Discussion:
launching SMTP over SSL.
Denis Navitaniuk
2003-05-23 15:02:13 UTC
Permalink
Could anybody describe what shall I do to launch SMTP over SSL.
I use jdk141 and Outlook as mail server.

Or, say me what is incorrect in the following:

1. Made new certificate:
keytool -genkey ...
keytool -selfcert ...

2. Configured the SMTP service
<smtpserver enabled="true">
<port>25</port>
<useTLS>true</useTLS>
...
3. Configured socket
<factory name="ssl"
class="org.apache.avalon.cornerstone.blocks.sockets.TLSServerSocketFactory">
<keystore>
<file>conf/keystore</file>
<password>storepass</password>
<type>JKS</type>
<protocol>SSLv3</protocol>
<algorithm>SunX509</algorithm>
<authenticate-client>false</authenticate-client>
</keystore>
</factory>

4. In IE:
[Tools->Internet Options...->Advanced->Security] checked "Use SSL 3.0"
and uncheck "Use SSL 2.0"

Thanks in advance.
Denis Navitaniuk
2003-05-23 15:26:06 UTC
Permalink
forgot to mention:

When sending messages from outlook, I receive timeout

Task 'TEZT LOCALHOZT - Sending' reported error (0x8004210B) : 'The
operation timed out waiting for a response from the sending (SMTP)
server. If you continue to receive this message, contact your server
administrator or Internet service provider (ISP).'

In James logs I see;
23/05/03 18:20:30 INFO smtpserver: Connection from myhost(myIP)
23/05/03 18:21:32 DEBUG smtpserver: Sent: 220 myMailServer SMTP Server
(JAMES SMTP Server 2.1.3) ready Fri, 23 May 2003 18:20:30 +0300 (EEST)
23/05/03 18:21:32 DEBUG smtpserver: Calling start()
23/05/03 18:21:32 DEBUG smtpserver: Calling stop() for inactive watchdog
23/05/03 18:21:32 DEBUG smtpserver: Closing socket.
23/05/03 18:21:32 DEBUG smtpserver: Calling disposeWatchdog() for
inactive watchdog
23/05/03 18:21:32 DEBUG smtpserver: Returning SMTPHandler to pool.
23/05/03 18:21:32 DEBUG smtpserver: Returning a
org.apache.james.smtpserver.SMTPHandler to the pool
Post by Denis Navitaniuk
Could anybody describe what shall I do to launch SMTP over SSL.
I use jdk141 and Outlook as mail server.
keytool -genkey ...
keytool -selfcert ...
2. Configured the SMTP service
<smtpserver enabled="true">
<port>25</port>
<useTLS>true</useTLS>
...
3. Configured socket
<factory name="ssl"
class="org.apache.avalon.cornerstone.blocks.sockets.TLSServerSocketFactory">
<keystore>
<file>conf/keystore</file>
<password>storepass</password>
<type>JKS</type>
<protocol>SSLv3</protocol>
<algorithm>SunX509</algorithm>
<authenticate-client>false</authenticate-client>
</keystore>
</factory>
[Tools->Internet Options...->Advanced->Security] checked "Use SSL 3.0"
and uncheck "Use SSL 2.0"
Thanks in advance.
---------------------------------------------------------------------
Vincenzo Gianferrari Pini
2003-05-23 15:25:13 UTC
Permalink
Denis,

In my (working quite well) system I have two differences:

1) I have <protocol>TLS</protocol> instead of <protocol>SSLv3</protocol>

2) I'm using a different service for ssl/tls, using a port different from 25, that must continue to be used for non ssl, as James can not share the same port (?):
<smtpserver-tls enabled="true">
<!-- port 465 is the well-known/IANA registered port for SMTPS -->
<port>465</port>

<useTLS>true</useTLS>
...
</smtpserver-tls>

This second service must be declared in assembly.xml, so I added:

<block name="smtpserver-tls" class="org.apache.james.smtpserver.SMTPServer" >
<provide name="James" role="org.apache.mailet.MailetContext"/>
<provide name="mailstore" role="org.apache.james.services.MailStore"/>
<provide name="users-store" role="org.apache.james.services.UsersStore"/>
<provide name="sockets"
role="org.apache.avalon.cornerstone.services.sockets.SocketManager"/>
<provide name="connections"
role="org.apache.avalon.cornerstone.services.connection.ConnectionManager"/>
<provide name="James" role="org.apache.james.services.MailServer"/>
<provide name="thread-manager"
role="org.apache.avalon.cornerstone.services.threads.ThreadManager" />
</block>

3) I checked "Use SSL 3.0" but did *not* check "Use SSL 2.0" (I don't know if it matters).

