[jira] [Created] (JAMES-3394) javax.net.ssl.SSLException: Session has no PSK

Tue, 29 Sep 2020 20:36:23 -0700 

Benoit Tellier created JAMES-3394:
-------------------------------------

             Summary: javax.net.ssl.SSLException: Session has no PSK
                 Key: JAMES-3394
                 URL: https://issues.apache.org/jira/browse/JAMES-3394
             Project: James Server
          Issue Type: Bug
          Components: guice
            Reporter: Benoit Tellier


# Problem

Some IMAP logs show up while running some guice packaged servers :

```
{
  "_index": "logs-james-linagora-2020.09.22",
  "_type": "tester",
  "_id": "3x-ctHQBdqSpI3q1UsUM",
  "_score": 1,
  "_source": {
    "@timestamp": "2020-09-22T06:59:37.350+0000",
    "message": "Error while processing imap request",
    "protocol": "IMAP",
    "ip": "92.103.166.6",
    "sessionId": "SID-iguvrgdzkgjk",
    "user": "Optional.empty",
    "host": "86684a70d81d",
    "severity": "WARN",
    "thread": "imapserver-executor-143",
    "logger": "org.apache.james.imapserver.netty.ImapChannelUpstreamHandler"
  },
  "fields": {
    "@timestamp": [
      "2020-09-22T06:59:37.350Z"
    ]
  }
}
```

Stacktrace:

```
        javax.net.ssl.SSLException: Session has no PSK
        at java.base/sun.security.ssl.Alert.createSSLException(Unknown Source)
        at java.base/sun.security.ssl.Alert.createSSLException(Unknown Source)
        at java.base/sun.security.ssl.TransportContext.fatal(Unknown Source)
        at java.base/sun.security.ssl.TransportContext.fatal(Unknown Source)
        at java.base/sun.security.ssl.TransportContext.fatal(Unknown Source)
        at java.base/sun.security.ssl.PreSharedKeyExtension.checkBinder(Unknown 
Source)
        at 
java.base/sun.security.ssl.PreSharedKeyExtension$CHPreSharedKeyUpdate.consume(Unknown
 Source)
        at java.base/sun.security.ssl.SSLExtension.consumeOnTrade(Unknown 
Source)
        at java.base/sun.security.ssl.SSLExtensions.consumeOnTrade(Unknown 
Source)
        at 
java.base/sun.security.ssl.ServerHello$T13ServerHelloProducer.produce(Unknown 
Source)
        at java.base/sun.security.ssl.SSLHandshake.produce(Unknown Source)
        at 
java.base/sun.security.ssl.ClientHello$T13ClientHelloConsumer.goServerHello(Unknown
 Source)
        at 
java.base/sun.security.ssl.ClientHello$T13ClientHelloConsumer.consume(Unknown 
Source)
        at 
java.base/sun.security.ssl.ClientHello$ClientHelloConsumer.onClientHello(Unknown
 Source)
        at 
java.base/sun.security.ssl.ClientHello$ClientHelloConsumer.consume(Unknown 
Source)
        at java.base/sun.security.ssl.SSLHandshake.consume(Unknown Source)
        at java.base/sun.security.ssl.HandshakeContext.dispatch(Unknown Source)
        at 
java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(Unknown
 Source)
        at 
java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(Unknown
 Source)
        at java.base/java.security.AccessController.doPrivileged(Native Method)
        at java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask.run(Unknown 
Source)
        at 
org.jboss.netty.handler.ssl.SslHandler.runDelegatedTasks(SslHandler.java:1393)
        at org.jboss.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1256)
        at org.jboss.netty.handler.ssl.SslHandler.decode(SslHandler.java:852)
        at 
org.jboss.netty.handler.codec.frame.FrameDecoder.callDecode(FrameDecoder.java:425)
        at 
org.jboss.netty.handler.codec.frame.FrameDecoder.messageReceived(FrameDecoder.java:303)
        at 
org.jboss.netty.channel.SimpleChannelUpstreamHandler.handleUpstream(SimpleChannelUpstreamHandler.java:70)
        at 
org.jboss.netty.channel.DefaultChannelPipeline.sendUpstream(DefaultChannelPipeline.java:564)
        at 
org.jboss.netty.channel.DefaultChannelPipeline.sendUpstream(DefaultChannelPipeline.java:559)
        at 
org.jboss.netty.channel.Channels.fireMessageReceived(Channels.java:268)
        at 
org.jboss.netty.channel.Channels.fireMessageReceived(Channels.java:255)
        at org.jboss.netty.channel.socket.nio.NioWorker.read(NioWorker.java:88)
        at 
org.jboss.netty.channel.socket.nio.AbstractNioWorker.process(AbstractNioWorker.java:108)
        at 
org.jboss.netty.channel.socket.nio.AbstractNioSelector.run(AbstractNioSelector.java:337)
        at 
org.jboss.netty.channel.socket.nio.AbstractNioWorker.run(AbstractNioWorker.java:89)
        at org.jboss.netty.channel.socket.nio.NioWorker.run(NioWorker.java:178)
        at 
org.jboss.netty.util.ThreadRenamingRunnable.run(ThreadRenamingRunnable.java:108)
        at 
org.jboss.netty.util.internal.DeadLockProofWorker$1.run(DeadLockProofWorker.java:42)
        at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown 
Source)
        at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown 
Source)
        at java.base/java.lang.Thread.run(Unknown Source)
```

## References

A quick google search leads to: 
https://devnet.logianalytics.com/hc/en-us/articles/360049257694-How-to-Resolve-the-Error-javax-net-ssl-SSLException-Session-has-no-PSK-

```
-Djdk.tls.client.protocols="TLSv1,TLSv1.1,TLSv1.2"
```

This, is worth investivation!

# Definition of done

Specify the appropriate value for the `jdk.tls.client.protocols` docker 
packaging.

Expactation: Once deployed on production instances, the `Session has no PSK` 
logs disappear.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to