Hello Ralf,
Did you put the SunJCE provider jars in the <james>/lib directory (*not* in the <james>/apps/james/SAR-INF/lib)? The james classloader loads from there, not from the jre/lib. The jre/lib/security/java.security registration entry obviously must be in place, but the jars must be in the said above library.
As another option/example, have a look at the currrent branch_2_1_fcs in SVN: you find three BouncyCastle jars already in <james>/lib (they are needed - because of SMIME support - by the SMIMESign mailet); the registration is automatically done (statically) by org.apache.james.security.KeyHolder when loaded by org.apache.james.transport.mailets.SMIMESign - if such mailet is referenced in config.xml. You may otherwise register org.bouncycastle.jce.provider.BouncyCastleProvider in jre/lib/security/java.security.
Let me know,
Vincenzo
P.S. I'm posting this mail also to the server-dev list as it may be of interest to others.
Ralf Hauser wrote:
Vincenzo,
You had shown some interest in secure james services in http://issues.apache.org/jira/browse/JAMES-301 . Now, I am trying to get james2.2.0 working with JDK1.5 and I get strange errors when using TLS/SSL with the pop3server: a) When accessing with outlook, it dies with "bad handshake record MAC" (Stacktrace below PS 1) b) When accessing it with thunderbird, it dies with "DiffieHellman KeyPairGenerator not available" (Stacktrace in PS 2)
I noticed that the SunJCE provider is not registered in java.security.Security despite being put into the jre/lib/security/java.security file, but manually doing this in the pop3server.init()results in: Reason: java.lang.NoClassDefFoundError: com/sun/crypto/provider/SunJCE). Reading http://java.sun.com/j2se/1.5.0/docs/guide/security/jce/JCERefGuide.html#Inst allProvider didn't really
Any idea what happens? (or might the swallowed parts of the Stacktrace reveal more - how can I get them printed in full?)
Many thanks for any hints in advance!
Ralf
PS 1: and with outlook and jdk1.5 and jam2.2.0, I get javax.net.ssl.SSLException: Connection has been shutdown: javax.net.ssl.SSLHandshakeException: bad handshake record MAC at com.sun.net.ssl.internal.ssl.SSLSocketImpl.checkEOF(SSLSocketImpl.java:1154) at com.sun.net.ssl.internal.ssl.AppInputStream.read(AppInputStream.java:65) at java.io.BufferedInputStream.read1(BufferedInputStream.java:254) at java.io.BufferedInputStream.read(BufferedInputStream.java:313) at sun.nio.cs.StreamDecoder$CharsetSD.readBytes(StreamDecoder.java:411) at sun.nio.cs.StreamDecoder$CharsetSD.implRead(StreamDecoder.java:453) at sun.nio.cs.StreamDecoder.read(StreamDecoder.java:183) at java.io.InputStreamReader.read(InputStreamReader.java:167) at java.io.BufferedReader.fill(BufferedReader.java:136) at java.io.BufferedReader.read(BufferedReader.java:157) at org.apache.james.util.CRLFTerminatedReader.readLine(CRLFTerminatedReader.jav a:98) at com.privasphere.privalope.mail.JamesPOP3Handler.readCommandLine(JamesPOP3Han dler.java:485) at com.privasphere.privalope.mail.JamesPOP3Handler.handleConnection(JamesPOP3Ha ndler.java:309) at org.apache.james.util.connection.ServerConnection$ClientConnectionRunner.run (ServerConnection.java:417) at org.apache.james.util.thread.ExecutableRunnable.execute(ExecutableRunnable.j ava:55) at org.apache.james.util.thread.WorkerThread.run(WorkerThread.java:90) Caused by: javax.net.ssl.SSLHandshakeException: bad handshake record MAC at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:150) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1476) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1438) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:778 ) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocket Impl.java:1025) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:61 