For pop3 using ssl I did equivalent things.

I hope it helps,

Vincenzo
-----Original Message-----
Sent: venerdi 23 maggio 2003 17.02
Subject: launching SMTP over SSL.
Could anybody describe what shall I do to launch SMTP over SSL.
I use jdk141 and Outlook as mail server.
keytool -genkey ...
keytool -selfcert ...
2. Configured the SMTP service
<smtpserver enabled="true">
<port>25</port>
<useTLS>true</useTLS>
...
3. Configured socket
<factory name="ssl"
class="org.apache.avalon.cornerstone.blocks.sockets.TLSServerSocke
tFactory">
<keystore>
<file>conf/keystore</file>
<password>storepass</password>
<type>JKS</type>
<protocol>SSLv3</protocol>
<algorithm>SunX509</algorithm>
<authenticate-client>false</authenticate-client>
</keystore>
</factory>
[Tools->Internet Options...->Advanced->Security] checked "Use SSL 3.0"
and uncheck "Use SSL 2.0"
Thanks in advance.
---------------------------------------------------------------------
Denis Navitaniuk
2003-05-23 16:08:09 UTC
Permalink
Hi, Vincenzo!

No changes :(

Do u use jdk141 without intalling JSSE separately?
Did u made a simple self-signed untrusted certificate?
Post by Vincenzo Gianferrari Pini
Denis,
1) I have <protocol>TLS</protocol> instead of <protocol>SSLv3</protocol>
<smtpserver-tls enabled="true">
<!-- port 465 is the well-known/IANA registered port for SMTPS -->
<port>465</port>
<useTLS>true</useTLS>
...
</smtpserver-tls>
<block name="smtpserver-tls" class="org.apache.james.smtpserver.SMTPServer" >
<provide name="James" role="org.apache.mailet.MailetContext"/>
<provide name="mailstore" role="org.apache.james.services.MailStore"/>
<provide name="users-store" role="org.apache.james.services.UsersStore"/>
<provide name="sockets"
role="org.apache.avalon.cornerstone.services.sockets.SocketManager"/>
<provide name="connections"
role="org.apache.avalon.cornerstone.services.connection.ConnectionManager"/>
<provide name="James" role="org.apache.james.services.MailServer"/>
<provide name="thread-manager"
role="org.apache.avalon.cornerstone.services.threads.ThreadManager" />
</block>
3) I checked "Use SSL 3.0" but did *not* check "Use SSL 2.0" (I don't know if it matters).
For pop3 using ssl I did equivalent things.
I hope it helps,
Vincenzo
Vincenzo Gianferrari Pini
2003-05-23 16:09:21 UTC
Permalink
1) I'm using jdk140, with embedded JSSE.

2) I'm using a trusted certificat from Thawte. But if I remember well, I think that I made before that some tests with my own self signed certificate, but I'm not sure.

3) If you changed to port 465, check if your firewall allows it.

Vincenzo
-----Original Message-----
Sent: venerdi 23 maggio 2003 18.08
To: James Users List
Subject: Re: launching SMTP over SSL.
Hi, Vincenzo!
No changes :(
Do u use jdk141 without intalling JSSE separately?
Did u made a simple self-signed untrusted certificate?
Post by Vincenzo Gianferrari Pini
Denis,
1) I have <protocol>TLS</protocol> instead of <protocol>SSLv3</protocol>
2) I'm using a different service for ssl/tls, using a port
different from 25, that must continue to be used for non ssl, as
Post by Vincenzo Gianferrari Pini
<smtpserver-tls enabled="true">
<!-- port 465 is the well-known/IANA registered port for
SMTPS -->
Post by Vincenzo Gianferrari Pini
<port>465</port>
<useTLS>true</useTLS>
...
</smtpserver-tls>
<block name="smtpserver-tls"
class="org.apache.james.smtpserver.SMTPServer" >
Post by Vincenzo Gianferrari Pini
<provide name="James" role="org.apache.mailet.MailetContext"/>
<provide name="mailstore"
role="org.apache.james.services.MailStore"/>
Post by Vincenzo Gianferrari Pini
<provide name="users-store"
role="org.apache.james.services.UsersStore"/>
Post by Vincenzo Gianferrari Pini
<provide name="sockets"
role="org.apache.avalon.cornerstone.services.sockets.SocketManager"/>
Post by Vincenzo Gianferrari Pini
<provide name="connections"
role="org.apache.avalon.cornerstone.services.connection.Connection
Manager"/>
Post by Vincenzo Gianferrari Pini
<provide name="James" role="org.apache.james.services.MailServer"/>
<provide name="thread-manager"
role="org.apache.avalon.cornerstone.services.threads.ThreadManager" />
Post by Vincenzo Gianferrari Pini
</block>
3) I checked "Use SSL 3.0" but did *not* check "Use SSL 2.0" (I
don't know if it matters).
Post by Vincenzo Gianferrari Pini
For pop3 using ssl I did equivalent things.
I hope it helps,
Vincenzo
---------------------------------------------------------------------
Emmanuel Gilmont
2003-05-23 20:10:07 UTC
Permalink
Hi Denis,

Maybe I'm wrong but if I remember myself, I did some test with Outlook some
weeks ago... I don't know if Outlook can handle SSL/TLS negociation. If I
remember, it can only do normal connection over port 110 for pop and 25 for
SMTP. Hint: try another mail client to see if it's Outlook or your James
implementation. E.g., test if you can reach James with openssl.

Another trick: if you configure James to use SSL/TLS on port 465 for SMTP,
nobody, aka normal mail server, will be able to sent you any mail.

In fact, quite all mail servers use port 25 to exchange mail between them.

What I did? I configure James to use port 25 (normal SMTP) and 110 (normal
POP). On behalf of James, I wrote a small proxy in Java which do the
encryption. So, I can reach James with or without SSL/TLS, depending of my
situation :)

Hope it helps you a bit in your quest of secure mail ;-)

Emmanuel

ps: my proxy is gpl-ed ;-)

----------------------
Post by Vincenzo Gianferrari Pini
1) I'm using jdk140, with embedded JSSE.
2) I'm using a trusted certificat from Thawte. But if I remember well, I
think that I made before that some tests with my own self signed
certificate, but I'm not sure.
3) If you changed to port 465, check if your firewall allows it.
Vincenzo
-----Original Message-----
Sent: venerdi 23 maggio 2003 18.08
To: James Users List
Subject: Re: launching SMTP over SSL.
Hi, Vincenzo!
No changes :(
Do u use jdk141 without intalling JSSE separately?
Did u made a simple self-signed untrusted certificate?
Post by Vincenzo Gianferrari Pini
Denis,
1) I have <protocol>TLS</protocol> instead of
<protocol>SSLv3</protocol>
2) I'm using a different service for ssl/tls, using a port
different from 25, that must continue to be used for non ssl, as
Post by Vincenzo Gianferrari Pini
<smtpserver-tls enabled="true">
<!-- port 465 is the well-known/IANA registered port for
SMTPS -->
Post by Vincenzo Gianferrari Pini
<port>465</port>
<useTLS>true</useTLS>
...
</smtpserver-tls>
<block name="smtpserver-tls"
class="org.apache.james.smtpserver.SMTPServer" >
Post by Vincenzo Gianferrari Pini
<provide name="James" role="org.apache.mailet.MailetContext"/>
<provide name="mailstore"
role="org.apache.james.services.MailStore"/>
Post by Vincenzo Gianferrari Pini
<provide name="users-store"
role="org.apache.james.services.UsersStore"/>
Post by Vincenzo Gianferrari Pini
<provide name="sockets"
role="org.apache.avalon.cornerstone.services.sockets.SocketManager"/>
Post by Vincenzo Gianferrari Pini
<provide name="connections"
role="org.apache.avalon.cornerstone.services.connection.Connection
Manager"/>
Post by Vincenzo Gianferrari Pini
<provide name="James" role="org.apache.james.services.MailServer"/>
<provide name="thread-manager"
role="org.apache.avalon.cornerstone.services.threads.ThreadManager" />
Post by Vincenzo Gianferrari Pini
</block>
3) I checked "Use SSL 3.0" but did *not* check "Use SSL 2.0" (I
don't know if it matters).
Post by Vincenzo Gianferrari Pini
For pop3 using ssl I did equivalent things.
I hope it helps,
Vincenzo
---------------------------------------------------------------------
---------------------------------------------------------------------
_____________________________________________________________________
Envie de discuter en "live" avec vos amis ? Tlcharger MSN Messenger
http://www.ifrance.com/_reloc/m la 1re messagerie instantane de France
_____________________________________________________________________
Envie de discuter en "live" avec vos amis ? Télécharger MSN Messenger
http://www.ifrance.com/_reloc/m la 1ère messagerie instantanée de France
Noel J. Bergman
2003-05-23 21:08:57 UTC
Permalink
Post by Emmanuel Gilmont
Another trick: if you configure James to use SSL/TLS on port 465 for SMTP,
nobody, aka normal mail server, will be able to sent you any mail.
You may have missed the fact that you can configure multiple SMTP services
on different ports.

