Uploaded image for project: 'James Server'
  1. James Server
  2. JAMES-3394

javax.net.ssl.SSLException: Session has no PSK

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Open
    • Major
    • Resolution: Unresolved
    • None
    • None
    • guice
    • None

    Description

      1. Problem

      Some IMAP logs show up while running some guice packaged servers :

      ```
      {
      "_index": "logs-james-linagora-2020.09.22",
      "_type": "tester",
      "_id": "3x-ctHQBdqSpI3q1UsUM",
      "_score": 1,
      "_source":

      { "@timestamp": "2020-09-22T06:59:37.350+0000", "message": "Error while processing imap request", "protocol": "IMAP", "ip": "92.103.166.6", "sessionId": "SID-iguvrgdzkgjk", "user": "Optional.empty", "host": "86684a70d81d", "severity": "WARN", "thread": "imapserver-executor-143", "logger": "org.apache.james.imapserver.netty.ImapChannelUpstreamHandler" }

      ,
      "fields":

      { "@timestamp": [ "2020-09-22T06:59:37.350Z" ] }

      }
      ```

      Stacktrace:

      ```
      javax.net.ssl.SSLException: Session has no PSK
      at java.base/sun.security.ssl.Alert.createSSLException(Unknown Source)
      at java.base/sun.security.ssl.Alert.createSSLException(Unknown Source)
      at java.base/sun.security.ssl.TransportContext.fatal(Unknown Source)
      at java.base/sun.security.ssl.TransportContext.fatal(Unknown Source)
      at java.base/sun.security.ssl.TransportContext.fatal(Unknown Source)
      at java.base/sun.security.ssl.PreSharedKeyExtension.checkBinder(Unknown Source)
      at java.base/sun.security.ssl.PreSharedKeyExtension$CHPreSharedKeyUpdate.consume(Unknown Source)
      at java.base/sun.security.ssl.SSLExtension.consumeOnTrade(Unknown Source)
      at java.base/sun.security.ssl.SSLExtensions.consumeOnTrade(Unknown Source)
      at java.base/sun.security.ssl.ServerHello$T13ServerHelloProducer.produce(Unknown Source)
      at java.base/sun.security.ssl.SSLHandshake.produce(Unknown Source)
      at java.base/sun.security.ssl.ClientHello$T13ClientHelloConsumer.goServerHello(Unknown Source)
      at java.base/sun.security.ssl.ClientHello$T13ClientHelloConsumer.consume(Unknown Source)
      at java.base/sun.security.ssl.ClientHello$ClientHelloConsumer.onClientHello(Unknown Source)
      at java.base/sun.security.ssl.ClientHello$ClientHelloConsumer.consume(Unknown Source)
      at java.base/sun.security.ssl.SSLHandshake.consume(Unknown Source)
      at java.base/sun.security.ssl.HandshakeContext.dispatch(Unknown Source)
      at java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(Unknown Source)
      at java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(Unknown Source)
      at java.base/java.security.AccessController.doPrivileged(Native Method)
      at java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask.run(Unknown Source)
      at org.jboss.netty.handler.ssl.SslHandler.runDelegatedTasks(SslHandler.java:1393)
      at org.jboss.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1256)
      at org.jboss.netty.handler.ssl.SslHandler.decode(SslHandler.java:852)
      at org.jboss.netty.handler.codec.frame.FrameDecoder.callDecode(FrameDecoder.java:425)
      at org.jboss.netty.handler.codec.frame.FrameDecoder.messageReceived(FrameDecoder.java:303)
      at org.jboss.netty.channel.SimpleChannelUpstreamHandler.handleUpstream(SimpleChannelUpstreamHandler.java:70)
      at org.jboss.netty.channel.DefaultChannelPipeline.sendUpstream(DefaultChannelPipeline.java:564)
      at org.jboss.netty.channel.DefaultChannelPipeline.sendUpstream(DefaultChannelPipeline.java:559)
      at org.jboss.netty.channel.Channels.fireMessageReceived(Channels.java:268)
      at org.jboss.netty.channel.Channels.fireMessageReceived(Channels.java:255)
      at org.jboss.netty.channel.socket.nio.NioWorker.read(NioWorker.java:88)
      at org.jboss.netty.channel.socket.nio.AbstractNioWorker.process(AbstractNioWorker.java:108)
      at org.jboss.netty.channel.socket.nio.AbstractNioSelector.run(AbstractNioSelector.java:337)
      at org.jboss.netty.channel.socket.nio.AbstractNioWorker.run(AbstractNioWorker.java:89)
      at org.jboss.netty.channel.socket.nio.NioWorker.run(NioWorker.java:178)
      at org.jboss.netty.util.ThreadRenamingRunnable.run(ThreadRenamingRunnable.java:108)
      at org.jboss.netty.util.internal.DeadLockProofWorker$1.run(DeadLockProofWorker.java:42)
      at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
      at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
      at java.base/java.lang.Thread.run(Unknown Source)
      ```

        1. References

      A quick google search leads to: https://devnet.logianalytics.com/hc/en-us/articles/360049257694-How-to-Resolve-the-Error-javax-net-ssl-SSLException-Session-has-no-PSK-

      ```
      -Djdk.tls.client.protocols="TLSv1,TLSv1.1,TLSv1.2"
      ```

      This, is worth investivation!

      1. Definition of done

      Specify the appropriate value for the `jdk.tls.client.protocols` docker packaging.

      Expactation: Once deployed on production instances, the `Session has no PSK` logs disappear.

      Attachments

        Activity

          People

            Unassigned Unassigned
            btellier Benoit Tellier
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated: