Preview Tool

Cisco Bug: CSCur35932 - Envelope Encrypt application doesn't support TLS for internal keyserver

Last Modified

Sep 15, 2016

Products (1)

  • Cisco Email Encryption

Known Affected Releases

Description (partial)

If the HTTPS connection listener of an IEA is configured to use TLS only (SSLv3 disabled) you may encounter the following exception in the mailserver.log when attempting to encrypt a registered envelope:

2014-10-21 12:00:00,803 INFO  [com.postx.james.transport.mailets.PostXEnvelopeSender] (Mail1413909964777-5) PostXEnvelopeSender: Exception Logged: 
com.postx.keyserver.KeyServerException: Failed to Update Keystore
       at com.postx.evp.builder.EnvelopeBuilder.updateKeystore(
       at com.postx.evp.builder.EnvelopeBuilder.buildEnvelopeHelper(
       at com.postx.evp.builder.EnvelopeBuilder.buildEnvelope(
       at com.postx.james.transport.mailets.PostXEnvelopeSender.buildMessage(
       at com.postx.james.transport.mailets.PostXEnvelopeSender.realDeliver(
       at com.postx.james.transport.mailets.PostXEnvelopeSender.deliver(
       at Source)
Caused by: Received fatal alert: handshake_failure
       at Source)
       at Source)
       at Source)
       at Source)
       at Source)
       at Source)
       at Source)
       at Source)
       at Source)
       at org.apache.commons.httpclient.methods.EntityEnclosingMethod.writeRequestBody(
       at org.apache.commons.httpclient.HttpMethodBase.writeRequest(
       at org.apache.commons.httpclient.HttpMethodBase.execute(
       at org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(
       at org.apache.commons.httpclient.HttpMethodDirector.executeMethod(
       at org.apache.commons.httpclient.HttpClient.executeMethod(
       at org.apache.commons.httpclient.HttpClient.executeMethod(
       at com.postx.comm.http.HttpConnectionApache.execute(
       at com.postx.comm.KeyServerClient.sendRequest(
       at com.postx.evp.builder.EnvelopeBuilder.updateKeystore(
       ... 7 more

This issue occurs when using an Envelope Encrypt type application as a Registered Envelope, if the 'Key Server Internal URL' uses HTTPS.
Bug details contain sensitive information and therefore require a account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.