Date: 2004-07-01T09:30:54 Editor: 83.103.20.56 <> Wiki: Apache James Wiki Page: UsingSSL URL: http://wiki.apache.org/james/UsingSSL
Supporting SSL with Mozilla 1.7 client through the addition of other providers Change Log: ------------------------------------------------------------------------------ @@ -152,8 +152,29 @@ === Mail Client Setup === -''MS Outlook 2000'': +==== MS Outlook 2000 ==== In the "Advanced" tab of the account setup check the '''"This server requires a secure connection (SSL)"''' checkboxes, and set the port numbers to the appropriate values. Warning: while the POP3 checkbox will automatically change the port number from 110 to 995, the SMTP checkbox will keep the port number as 25; you must manually set it to 465. + +==== Mozilla 1.7 ==== +Go to "Edit/Mail & Newsgroups Accounts Settings" menu, choose you account, enter in "Server Settings". Check the "Use secure connection (SSL)" box; "995" will be choosen as the default port: don't change it. +Next, in the same panel, choose the "Outgoing Server (SMTP)" entry and select the SSL radio button (not the TLS ones); "465" will be choosen as the default port: don't change it. + +With Mozilla a problem can now occur: you can get a "mysmtp.mydomain.com has received an incorrect or unexpected message. Error Code: -12229" error, with a related set of "java.security.NoSuchAlgorithmException: Could not create cipher AES/128" message in the pop3server log. This is not a bug in James: it simply arises because Mozilla tries by default to use some cryptographic algorithms not provided as a standard in the Java VM (at least - in my knowledge - not in the Sun JRE 1.4.2). A solution on the client side would be to tell Mozilla not to use the unsupported algorithms; a much better solution is to have the JVM used by James support such algorithms - see the section ''Supporting More Security Algorithms'' below. + +---- + +=== Supporting More Security Algorithms === + +Some cryptographic algorithms not provided as a standard in the Java VM (at least - in my knowledge - not in the Sun JRE 1.4.2) may be needed by some Mail Clients, for example by Mozilla 1.7. + +The solution is to add other ''security providers''. Here follow the steps to add the ''Legion of the Bouncy Castle'' provider, assuming a Sun JRE 1.4.2 installation under Windows: + + 1. Download the appropriate bcprov-jdkxx-yyy.jar from [http://www.bouncycastle.org/latest_releases.html] (where xx is the jdk release and yyy is the Bouncy Castle release - bcprov-jdk14-124.jar is the current one for JRE 1.4.x at the beginning of July 2004). + 2. Put the jar in the {james}\lib directory (warning: not in the {james}\apps\james\SAR-INF\lib directory!). + 3. Edit the {Program Files}\Java\j2re1.4.2\lib\security\java.security file, adding a '''security.provider.''n''=org.bouncycastle.jce.provider.BouncyCastleProvider''' line to the other ''security.provider'' lines, where ''n'' is the preference order. + 4. Restart James, and Mozilla will work with SSL! + +You could play with the preference order above to get the best performance. ----