--- Noel
Emmanuel Gilmont
2003-05-23 21:24:51 UTC
Permalink
yep :-(

i'm very very very sorry for this mistake....(shame on me)
Post by Noel J. Bergman
Post by Emmanuel Gilmont
Another trick: if you configure James to use SSL/TLS on port 465 for
SMTP, nobody, aka normal mail server, will be able to sent you any mail.
You may have missed the fact that you can configure multiple SMTP services
on different ports.
--- Noel
---------------------------------------------------------------------
_____________________________________________________________________
Envie de discuter en "live" avec vos amis ? Télécharger MSN Messenger
http://www.ifrance.com/_reloc/m la 1ère messagerie instantanée de France
_____________________________________________________________________
Envie de discuter en "live" avec vos amis ? Télécharger MSN Messenger
http://www.ifrance.com/_reloc/m la 1ère messagerie instantanée de France
Denis Navitaniuk
2003-05-26 12:59:10 UTC
Permalink
Hi, Emmanuel!

Could you please tell me where I can found your library and the
description on how did u integrated it with James?
Post by Emmanuel Gilmont
Hi Denis,
Maybe I'm wrong but if I remember myself, I did some test with Outlook some
weeks ago... I don't know if Outlook can handle SSL/TLS negociation. If I
remember, it can only do normal connection over port 110 for pop and 25 for
SMTP. Hint: try another mail client to see if it's Outlook or your James
implementation. E.g., test if you can reach James with openssl.
Another trick: if you configure James to use SSL/TLS on port 465 for SMTP,
nobody, aka normal mail server, will be able to sent you any mail.
In fact, quite all mail servers use port 25 to exchange mail between them.
What I did? I configure James to use port 25 (normal SMTP) and 110 (normal
POP). On behalf of James, I wrote a small proxy in Java which do the
encryption. So, I can reach James with or without SSL/TLS, depending of my
situation :)
Hope it helps you a bit in your quest of secure mail ;-)
Emmanuel
ps: my proxy is gpl-ed ;-)
Thanks in advance.
Denis.
Emmanuel Gilmont
2003-05-27 11:47:21 UTC
Permalink
First, it's (the proxy) not merged with James, it's only another Java process
which runs on his own beside James.

Second, I think it would be much better to have multiple instance of a
particular service inside James. As Noel said, it's possible to have 2 or
more,e.g., smtp process on different ports in James. Personnaly, I missed
that point.

So, if someone can tell us how to have, e.g. 2 smtp process, one with port 25
and nothing special, and another with port 465 + SSL/TLS + auth; it will be
great.

Thanks all,
Emmanuel

ps: if it dosn't work, send me a mail and I'll post the code for the proxy.

