📈 Marketplace❓ Support❤️ Feedback🏠 META-INF Apps

JAVA security provider changes

When the JAVA security provider changes, some unexpected errors might be experienced on the pages, where passwords are stored, and/or e-mail processing may be stopped.

JAVA security provider in Email This Issue

In some cases, Email This Issue stores sensitive information, e.g., passwords for mail accounts. In these cases, the data is stored in encrypted form. To store (and use) this data, security providers are used. When this provider changes in JAVA, the earlier stored encrypted values can be invalidated.

Changing the Security Provider

The security provider can be updated either manually or automatically:

  • Manual Change: If you choose to update the security provider manually, it is assumed that you are familiar with the necessary steps and the potential impact.

  • Automatic Change: The security provider may also change automatically in certain scenarios, such as when upgrading the Java version or implementing security-related configurations (e.g., enabling FIPS mode).

Symptoms

  • Some pages, like Outgoing -and Incoming Mail Connections, are not loading correctly

  • In the logs, similar entries like the below example can appear:

/rest/jeti/1.0/admin/outgoing-mail-connection; user: admin ERROR admin 423x376x2 jdcqso 172.26.0.1 /rest/jeti/1.0/admin/outgoing-mail-connection [c.m.j.p.e.mailserver.outgoing.ServerOutgoingConnectionRepository] Error decrypting password
java.lang.SecurityException: java.security.InvalidAlgorithmParameterException: Wrong IV length: must be 4 bytes long

How to fix it

If any of the issues mentioned above are encountered, they can be easily resolved. Simply navigate to the pages where the Mail Connection details are stored, enter the password fields again, and save the data. This will overwrite the existing information, ensuring it's updated with the new security provider.

How to avoid this issue

Avoiding this issue requires additional administrative steps, and it may not always be worth the effort, so careful consideration is recommended before proceeding.

A custom security provider can be set up, or the order of built-in providers used by Java can be customized. It is recommended to use one of the built-in providers, preferably a FIPS-compatible one. To achieve this, a custom java.security file needs to be created, and the java.security.properties option should be configured. For further guidance on how to do this, refer to the pages linked below.

PreviousTop-level menu navigationNextServer to Cloud - Manual migration guide for Email This Issue

Last updated

Was this helpful?