James Server
  1. James Server
  2. JAMES-301

Pop3 TLS and Thunderbird 0.7 do not go together

    Details

    • Type: Bug Bug
    • Status: Resolved
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: 2.1.3
    • Fix Version/s: 3.0-M1, 3.0.0
    • Component/s: James Core
    • Labels:
      None
    • Environment:
      windows thunderbird 0.7 client
      rh9 james <pop3server enabled="true"> <useTLS>true</useTLS>

      Description

      2004-06-25 14:59:47,686 DEBUG POP3Handler - socket.getLocalPort(): 2995,
      remoteIP: 62.167.85.87, remoteHost: adsl-62-167-85-87.adslplus.ch
      2004-06-25 14:59:48,408 DEBUG POP3Handler - Connection has been shutdown:
      javax.net.ssl.SSLException: Algorithm missing:
      javax.net.ssl.SSLException: Connection has been shutdown:
      javax.net.ssl.SSLException: Algorithm missing:
      at com.sun.net.ssl.internal.ssl.SSLSocketImpl.d(DashoA6275)
      at com.sun.net.ssl.internal.ssl.AppInputStream.read(DashoA6275)
      at sun.nio.cs.StreamDecoder$CharsetSD.readBytes(StreamDecoder.java:408)
      at sun.nio.cs.StreamDecoder$CharsetSD.implRead(StreamDecoder.java:450)
      at sun.nio.cs.StreamDecoder.read(StreamDecoder.java:182)
      at java.io.InputStreamReader.read(InputStreamReader.java:167)
      at java.io.BufferedReader.fill(BufferedReader.java:136)
      at java.io.BufferedReader.readLine(BufferedReader.java:299)
      at java.io.BufferedReader.readLine(BufferedReader.java:362)
      at
      org.apache.james.pop3server.POP3Handler.handleConnection(POP3Handler.java:332)
      at
      org.apache.james.util.connection.ServerConnection$ClientConnectionRunner.run(ServerConnection.java:462)
      at
      org.apache.avalon.excalibur.thread.impl.ExecutableRunnable.execute(ExecutableRunnable.java:47)
      at
      org.apache.avalon.excalibur.thread.impl.WorkerThread.run(WorkerThread.java:80)
      Caused by: javax.net.ssl.SSLException: Algorithm missing:
      at com.sun.net.ssl.internal.ssl.SSLSocketImpl.m(DashoA6275)
      at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
      at com.sun.net.ssl.internal.ssl.SSLSocketImpl.j(DashoA6275)
      at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
      at com.sun.net.ssl.internal.ssl.AppOutputStream.write(DashoA6275)
      at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:66)
      at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:124)
      at sun.nio.cs.StreamEncoder$CharsetSE.implFlush(StreamEncoder.java:410)
      at sun.nio.cs.StreamEncoder.flush(StreamEncoder.java:152)
      at java.io.OutputStreamWriter.flush(OutputStreamWriter.java:213)
      at java.io.BufferedWriter.flush(BufferedWriter.java:230)
      at java.io.PrintWriter.flush(PrintWriter.java:120)
      at
      org.apache.james.util.InternetPrintWriter.println(InternetPrintWriter.java:131)
      at
      org.apache.james.util.InternetPrintWriter.println(InternetPrintWriter.java:228)
      at
      org.apache.james.pop3server.POP3Handler.handleConnection(POP3Handler.java:329)
      ... 3 more
      Caused by: java.security.NoSuchAlgorithmException: Could not create cipher AES/128
      at com.sun.net.ssl.internal.ssl.CipherBox$JCECipherBox.a(DashoA6275)
      at com.sun.net.ssl.internal.ssl.SunJSSE_h.a(DashoA6275)
      at com.sun.net.ssl.internal.ssl.CipherSuite$BulkCipher.a(DashoA6275)
      at com.sun.net.ssl.internal.ssl.SunJSSE_ax.b(DashoA6275)
      ... 18 more
      Caused by: java.security.NoSuchAlgorithmException: No implementation for
      AES/CBC/NoPadding found
      at com.sun.net.ssl.internal.ssl.SunJSSE_i.d(DashoA6275)
      at com.sun.net.ssl.internal.ssl.SunJSSE_i.a(DashoA6275)
      at com.sun.net.ssl.internal.ssl.CipherBox$JCECipherBox.<init>(DashoA6275)
      ... 22 more