-----------------------------
Post by Denis Navitaniuk
Hi, Emmanuel!
Could you please tell me where I can found your library and the
description on how did u integrated it with James?
Post by Emmanuel Gilmont
Hi Denis,
Maybe I'm wrong but if I remember myself, I did some test with Outlook
some weeks ago... I don't know if Outlook can handle SSL/TLS negociation.
If I remember, it can only do normal connection over port 110 for pop and
25 for SMTP. Hint: try another mail client to see if it's Outlook or your
James implementation. E.g., test if you can reach James with openssl.
Another trick: if you configure James to use SSL/TLS on port 465 for
SMTP, nobody, aka normal mail server, will be able to sent you any mail.
In fact, quite all mail servers use port 25 to exchange mail between them.
What I did? I configure James to use port 25 (normal SMTP) and 110
(normal POP). On behalf of James, I wrote a small proxy in Java which do
the encryption. So, I can reach James with or without SSL/TLS, depending
of my situation :)
Hope it helps you a bit in your quest of secure mail ;-)
Emmanuel
ps: my proxy is gpl-ed ;-)
Thanks in advance.
Denis.
---------------------------------------------------------------------
_____________________________________________________________________
Envie de discuter en "live" avec vos amis ? Télécharger MSN Messenger
http://www.ifrance.com/_reloc/m la 1ère messagerie instantanée de France
_____________________________________________________________________
Envie de discuter en "live" avec vos amis ? Télécharger MSN Messenger
http://www.ifrance.com/_reloc/m la 1ère messagerie instantanée de France
Denis Navitaniuk
2003-05-28 14:33:23 UTC
Permalink
Hello, Emmanuel!

I configured 2 smtp services (one on port 25 without TLS, and another on
port 465 with TLS as was described in Vincenzo's mail) and POP3 (on port
995 using TLS).

I can only work with configuration Secured POP3/Unsecured SMTP.

One observation:
I opened a SSLServerSocket using the same certfile (file with
certificate as for James) from small java program, setted it on port 465
and tried to send a message. Mail client was waiting about a minute,
while the "server" (my java prog) was blocked on "is.read()" function
where "is" is a input stream obtained from connected client socket.
I stopped the mail client and obtained the following stack trace in java
program:

javax.net.ssl.SSLHandshakeException: Remote host closed connection
during handshake
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.j(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.AppInputStream.read(DashoA6275)
at com.sun.net.ssl.internal.ssl.AppInputStream.read(DashoA6275)
at TRIALSSLServerSocket.main(TRIALSSLServerSocket.java:39)
Caused by: java.io.EOFException: SSL peer shut down incorrectly
at com.sun.net.ssl.internal.ssl.InputRecord.read(DashoA6275)

Any ideas?
Can you post your code and describe how did u create your certificate,
please?
Post by Emmanuel Gilmont
First, it's (the proxy) not merged with James, it's only another Java process
which runs on his own beside James.
Second, I think it would be much better to have multiple instance of a
particular service inside James. As Noel said, it's possible to have 2 or
more,e.g., smtp process on different ports in James. Personnaly, I missed
that point.
So, if someone can tell us how to have, e.g. 2 smtp process, one with port 25
and nothing special, and another with port 465 + SSL/TLS + auth; it will be
great.
Thanks all,
Emmanuel
ps: if it dosn't work, send me a mail and I'll post the code for the proxy.
Thanks in advance.
Denis.

Ivens Porto
2003-05-26 18:26:24 UTC
Permalink
Post by Emmanuel Gilmont
Hi Denis,
Maybe I'm wrong but if I remember myself, I did some test with Outlook some
weeks ago... I don't know if Outlook can handle SSL/TLS negociation. If I
remember, it can only do normal connection over port 110 for pop and 25 for
SMTP. Hint: try another mail client to see if it's Outlook or your James
implementation. E.g., test if you can reach James with openssl.
I'm having the same problem.

POP3 with TLS works ok, but I can't send e-mail using SMTP with TLS.

Using openssl I was able to open a TLS connection to the SMTP port and
talk to the server, but when using Mozilla 1.3 I can't send mail.

I used Ethereal to try to see what was happening; when connecting with
Mozilla to the SMTP port the only thing that happens is the normal TCP
handshake (SYN, SYN-ACK, ACK), nothing else happens.
--
_/_/_/ _/_/_/ _/_/_/
Ivens Porto _/ _/ _/ _/
OSE - Open Systems Engineering _/ _/ _/ _/
http://www.ose.com.br _/ _/ _/_/_/ _/_/_/_/
Phone: (55) 34 - 3214-5995 _/ _/ _/ _/
Fax: (55) 34 - 3214-5994 _/ _/ _/ _/
_/_/_/ _/_/_/ _/_/_/
Denis Navitaniuk
2003-05-26 12:56:43 UTC
Permalink
Hi, Vincenzo!

