Guest

Preview Tool

Cisco Bug: CSCur35932 - Envelope Encrypt application doesn't support TLS for internal keyserver

Last Modified

Sep 15, 2016

Products (1)

Known Affected Releases

6.5.6.1-01

Description (partial)

Symptom:
If the HTTPS connection listener of an IEA is configured to use TLS only (SSLv3 disabled) you may encounter the following exception in the mailserver.log when attempting to encrypt a registered envelope:

2014-10-21 12:00:00,803 INFO  [com.postx.james.transport.mailets.PostXEnvelopeSender] (Mail1413909964777-5) PostXEnvelopeSender: Exception Logged: 
com.postx.keyserver.KeyServerException: Failed to Update Keystore
       at com.postx.evp.builder.EnvelopeBuilder.updateKeystore(EnvelopeBuilder.java:7790)
       at com.postx.evp.builder.EnvelopeBuilder.buildEnvelopeHelper(EnvelopeBuilder.java:6448)
       at com.postx.evp.builder.EnvelopeBuilder.buildEnvelope(EnvelopeBuilder.java:6040)
       at com.postx.james.transport.mailets.PostXEnvelopeSender.buildMessage(PostXEnvelopeSender.java:2172)
       at com.postx.james.transport.mailets.PostXEnvelopeSender.realDeliver(PostXEnvelopeSender.java:3274)
       at com.postx.james.transport.mailets.PostXEnvelopeSender.deliver(PostXEnvelopeSender.java:2436)
       at com.postx.james.transport.mailets.PostXEnvelopeSender.run(PostXEnvelopeSender.java:4356)
       at java.lang.Thread.run(Unknown Source)
Caused by: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
       at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown Source)
       at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown Source)
       at com.sun.net.ssl.internal.ssl.SSLSocketImpl.recvAlert(Unknown Source)
       at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown Source)
       at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
       at com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(Unknown Source)
       at com.sun.net.ssl.internal.ssl.AppOutputStream.write(Unknown Source)
       at java.io.BufferedOutputStream.flushBuffer(Unknown Source)
       at java.io.BufferedOutputStream.flush(Unknown Source)
       at org.apache.commons.httpclient.methods.EntityEnclosingMethod.writeRequestBody(EntityEnclosingMethod.java:502)
       at org.apache.commons.httpclient.HttpMethodBase.writeRequest(HttpMethodBase.java:1973)
       at org.apache.commons.httpclient.HttpMethodBase.execute(HttpMethodBase.java:993)
       at org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:397)
       at org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:170)
       at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:396)
       at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:346)
       at com.postx.comm.http.HttpConnectionApache.execute(HttpConnectionApache.java:293)
       at com.postx.comm.KeyServerClient.sendRequest(KeyServerClient.java:274)
       at com.postx.evp.builder.EnvelopeBuilder.updateKeystore(EnvelopeBuilder.java:7713)
       ... 7 more

Conditions:
This issue occurs when using an Envelope Encrypt type application as a Registered Envelope, if the 'Key Server Internal URL' uses HTTPS.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.