      see also: http://forum.java.sun.com/thread.jsp?forum=2&thread=525590&tstart=15&trange=15

      or will we have to wait for JDK1.5? (http://jroller.com/page/eu/20031225#new_kind_of_jce_providers) on the other hand, the problem appears to be 2 years old: http://jce.iaik.tugraz.at/mailarchive/iaik-ssl/msg00864.html

      see also: http://jce.iaik.tugraz.at/products/15_PKCS11_Provider/Features.php (AES section) and http://java.sun.com/j2se/1.5.0/docs/guide/security/p11guide.html

        Activity

        Ralf Hauser created issue -
        Hide
        Ralf Hauser added a comment -

        posted it also in the thunderbird community
        http://forums.mozillazine.org/viewtopic.php?t=90756

        Show
        Ralf Hauser added a comment - posted it also in the thunderbird community http://forums.mozillazine.org/viewtopic.php?t=90756
        Hide
        Ralf Hauser added a comment -

        same happens with Mozilla 1.6

        Error Message: "smtp.yourdomain.ch has received an incorrect or unexpected message. Error Code: -12229"

        posted to them as well: http://bugzilla.mozilla.org/show_bug.cgi?id=249223

        Show
        Ralf Hauser added a comment - same happens with Mozilla 1.6 Error Message: "smtp.yourdomain.ch has received an incorrect or unexpected message. Error Code: -12229" posted to them as well: http://bugzilla.mozilla.org/show_bug.cgi?id=249223
        Show
        Ralf Hauser added a comment - it seems that http://marc.theaimsgroup.com/?l=james-user&m=108870045516713&w=2 and http://wiki.apache.org/james/UsingSSL#head-251f2f813dfb6c9ab9266a348f8d417b9fa6dce8 are the answer - I'll report if that fixes it for me
        Hide
        Ralf Hauser added a comment -

        copying "bcprov-jdk14-1*.jar" into $

        {env.JAVA_HOME}

        /jre/lib/ext (as per ant's build.xml) might relove the problem for more than just james...

        But anyway, Vincenzo Gianferrari Pini [vincenzo.gianferraripini@praxis.it] got it working with James 2.2.0RC5.

        So far, I couldn't get it to work with
        > java version "1.4.2_04"
        > Java(TM) 2 Runtime Environment, Standard Edition (build 1.4.2_04-b05)
        > Java HotSpot(TM) Client VM (build 1.4.2_04-b05, mixed mode)
        > James 2.1.3
        No matter whether I put
        security.provider.1=org.bouncycastle.jce.provider.BouncyCastleProvider

        in position 1, 2, or 6

        I still get Caused by: java.security.NoSuchAlgorithmException: Could not create cipher AES/128

        Only when I comment out all other providers, I get
        java.security.KeyStoreException: JKS not found

        The same happened for bcprov-jdk14-121.jar and bcprov-jdk14-124.jar .

        Any hint how to find out what is wrong?

        Show
        Ralf Hauser added a comment - copying "bcprov-jdk14-1*.jar" into $ {env.JAVA_HOME} /jre/lib/ext (as per ant's build.xml) might relove the problem for more than just james... But anyway, Vincenzo Gianferrari Pini [vincenzo.gianferraripini@praxis.it] got it working with James 2.2.0RC5. So far, I couldn't get it to work with > java version "1.4.2_04" > Java(TM) 2 Runtime Environment, Standard Edition (build 1.4.2_04-b05) > Java HotSpot(TM) Client VM (build 1.4.2_04-b05, mixed mode) > James 2.1.3 No matter whether I put security.provider.1=org.bouncycastle.jce.provider.BouncyCastleProvider in position 1, 2, or 6 I still get Caused by: java.security.NoSuchAlgorithmException: Could not create cipher AES/128 Only when I comment out all other providers, I get java.security.KeyStoreException: JKS not found The same happened for bcprov-jdk14-121.jar and bcprov-jdk14-124.jar . Any hint how to find out what is wrong?
        Hide
        Ralf Hauser added a comment -

        finally, I got it to work also with 2.1.3

        The solution was:
        add <include name="bcprov-jdk14-124.jar"/>

        to the sar task in the sar target of build.xml

        so, I guess this issue can be closed!