9) at com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:59) at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65) at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:123) at sun.nio.cs.StreamEncoder$CharsetSE.implFlush(StreamEncoder.java:410) at sun.nio.cs.StreamEncoder.flush(StreamEncoder.java:152) at java.io.OutputStreamWriter.flush(OutputStreamWriter.java:213) at java.io.BufferedWriter.flush(BufferedWriter.java:236) at java.io.PrintWriter.flush(PrintWriter.java:270) at org.apache.james.util.InternetPrintWriter.println(InternetPrintWriter.java:9 0) at java.io.PrintWriter.flush(PrintWriter.java:270) at org.apache.james.util.InternetPrintWriter.println(InternetPrintWriter.java:9 0) at org.apache.james.util.InternetPrintWriter.println(InternetPrintWriter.java:1 87) at com.privasphere.privalope.mail.JamesPOP3Handler.handleConnection(JamesPOP3Ha ndler.java:301) ... 3 more DEBUG [default Worker #11] (JamesPOP3Handler.java:269) - socket.getLocalPort(): 2995, remoteIP: 81.63.33.47, remoteHost: 47.33.63.81.cust.bluewin.ch DEBUG [default Worker #11] (JamesPOP3Handler.java:322) - Connection has been shutdown: javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake javax.net.ssl.SSLException: Connection has been shutdown: javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake at com.sun.net.ssl.internal.ssl.SSLSocketImpl.checkEOF(SSLSocketImpl.java:1154) at com.sun.net.ssl.internal.ssl.AppInputStream.read(AppInputStream.java:65) at java.io.BufferedInputStream.read1(BufferedInputStream.java:254) at java.io.BufferedInputStream.read(BufferedInputStream.java:313) at sun.nio.cs.StreamDecoder$CharsetSD.readBytes(StreamDecoder.java:411) at sun.nio.cs.StreamDecoder$CharsetSD.implRead(StreamDecoder.java:453) at sun.nio.cs.StreamDecoder.read(StreamDecoder.java:183) at java.io.InputStreamReader.read(InputStreamReader.java:167) at java.io.BufferedReader.fill(BufferedReader.java:136) at java.io.BufferedReader.read(BufferedReader.java:157) at org.apache.james.util.CRLFTerminatedReader.readLine(CRLFTerminatedReader.jav a:98) at com.privasphere.privalope.mail.JamesPOP3Handler.readCommandLine(JamesPOP3Han dler.java:485) at com.privasphere.privalope.mail.JamesPOP3Handler.handleConnection(JamesPOP3Ha ndler.java:309) at org.apache.james.util.connection.ServerConnection$ClientConnectionRunner.run (ServerConnection.java:417) at org.apache.james.util.thread.ExecutableRunnable.execute(ExecutableRunnable.j ava:55) at org.apache.james.util.thread.WorkerThread.run(WorkerThread.java:90) Caused by: javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:739 ) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocket Impl.java:1025) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:61 9) at com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:59) at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65) at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:123) at sun.nio.cs.StreamEncoder$CharsetSE.implFlush(StreamEncoder.java:410) at sun.nio.cs.StreamEncoder.flush(StreamEncoder.java:152) at java.io.OutputStreamWriter.flush(OutputStreamWriter.java:213) at java.io.BufferedWriter.flush(BufferedWriter.java:236) at java.io.PrintWriter.flush(PrintWriter.java:270) at org.apache.james.util.InternetPrintWriter.println(InternetPrintWriter.java:9 0) at org.apache.james.util.InternetPrintWriter.println(InternetPrintWriter.java:1 87) at com.privasphere.privalope.mail.JamesPOP3Handler.handleConnection(JamesPOP3Ha ndler.java:301) ... 3 more Caused by: java.io.EOFException: SSL peer shut down incorrectly at com.sun.net.ssl.internal.ssl.InputRecord.read(InputRecord.java:321) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:720 ) ... 16 more
