JAVA security provider changes
When the JAVA security provider changes, some unexpected errors might be experienced on the pages, where passwords are stored, and/or e-mail processing may be stopped.
JAVA security provider in Email This Issue
In some cases, Email This Issue stores sensitive information, e.g., passwords for mail accounts. In these cases, the data is stored in encrypted form. To store (and use) this data, security providers are used. When this provider changes in JAVA, the earlier stored encrypted values can be invalidated.
Changing the Security Provider
The security provider can be updated either manually or automatically:
Manual Change: If you choose to update the security provider manually, it is assumed that you are familiar with the necessary steps and the potential impact.
Automatic Change: The security provider may also change automatically in certain scenarios, such as when upgrading the Java version or implementing security-related configurations (e.g., enabling FIPS mode).
Symptoms
Some pages, like Outgoing -and Incoming Mail Connections, are not loading correctly
In the logs, similar entries like the below example can appear:
/rest/jeti/1.0/admin/outgoing-mail-connection; user: admin ERROR admin 423x376x2 jdcqso 172.26.0.1 /rest/jeti/1.0/admin/outgoing-mail-connection [c.m.j.p.e.mailserver.outgoing.ServerOutgoingConnectionRepository] Error decrypting password
java.lang.SecurityException: java.security.InvalidAlgorithmParameterException: Wrong IV length: must be 4 bytes long
How to fix it
If any of the issues mentioned above are encountered, they can be easily resolved. Simply navigate to the pages where the Mail Connection details are stored, enter the password fields again, and save the data. This will overwrite the existing information, ensuring it's updated with the new security provider.
How to avoid this issue
Avoiding this issue requires additional administrative steps, and it may not always be worth the effort, so careful consideration is recommended before proceeding.
A custom security provider can be set up, or the order of built-in providers used by Java can be customized. It is recommended to use one of the built-in providers, preferably a FIPS-compatible one. To achieve this, a custom java.security
file needs to be created, and the java.security.properties
option should be configured. For further guidance on how to do this, refer to the pages linked below.
Last updated
Was this helpful?