I configured POP3 to use SSL as for smtpserver-tls.
During connecting to server (at localhost) I saw in logs:

26/05/03 13:17:53 DEBUG pop3server: Calling start()
26/05/03 13:17:53 ERROR pop3server: Exception during connection from
myhost (myIP) : Connection has been shutdown:
javax.net.ssl.SSLHandshakeException: no cipher suites in common
javax.net.ssl.SSLException: Connection has been shutdown:
javax.net.ssl.SSLHandshakeException: no cipher suites in common
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.d(DashoA6275)
at com.sun.net.ssl.internal.ssl.AppInputStream.read(DashoA6275)
at sun.nio.cs.StreamDecoder$CharsetSD.readBytes(StreamDecoder.java:408)
at sun.nio.cs.StreamDecoder$CharsetSD.implRead(StreamDecoder.java:450)
at sun.nio.cs.StreamDecoder.read(StreamDecoder.java:182)
at java.io.InputStreamReader.read(InputStreamReader.java:167)
at java.io.BufferedReader.fill(BufferedReader.java:136)
at java.io.BufferedReader.readLine(BufferedReader.java:299)
at java.io.BufferedReader.readLine(BufferedReader.java:362)
at
org.apache.james.pop3server.POP3Handler.handleConnection(POP3Handler.java:307)
at
org.apache.james.util.connection.ServerConnection$ClientConnectionRunner.run(ServerConnection.java:462)
at
org.apache.avalon.excalibur.thread.impl.ExecutableRunnable.execute(ExecutableRunnable.java:47)
at
org.apache.avalon.excalibur.thread.impl.WorkerThread.run(WorkerThread.java:80)
Caused by: javax.net.ssl.SSLHandshakeException: no cipher suites in common
at com.sun.net.ssl.internal.ssl.BaseSSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SunJSSE_aw.b(DashoA6275)
at com.sun.net.ssl.internal.ssl.SunJSSE_aw.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SunJSSE_aw.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SunJSSE_ax.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.j(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.AppOutputStream.write(DashoA6275)
at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:66)
at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:124)
at sun.nio.cs.StreamEncoder$CharsetSE.implFlush(StreamEncoder.java:410)
at sun.nio.cs.StreamEncoder.flush(StreamEncoder.java:152)
at java.io.OutputStreamWriter.flush(OutputStreamWriter.java:213)
at java.io.BufferedWriter.flush(BufferedWriter.java:230)
at java.io.PrintWriter.flush(PrintWriter.java:120)
at
org.apache.james.util.InternetPrintWriter.println(InternetPrintWriter.java:131)
at
org.apache.james.util.InternetPrintWriter.println(InternetPrintWriter.java:228)
at
org.apache.james.pop3server.POP3Handler.handleConnection(POP3Handler.java:304)
... 3 more


I changed the
org.apache.avalon.cornerstone.blocks.sockets.TLSServerSocketFactory from
cornerstone.jar. Added

if(serversocket instanceof SSLServerSocket) {
SSLServerSocket sslserversocket = (SSLServerSocket)serversocket;
sslserversocket.setEnabledCipherSuites(sslserversocket.getSupportedCipherSuites());
sslserversocket.setNeedClientAuth(false);
}

in method "createServerSocket" and POP3Server starts.
Howether, SMTP server was working as before (doesn't work).

Any thoughts?

Could you please re-verify if your james is working with ordinary
non-trusted certificate?
Post by Vincenzo Gianferrari Pini
1) I'm using jdk140, with embedded JSSE.
2) I'm using a trusted certificat from Thawte. But if I remember well, I think that I made before that some tests with my own self signed certificate, but I'm not sure.
3) If you changed to port 465, check if your firewall allows it.
Vincenzo
Thanks in advance.
Denis.
Vincenzo Gianferrari Pini
2003-05-24 12:27:08 UTC
Permalink
Post by Emmanuel Gilmont
Maybe I'm wrong but if I remember myself, I did some test with
Outlook some
weeks ago... I don't know if Outlook can handle SSL/TLS negociation. If I
remember, it can only do normal connection over port 110 for pop
and 25 for
SMTP. Hint: try another mail client to see if it's Outlook or your James
implementation. E.g., test if you can reach James with openssl.
I use Outlook and it works perfectly with James and SSL/TLS.

Vincenzo
Loading...