This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SecurID® Governance & Lifecycle Knowledge Base

Find answers to your questions and identify resolutions for known issues with knowledge base articles written by SecurID Governance & Lifecycle experts.

SSLHandshakeException error when IMAPS protocol is configured for Approval Email Server in RSA Governance & Lifecycle

Article Number

000068197

Applies To

SecurID Governance & Lifecycle 7.5.2 P03 on IBM WebSphere

Issue

When SecurID Governance & Lifecycle 7.5.2 P03, deployed on IBM WebSphere 8.5.5.21, is configured to use IMAPS protocol (default port 993) for Approval Email Server, the following exception shows in the logs: 
javax.mail.MessagingException: Could not connect to message store for imaps://username@imaps-server.hostname:993;
nested exception is:
javax.mail.MessagingException: Remote host terminated the handshake;
nested exception is:
javax.net.ssl.SSLHandshakeException: Remote host terminated the handshake
at com.aveksa.server.email.common.EmailUtils.connectToMailStore(EmailUtils.java:651)
at com.aveksa.server.email.mailboxmonitor.MailboxMonitorThread.checkForMail(MailboxMonitorThread.java:178)
at com.aveksa.server.email.mailboxmonitor.MailboxMonitorThread.run(MailboxMonitorThread.java:46)
Caused by: javax.mail.MessagingException: Remote host terminated the handshake;
nested exception is:
javax.net.ssl.SSLHandshakeException: Remote host terminated the handshake
at com.sun.mail.imap.IMAPStore.protocolConnect(IMAPStore.java:670)
at javax.mail.Service.connect(Service.java:295)
at javax.mail.Service.connect(Service.java:176)
at javax.mail.Service.connect(Service.java:125)
at com.aveksa.server.email.common.EmailUtils.connectToMailStore(EmailUtils.java:625)
... 2 more
Caused by: javax.net.ssl.SSLHandshakeException: Remote host terminated the handshake
at com.ibm.jsse2.bj.a(bj.java:18)
at com.ibm.jsse2.bj.b(bj.java:1)
at com.ibm.jsse2.bj.f(bj.java:427)
at com.ibm.jsse2.bj.a(bj.java:406)
at com.ibm.jsse2.bj.startHandshake(bj.java:160)
at com.sun.mail.util.SocketFetcher.configureSSLSocket(SocketFetcher.java:549)
at com.sun.mail.util.SocketFetcher.createSocket(SocketFetcher.java:354)
at com.sun.mail.util.SocketFetcher.getSocket(SocketFetcher.java:237)
at com.sun.mail.iap.Protocol.<init>(Protocol.java:116)
at com.sun.mail.imap.protocol.IMAPProtocol.<init>(IMAPProtocol.java:115)
at com.sun.mail.imap.IMAPStore.newIMAPProtocol(IMAPStore.java:685)
at com.sun.mail.imap.IMAPStore.protocolConnect(IMAPStore.java:636)
... 6 more
An inspection of the TCP network traffic capture data shows a connection being attempted using TLSv1.0.
 

Cause

The mail server and/or a network firewall is configured to only allow TLS v1.2 connections, and any connection attempts using TLS v1.0 are refused/terminated.

Resolution

On IBM WebSphere, hosting the SecurID Governance & Lifecycle application, configure the following JVM argument: 
mail.imaps.ssl.protocols=TLSv1.2
Note: The JVM argument can be added on the WebSphere console > click Servers > Server types > WebSphere application servers > Select server > select the server used for SecurID Governance & Lifecycle > Configuration tab > select Server Infrastructure > Java and Process Management > Process Definition > Additional Properties > Java Virtual Machine > Generic JVM Arguments.
0 Likes
Was this article helpful? Yes No
No ratings

In this article

Version history
Last update:
‎2023-05-29 05:16 PM
Updated by:
Administrator Administrator

Related Content

© 2023 RSA Security LLC or its affiliates. All rights reserved.