
>>>>>
>>>>
>>>>
>>
>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: server-user-unsubscribe@james.apache.org
>>> For additional commands, e-mail: server-user-help@james.apache.org
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: server-user-unsubscribe@james.apache.org
>> For additional commands, e-mail: server-user-help@james.apache.org
>>
>>
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: server-user-unsubscribe@james.apache.org
> For additional commands, e-mail: server-user-help@james.apache.org
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.14 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iQEcBAEBAgAGBQJOJeRbAAoJECBbzNW7hzr4n8kH/0HIfydxGY6E3DAsRwvRP6je
PTnTHsj1eqgoarAtJC/PsZ40Y6ZaCfoEA9cwH6G/XNVZCWsfoOnwfk1cBKuYPG/P
0q8zKJcV3wswvX/bm1LQQX1DrNUtQ5FzTu26d8DFV5kZrwGa5+nXi+DgLeY/7aVj
I6vcgKdS8AlCgNBvrUY6VrhJflBL169rBnA1h0j7kfMjlPlmZUOArl86qjGQb9oP
fbzHHATh8QMcvjvq24g44Aw+B5w0DsFWtPexyVYiwrUNOQffrUWw1WiYmA/C7dWA
UFScDzwSLzpprgdaC/dO+d7V8ObWCW7IC6AMA/7cAa17uFFi0eFqeVoWwDhJXQ8=
=RK+W
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: server-user-unsubscribe@james.apache.org
For additional commands, e-mail: server-user-help@james.apache.org