        Show
        Ralf Hauser added a comment - finally, I got it to work also with 2.1.3 The solution was: add <include name="bcprov-jdk14-124.jar"/> to the sar task in the sar target of build.xml so, I guess this issue can be closed!
        Hide
        Ralf Hauser added a comment -

        plus in the init() of POP3Server.java

        I needed to add

        java.security.Provider bc =
        new BouncyCastleProvider();//org.bouncycastle.jce.provider.
        Security.addProvider(new BouncyCastleProvider());

        Show
        Ralf Hauser added a comment - plus in the init() of POP3Server.java I needed to add java.security.Provider bc = new BouncyCastleProvider();//org.bouncycastle.jce.provider. Security.addProvider(new BouncyCastleProvider());
        Hide
        Vincenzo Gianferrari Pini added a comment -

        The solutions reported by Ralh Hauser are not of general usage because:
        1) Adding <include name="bcprov-jdk14-124.jar"/> to build.xml implies the usage of jdk14 (great idea but the decision is not yet done);
        2) Adding the code java.security.Provider bc = new BouncyCastleProvider() implies bundling the BouncyCastle jars (also a great idea but again the decision is not yet done).

        So the issue is still open.

        Ralf, but did you completely follow the steps outlined in http://wiki.apache.org/james/UsingSSL#head-251f2f813dfb6c9ab9266a348f8d417b9fa6dce8 (including putting the jars in the right place)?

        Show
        Vincenzo Gianferrari Pini added a comment - The solutions reported by Ralh Hauser are not of general usage because: 1) Adding <include name="bcprov-jdk14-124.jar"/> to build.xml implies the usage of jdk14 (great idea but the decision is not yet done); 2) Adding the code java.security.Provider bc = new BouncyCastleProvider() implies bundling the BouncyCastle jars (also a great idea but again the decision is not yet done). So the issue is still open. Ralf, but did you completely follow the steps outlined in http://wiki.apache.org/james/UsingSSL#head-251f2f813dfb6c9ab9266a348f8d417b9fa6dce8 (including putting the jars in the right place)?
        Hide
        Ralf Hauser added a comment -

        when taking out the bc calls in POP3Server.initiate() and putting
        bcprov.jar not in lib but dist/james-2.1.3/lib, yet another variant:

        Mozilla says: <<Mozilla and host.domain.tld cannot communicate securely because they have no common encryption algorithms>>

        Show
        Ralf Hauser added a comment - when taking out the bc calls in POP3Server.initiate() and putting bcprov.jar not in lib but dist/james-2.1.3/lib, yet another variant: Mozilla says: <<Mozilla and host.domain.tld cannot communicate securely because they have no common encryption algorithms>>
        Hide
        Norman Maurer added a comment -

        Problems should be fixed. If they Proplems popup again we can reopen it

        Show
        Norman Maurer added a comment - Problems should be fixed. If they Proplems popup again we can reopen it
        Norman Maurer made changes -
        Field Original Value New Value
        Status Open [ 1 ] Resolved [ 5 ]
        Fix Version/s 3.0 [ 10427 ]
        Fix Version/s Trunk [ 12312135 ]
        Resolution Fixed [ 1 ]
        Norman Maurer made changes -
        Fix Version/s 3.0-M1 [ 12314294 ]
        Fix Version/s Trunk [ 12312135 ]
        Mark Thomas made changes -
        Workflow jira [ 31927 ] Default workflow, editable Closed status [ 12566724 ]
        Mark Thomas made changes -
        Workflow Default workflow, editable Closed status [ 12566724 ] jira [ 12581742 ]

          People

          • Assignee:
            Unassigned
            Reporter:
            Ralf Hauser
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development