# JAVA security provider changes ## **JAVA security provider in Email This Issue** In some cases, Email This Issue stores sensitive information, e.g., passwords for mail accounts. In these cases, the data is stored in encrypted form. To store (and use) this data, security providers are used.\ When this provider changes in JAVA, the earlier stored encrypted values can be invalidated. ## **Changing the Security Provider** The security provider can be updated either manually or automatically: * **Manual Change**: If you choose to update the security provider manually, it is assumed that you are familiar with the necessary steps and the potential impact. * **Automatic Change**: The security provider may also change automatically in certain scenarios, such as when upgrading the Java version or implementing security-related configurations (e.g., enabling FIPS mode). ## Symptoms * Some pages, like Outgoing -and Incoming Mail Connections, are not loading correctly * In the logs, similar entries like the below example can appear: ``` /rest/jeti/1.0/admin/outgoing-mail-connection; user: admin ERROR admin 423x376x2 jdcqso 172.26.0.1 /rest/jeti/1.0/admin/outgoing-mail-connection [c.m.j.p.e.mailserver.outgoing.ServerOutgoingConnectionRepository] Error decrypting password java.lang.SecurityException: java.security.InvalidAlgorithmParameterException: Wrong IV length: must be 4 bytes long ``` ## How to fix it If any of the issues mentioned above are encountered, they can be easily resolved. Simply navigate to the pages where the Mail Connection details are stored, enter the password fields again, and save the data. This will overwrite the existing information, ensuring it's updated with the new security provider. ## How to avoid this issue Avoiding this issue requires additional administrative steps, and it may not always be worth the effort, so careful consideration is recommended before proceeding. A custom security provider can be set up, or the order of built-in providers used by Java can be customized. It is recommended to use one of the built-in providers, preferably a FIPS-compatible one. To achieve this, a custom `java.security` file needs to be created, and the `java.security.properties` option should be configured. For further guidance on how to do this, refer to the pages linked below. * * --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.meta-inf.hu/email-this-issue/email-this-issue-for-jira-server-data-center/documentation/java-security-provider-changes.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.