<?xml version="1.0" encoding="UTF-8"?>
<!--
  Licensed to the Apache Software Foundation (ASF) under one
  or more contributor license agreements.  See the NOTICE file
  distributed with this work for additional information
  regarding copyright ownership.  The ASF licenses this file
  to you under the Apache License, Version 2.0 (the
  "License"); you may not use this file except in compliance
  with the License.  You may obtain a copy of the License at

    http://www.apache.org/licenses/LICENSE-2.0

  Unless required by applicable law or agreed to in writing,
  software distributed under the License is distributed on an
  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
  KIND, either express or implied.  See the License for the
  specific language governing permissions and limitations
  under the License.    
-->
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<!-- Generated by Apache Maven Doxia at 2021-11-12 -->
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
  <head>
    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
    <title>Apache James Project &#x2013; Using TLS</title>
    <style type="text/css" media="all">
      @import url("../../css/james.css");
      @import url("../../css/maven-base.css");
      @import url("../../css/maven-theme.css");
      @import url("../../css/site.css");
      @import url("../../js/jquery/css/custom-theme/jquery-ui-1.8.5.custom.css");
      @import url("../../js/jquery/css/print.css");
      @import url("../../js/fancybox/jquery.fancybox-1.3.4.css");
    </style>
    <script type="text/javascript" src="../../js/jquery/js/jquery-1.4.2.min.js"></script>
    <script type="text/javascript" src="../../js/jquery/js/jquery-ui-1.8.5.custom.min.js"></script>
    <script type="text/javascript" src="../../js/fancybox/jquery.fancybox-1.3.4.js"></script>
    <link rel="stylesheet" href="../../css/print.css" type="text/css" media="print" />
      <meta name="author" content="Charles Benett" />
    <meta name="Date-Revision-yyyymmdd" content="20211112" />
    <meta http-equiv="Content-Language" content="en" />
        
          <!-- Google Analytics -->
    <script type="text/javascript">
    
      var _gaq = _gaq || [];
      _gaq.push(['_setAccount', 'UA-1384591-1']);
      _gaq.push(['_trackPageview']);

      (function() {
        var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true;
        ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js';
        var s = document.getElementsByTagName('script').item(0); s.parentNode.insertBefore(ga, s);
      })();

    </script>
    </head>
  <body class="composite">
    <div id="banner">
                                      <a href="../../index.html" id="bannerLeft" title="james-logo.png">
              
                                                                            
        <img src="../../images/logos/james-logo.png" alt="James Project" />
                </a>
                              <a href="https://www.apache.org/index.html" id="bannerRight">
              
                                        
        <img src="images/logos/asf_logo_small.png" alt="The Apache Software Foundation" />
                </a>
            <div class="clear">
        <hr/>
      </div>
    </div>
    <div id="breadcrumbs">
            
                
                <div class="xleft">
        <span id="publishDate">Last Published: 2021-11-12</span>
                      </div>
            <div class="xright">                    <a href="../../index.html" title="Home">Home</a>
            |
                        <a href="../../documentation.html" title="James">James</a>
            |
                        <a href="../../mime4j/index.html" title="Mime4J">Mime4J</a>
            |
                        <a href="../../jsieve/index.html" title="jSieve">jSieve</a>
            |
                        <a href="../../jspf/index.html" title="jSPF">jSPF</a>
            |
                        <a href="../../jdkim/index.html" title="jDKIM">jDKIM</a>
              
                
      </div>
      <div class="clear">
        <hr/>
      </div>
    </div>
    <div id="leftColumn">
      <div id="navcolumn">
             
