web stats
Email Reader Error: javax.net.ssl.SSLException: Unsupported record version Unknown - Mirth Community

Go Back   Mirth Community > Mirth Connect > Support

Reply
 
Thread Tools Display Modes
  #1  
Old 02-20-2015, 06:05 AM
jonjojr jonjojr is offline
What's HL7?
 
Join Date: Apr 2014
Posts: 2
jonjojr is on a distinguished road
Default Email Reader Error: javax.net.ssl.SSLException: Unsupported record version Unknown

Upgraded to version 3.1 and now my Email Reader channel is causing the below error every time I try to start the channel. In version 3.0 this channel was working fine.

Code:
ERROR (com.mirth.connect.server.channel.LoggingTaskHandler:24): com.mirth.connect.donkey.server.StartException: Failed to start channel EmailReader (f1b3b50f-f4ca-485a-bb5f-5d71ff7b2bb0).

	at com.mirth.connect.donkey.server.channel.Channel.start(Channel.java:677)

	at com.mirth.connect.server.controllers.DonkeyEngineController$ChannelStatusTask.execute(DonkeyEngineController.java:1357)

	at com.mirth.connect.server.channel.ChannelTask.call(ChannelTask.java:59)

	at com.mirth.connect.server.channel.ChannelTask.call(ChannelTask.java:16)

	at java.util.concurrent.FutureTask.run(Unknown Source)

	at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)

	at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)

	at java.lang.Thread.run(Unknown Source)
Caused by: com.mirth.connect.donkey.server.ConnectorTaskException: * BYE JavaMail Exception: javax.net.ssl.SSLException: Unsupported record version Unknown-11.23

	at com.mirth.connect.connectors.email.server.EmailReceiver.onStart(EmailReceiver.java:98)

	at com.mirth.connect.donkey.server.channel.SourceConnector.start(SourceConnector.java:108)

	at com.mirth.connect.donkey.server.channel.PollConnector.start(PollConnector.java:29)

	at com.mirth.connect.donkey.server.channel.Channel.start(Channel.java:653)

	... 7 more
Caused by: javax.mail.MessagingException: * BYE JavaMail Exception: javax.net.ssl.SSLException: Unsupported record version Unknown-11.23;
  nested exception is:

	com.sun.mail.iap.ProtocolException: * BYE JavaMail Exception: javax.net.ssl.SSLException: Unsupported record version Unknown-11.23

	at com.sun.mail.imap.IMAPStore.protocolConnect(IMAPStore.java:670)

	at javax.mail.Service.connect(Service.java:345)

	at javax.mail.Service.connect(Service.java:226)

	at javax.mail.Service.connect(Service.java:246)

	at com.mirth.connect.connectors.email.server.EmailClient.connect(EmailClient.java:181)

	at com.mirth.connect.connectors.email.server.EmailReceiver.onStart(EmailReceiver.java:96)

	... 10 more
Caused by: com.sun.mail.iap.ProtocolException: * BYE JavaMail Exception: javax.net.ssl.SSLException: Unsupported record version Unknown-11.23

	at com.sun.mail.imap.protocol.IMAPProtocol.capability(IMAPProtocol.java:169)

	at com.sun.mail.imap.protocol.IMAPProtocol.<init>(IMAPProtocol.java:123)

	at com.sun.mail.imap.IMAPStore.newIMAPProtocol(IMAPStore.java:689)

	at com.sun.mail.imap.IMAPStore.protocolConnect(IMAPStore.java:638)

Attached is an image of how the channel is configured.

Reply With Quote
  #2  
Old 02-20-2015, 07:12 AM
narupley's Avatar
narupley narupley is online now
Mirth Employee
 
Join Date: Oct 2010
Posts: 7,119
narupley is on a distinguished road
Default

That is likely happening because of the protocols / cipher suites changes we made in 3.1.1, to prevent against the POODLE SSL vulnerability. We removed SSLv3 support, and explicitly added TLS v1.1 and v1.2 to client-side support. The latter was already happening in Java 8, but now MC will do the same even when running on Java 7.

It could be that your server only supports SSLv3, or it supports TLSv1.0 but does not implement forward compatibility correctly and refuses to talk to TLSv1.1 or TLSv1.2 clients.

The best solution is to go to whoever manages that mail server and tell them to come into the 21st century (literally, SSLv3 was released in 1996, and TLSv1.0 in 1999) and start supporting TLS v1.1 and 1.2.

You can try adding "SSLv3" to "https.client.protocols" in mirth.properties. If that doesn't work, try setting that property to just "TLSv1".

NOTE: Adding back SSLv3 will leave your server vulnerable to known attacks. Your server would no longer be considered "secure". Also note that any changes to the protocols / cipher suites affect all SSL connections across the entire server, not just your Email Reader connector.

It could also be that the handshake is trying to use an encryption key length outside the scope of what Java can perform by default. So one last thing you could try is adding the JCE unlimited strength policy files into your server Java installation. Search the web for those.
__________________
Step 1: JAVA CACHE...DID YOU CLEAR ...wait, ding dong the witch is dead?

Nicholas Rupley
Work: 949-237-6069
Always include what Mirth Connect version you're working with. Also include (if applicable) the code you're using and full stacktraces for errors (use CODE tags). Posting your entire channel is helpful as well; make sure to scrub any PHI/passwords first.


- How do I foo?
- You just bar.

Last edited by narupley; 02-20-2015 at 07:25 AM.
Reply With Quote
  #3  
Old 02-20-2015, 08:32 AM
jonjojr jonjojr is offline
What's HL7?
 
Join Date: Apr 2014
Posts: 2
jonjojr is on a distinguished road
Default

Quote:
Originally Posted by narupley View Post
That is likely happening because of the protocols / cipher suites changes we made in 3.1.1, to prevent against the POODLE SSL vulnerability. We removed SSLv3 support, and explicitly added TLS v1.1 and v1.2 to client-side support. The latter was already happening in Java 8, but now MC will do the same even when running on Java 7.

It could be that your server only supports SSLv3, or it supports TLSv1.0 but does not implement forward compatibility correctly and refuses to talk to TLSv1.1 or TLSv1.2 clients.

The best solution is to go to whoever manages that mail server and tell them to come into the 21st century (literally, SSLv3 was released in 1996, and TLSv1.0 in 1999) and start supporting TLS v1.1 and 1.2.

You can try adding "SSLv3" to "https.client.protocols" in mirth.properties. If that doesn't work, try setting that property to just "TLSv1".

NOTE: Adding back SSLv3 will leave your server vulnerable to known attacks. Your server would no longer be considered "secure". Also note that any changes to the protocols / cipher suites affect all SSL connections across the entire server, not just your Email Reader connector.

It could also be that the handshake is trying to use an encryption key length outside the scope of what Java can perform by default. So one last thing you could try is adding the JCE unlimited strength policy files into your server Java installation. Search the web for those.
"tell them to come into the 21st century..."

I did that, but I think I stirred the pot with that statement. ooopps!! :-)

I'll keep you posted on the results.

Thanks for the quick response.
__________________
We can complain about it, or we can code it!
Reply With Quote
Reply

Tags
3.1, email, error, reader, ssl

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -8. The time now is 09:49 AM.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2019, vBulletin Solutions, Inc.
Mirth Corporation