PS 2) DEBUG [default Worker #7] (JamesPOP3Handler.java:322) - Connection has been shutdown: javax.net.ssl.SSLException: java.lang.RuntimeException: Could not generate DH keypair at com.sun.net.ssl.internal.ssl.SSLSocketImpl.checkEOF(SSLSocketImpl.java:1154) at com.sun.net.ssl.internal.ssl.AppInputStream.read(AppInputStream.java:65) at java.io.BufferedInputStream.read1(BufferedInputStream.java:254) at java.io.BufferedInputStream.read(BufferedInputStream.java:313) at sun.nio.cs.StreamDecoder$CharsetSD.readBytes(StreamDecoder.java:411) at sun.nio.cs.StreamDecoder$CharsetSD.implRead(StreamDecoder.java:453) at sun.nio.cs.StreamDecoder.read(StreamDecoder.java:183) at java.io.InputStreamReader.read(InputStreamReader.java:167) at java.io.BufferedReader.fill(BufferedReader.java:136) at java.io.BufferedReader.read(BufferedReader.java:157) at org.apache.james.util.CRLFTerminatedReader.readLine(CRLFTerminatedReader.jav a:98) at com.privasphere.privalope.mail.JamesPOP3Handler.readCommandLine(JamesPOP3Han dler.java:485) at com.privasphere.privalope.mail.JamesPOP3Handler.handleConnection(JamesPOP3Ha ndler.java:309) at org.apache.james.util.connection.ServerConnection$ClientConnectionRunner.run (ServerConnection.java:417) at org.apache.james.util.thread.ExecutableRunnable.execute(ExecutableRunnable.j ava:55) at org.apache.james.util.thread.WorkerThread.run(WorkerThread.java:90) Caused by: javax.net.ssl.SSLException: java.lang.RuntimeException: Could not generate DH keypair at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:166) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1476) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1443) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.handleException(SSLSocketImpl.jav a:1426) at com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:64) at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65) at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:123) at sun.nio.cs.StreamEncoder$CharsetSE.implFlush(StreamEncoder.java:410) at sun.nio.cs.StreamEncoder.flush(StreamEncoder.java:152) at java.io.OutputStreamWriter.flush(OutputStreamWriter.java:213) at java.io.BufferedWriter.flush(BufferedWriter.java:236) at java.io.PrintWriter.flush(PrintWriter.java:270) at org.apache.james.util.InternetPrintWriter.println(InternetPrintWriter.java:9 0) at org.apache.james.util.InternetPrintWriter.println(InternetPrintWriter.java:1 87) at com.privasphere.privalope.mail.JamesPOP3Handler.handleConnection(JamesPOP3Ha ndler.java:301) ... 3 more Caused by: java.lang.RuntimeException: Could not generate DH keypair at com.sun.net.ssl.internal.ssl.DHKeyExchange.generateKeyPair(DHKeyExchange.jav a:137) at com.sun.net.ssl.internal.ssl.ServerHandshaker.getEphemeralDHKeys(ServerHands haker.java:132) at com.sun.net.ssl.internal.ssl.ServerHandshaker.trySetCipherSuite(ServerHandsh aker.java:699) at com.sun.net.ssl.internal.ssl.ServerHandshaker.chooseCipherSuite(ServerHandsh aker.java:633) at com.sun.net.ssl.internal.ssl.ServerHandshaker.clientHello(ServerHandshaker.j ava:450) at com.sun.net.ssl.internal.ssl.ServerHandshaker.processMessage(ServerHandshake r.java:178) at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:495) at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:433) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:815 ) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocket Impl.java:1025) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:61 9) at com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:59) ... 13 more Caused by: java.security.NoSuchAlgorithmException: DiffieHellman KeyPairGenerator not available at java.security.KeyPairGenerator.getInstance(KeyPairGenerator.java:169) at com.sun.net.ssl.internal.ssl.DHKeyExchange.generateKeyPair(DHKeyExchange.jav a:121) ... 24 more
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
