4 Replies Latest reply: Mar 27, 2012 2:00 PM by Bill Shannon-Oracle RSS

    NoSuchAlgorithmException under win server 2003, but not 2008

    920242
      I have a strange error, I can reproduce but which I can't quite figure out the cause or solution to.

      vitals: javamail 1.4.4, Windows Server 2003, JBoss.

      So, I have a pretty large stack trace I won't include (yet), but it starts with a NoSuchAlgorithmException. This is tripped when I send an email to gmail servers using TLS or SSL encryption. Exact same EAR on Windows Server 2008, works fine.

      Please read that again: using the same EAR & the same parameters to send the email under 2008, it gets where it needs fine. So, I'm pretty sure I have the ports/smtp server/etc nailed.

      Have looked into a lot of possibilities, nothing has panned out.

      Solution would be great, direction or thoughts would be enough.

      Thanks in advance,
      Colin
        • 1. Re: NoSuchAlgorithmException under win server 2003, but not 2008
          Bill Shannon-Oracle
          It looks like there's a difference in the security configuration of the two machines.
          Are you using the same JDK version on both machines? It looks like one of the
          machines isn't trusting the Gmail server's certificate. Possibly the different app
          server instances have configured the trust store differently?
          • 2. Re: NoSuchAlgorithmException under win server 2003, but not 2008
            jtahlborn
            what algorithm? is it possible that the jre on one machine has the unrestricted security policy jars (e.g. US policy) and the other doesn't?
            • 3. Re: NoSuchAlgorithmException under win server 2003, but not 2008
              920242
              both machines do have the same jdk. our application installs everything it needs, and then uses that version.

              and it definitely seems like either it's not trusting something it's getting from the gmail servers, or it's unable to understand what it's getting. snippet of stack trace below. why might that be happening in 2003 and not in 2008?

              also, i've looked at a couple of questions on stackoverflow (http://stackoverflow.com/questions/6365209/java-and-ssl-java-security-nosuchalgorithmexception), and i confirmed the policy files are the unlimited strength versions. not much luck.

              ---------------------------------
              javax.mail.MessagingException: Could not convert socket to TLS;
              nested exception is:
              java.net.SocketException: java.security.NoSuchAlgorithmException: Error constructing implementation (algorithm: Default, provider: SunJSSE, class: com.sun.net.ssl.internal.ssl.DefaultSSLContextImpl)
              at com.sun.mail.smtp.SMTPTransport.startTLS(SMTPTransport.java:1880)
              at com.sun.mail.smtp.SMTPTransport.protocolConnect(SMTPTransport.java:648)
              at javax.mail.Service.connect(Service.java:317)
              at javax.mail.Service.connect(Service.java:176)
              at javax.mail.Service.connect(Service.java:125)
              at javax.mail.Transport.send0(Transport.java:194)
              at javax.mail.Transport.send(Transport.java:124)
              **** redacted ****
              .. 14 more
              Caused by: java.security.cert.CertificateParsingException: signed overrun, bytes = 257
              at sun.security.x509.X509CertImpl.parse(Unknown Source)
              at sun.security.x509.X509CertImpl.<init>(Unknown Source)
              at sun.security.provider.X509Factory.engineGenerateCertificate(Unknown Source)
              at java.security.cert.CertificateFactory.generateCertificate(Unknown Source)
              at sun.security.provider.JavaKeyStore.engineLoad(Unknown Source)
              at sun.security.provider.JavaKeyStore$JKS.engineLoad(Unknown Source)
              at java.security.KeyStore.load(Unknown Source)
              at com.sun.net.ssl.internal.ssl.TrustManagerFactoryImpl.getCacertsKeyStore(Unknown Source)
              at com.sun.net.ssl.internal.ssl.DefaultSSLContextImpl.getDefaultTrustManager(Unknown Source)
              at com.sun.net.ssl.internal.ssl.DefaultSSLContextImpl.<init>(Unknown Source)
              at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
              at sun.reflect.NativeConstructorAccessorImpl.newInstance(Unknown Source)
              at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(Unknown Source)
              at java.lang.reflect.Constructor.newInstance(Unknown Source)
              at java.lang.Class.newInstance0(Unknown Source)
              at java.lang.Class.newInstance(Unknown Source)
              ... 21 more
              ---------------------------------
              • 4. Re: NoSuchAlgorithmException under win server 2003, but not 2008
                Bill Shannon-Oracle
                Make sure they're actually using the JDK you installed.

                Also, check the JBoss configuration on the two machines. It could be overriding the JDK security configuration.