                
                                <h5>James components</h5>
                  <ul>
                                                                                                                                                                                                                    <li class="collapsed">
                          <a href="../../documentation.html" title="About James">About James</a>
                  </li>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  <li class="collapsed">
                          <a href="../../server/index.html" title="Server">Server</a>
                  </li>
                                                                                                                                                                                                                                                                          <li class="collapsed">
                          <a href="../../mailet/index.html" title="Mailets">Mailets</a>
                  </li>
                                                                                                                                                                                                                                                                                      <li class="collapsed">
                          <a href="../../mailbox/index.html" title="Mailbox">Mailbox</a>
                  </li>
                                                                                                                                                                                <li class="collapsed">
                          <a href="../../protocols/index.html" title="Protocols">Protocols</a>
                  </li>
                                                                                                                                                                                      <li class="collapsed">
                          <a href="../../mpt/index.html" title="MPT">MPT</a>
                  </li>
          </ul>
        <h5>Apache Software Foundation</h5>
  <ul>
    <li>
      <strong>
        <a title="ASF" href="http://www.apache.org/">ASF</a>
      </strong>
    </li>
    <li>
      <a title="Get Involved" href="http://www.apache.org/foundation/getinvolved.html">Get Involved</a>
    </li>
    <li>
      <a title="FAQ" href="http://www.apache.org/foundation/faq.html">FAQ</a>
    </li>
    <li>
      <a title="License" href="http://www.apache.org/licenses/" >License</a>
    </li>
    <li>
      <a title="Sponsorship" href="http://www.apache.org/foundation/sponsorship.html">Sponsorship</a>
    </li>
    <li>
      <a title="Thanks" href="http://www.apache.org/foundation/thanks.html">Thanks</a>
    </li>
    <li>
      <a title="Security" href="http://www.apache.org/security/">Security</a>
    </li>
  </ul>
                       <a href="http://maven.apache.org/" title="Built by Maven" class="poweredBy">
        <img class="poweredBy" alt="Built by Maven" src="../../images/logos/maven-feather.png" />
      </a>
                   
                
            </div>
    </div>
    <div id="bodyColumn">
      <div id="contentBox">
        

 

<section>
<h2><a name="James_1.2.1_-_Using_TLS"></a>James 1.2.1 - Using TLS</h2>

  
<p>
    This document explains how to enable JAMES 1.2.1 to use Transport Layer
    Security (TLS) (ie SSL).
  </p>
</section>

<section>
<h2><a name="Obtain_JSSE"></a>Obtain JSSE</h2>

  
<p>
    Obtain JSSE source from java.sun.com. Follow their installation directions.
    We assume that you install JSSE as a standard extension, with a static
    provider definition. (See notes with JSSE distribution)
  </p>
  
<p>
    Note that the US export restrictions still apply to JSSE
    (at version 1.0.2), so while both the international and domestic versions
    offer the same level of crypto, the international version does not take
    alternative providers.
  </p>

</section>

<section>
<h2><a name="Enable_TLS"></a>Enable TLS</h2>

  
<p>
    Using JAMES with TLS. You need to do three things over and above the
    normal operation of James: 
    </p>
<ul>
      
<li>In Avalon.conf.xml, uncomment the TLS listener defintion.</li>
      
<li>In JAMES.conf.xml, uncomment the &lt;useTLS&gt;TRUE&lt;/useTLS&gt; element
        for the service you want to use TLS. It is currently available for
        remote manager and POP3. (If using POP3 over TLS, it is probably best
        to change port to 995, which is the IANA designated POP3S port).</li>
      
<li> Ensure that avalonTestKeys is in the conf directory. You may need
        to manually extract this from the Avalon.jar (with: jar xvf Avalon.jar
        conf/avalonTestKeys). Note that this is a self-signed certificate for
        test purposes only. You can specify a different server certificate in
        the Avalon.conf.xml file.</li>
    </ul>
  
  
<p>
    Start James
  </p>
</section>

<section>
<h2><a name="Verify_TLS-enabled_JAMES"></a>Verify TLS-enabled JAMES</h2>
  
<p>
    (Positive Test) Use an SSL client to open a socket to the appropriate port.
    I used openssl from www.openssl.org to test this.
    E.g. openssl s_client -connect localhost:4555. You should see the normal
    remote manager or POP3 server greeting and have normal  operation. 
    <br />
      - If, using openssl s_client, you get a connection refused/ error no
      111, just try again. This probably means you got to the port before it
      was ready.
    </br>
 </p>
  
<p>
   (Negative Test) telnet to port 4555 (ie without SSL). This should hang the
   telnet client. It should also lock port 4555 until the connection times out,
   I think.
  </p>
</section>



      </div>
    </div>
    <div class="clear">
      <hr/>
    </div>
    <div id="footer">
      <div class="xright">Copyright &#169;                    2006-2021
                        <a href="https://www.apache.org/">The Apache Software Foundation</a>.
            All Rights Reserved.      
                
      </div>
      <div class="clear">
        <hr/>
      </div>
    </div>
  </body>
</html>
