James
Translated
Downloads
Current Documentation
Older Documentation
Project
Jakarta Information (web)
Related Projects (web)
|
James 1.2.1 - Using TLS |
This document explains how to enable JAMES 1.2.1 to use Transport Layer
Security (TLS) (ie SSL).
|
Obtain JSSE |
Obtain JSSE source from java.sun.com. Follow their installation directions.
We assume that you install JSSE as a standard extension, with a static
provider definition. (See notes with JSSE distribution)
Note that the US export restrictions still apply to JSSE
(at version 1.0.2), so while both the international and domestic versions
offer the same level of crypto, the international version does not take
alternative providers.
|
Enable TLS |
Using JAMES with TLS. You need to do three things over and above the
normal operation of James:
- In Avalon.conf.xml, uncomment the TLS listener defintion.
- In JAMES.conf.xml, uncomment the <useTLS>TRUE</useTLS> element
for the service you want to use TLS. It is currently available for
remote manager and POP3. (If using POP3 over TLS, it is probably best
to change port to 995, which is the IANA designated POP3S port).
- Ensure that avalonTestKeys is in the conf directory. You may need
to manually extract this from the Avalon.jar (with: jar xvf Avalon.jar
conf/avalonTestKeys). Note that this is a self-signed certificate for
test purposes only. You can specify a different server certificate in
the Avalon.conf.xml file.
Start James
|
Verify TLS-enabled JAMES |
(Positive Test) Use an SSL client to open a socket to the appropriate port.
I used openssl from www.openssl.org to test this.
E.g. openssl s_client -connect localhost:4555. You should see the normal
remote manager or POP3 server greeting and have normal operation.
- If, using openssl s_client, you get a connection refused/ error no
111, just try again. This probably means you got to the port before it
was ready.
(Negative Test) telnet to port 4555 (ie without SSL). This should hang the
telnet client. It should also lock port 4555 until the connection times out,
I think.
|
|