email Port- Webmethod 9.8

,
1

Hi All,

We have the email port up and running with the email user and password which was working with no issues.

Recently our network team has migrated the email box to o365 and since then we are unable to enable the port. Not sure if something related to TLS causing the issue.

We already have the following properties set for TLS-
watt.net.jsse.client.enabledProtocols=TLSv1,TLSv1.1,TLSv1.2
watt.net.jsse.server.enabledProtocols=TLSv1,TLSv1.1,TLSv1.2
watt.net.ssl.client.handshake.maxVersion=tls
watt.net.ssl.client.handshake.minVersion=tls

Error:

Failed to start EmailListener:imap:_wmtymetrix_qa@outlook.office365.com: [ISS.0070.9003] Enable failed: Could not log into account _wmtymetrix_qa@outlook.office365.com

Any help will be highly appreciated as this is impacting our production.

2

Just for an update - we are getting below error while enabling the port-

Failed to start EmailListener:imaps:_wmtymetrix_qa@ebay.com@outlook.office365.com: Unsupported ciphersuite SSL_DH_DSS_WITH_3DES_EDE_CBC_SHA

3

Here are you trying to enable an HTTPS port and getting this error?

Can you also please make sure this cipher suite you are trying to enable is supported and or any typo or syntax as it says unsupported one in the list?

HTH,
RMG

4

Thanks RMG for replying.

I am trying to enable the port - Security->Port->Add Port->Email

Where do we need to specify the cipher list?

5

Hi,

there are properties available in the extended settings dealing with cipher suites similar to these:

watt.net.jsse.client.enabledProtocols=TLSv1,TLSv1.1,TLSv1.2
watt.net.jsse.server.enabledProtocols=TLSv1,TLSv1.1,TLSv1.2
watt.net.ssl.client.handshake.maxVersion=tls
watt.net.ssl.client.handshake.minVersion=tls

Check in IS Admin under Settings → Extended → Show and hide keys.

See IS Administration Guide for details.

Regards,
Holger

6

Hi Holger,

These properties are already set in the extended setting. It seems we are getting the error specific for
SSL_DH_DSS_WITH_3DES_EDE_CBC_SHA

Might be this cipher is not supported by the TLS, due to which it is causing the issue.

We have also disabled the SSLv3 at the JVM level.

Thanks
Amit

7

By default Email port used Entrust library and most likely you are getting issue on using that library. Try to use JSE library and try again.
You may enable JSE library from watt properties globally.

8

Also you may check PIE-19157 from IS read me.

IMAP email listener does not start. This issue occurs when an IMAP e-mail port is configured to receive requests from an e-mail server that uses NTLM for authentication. With this configuration, the following error is returned when the port is enabled:
“Failed to start EmailListener:imap: @: [ISS.0070.9003] Enable failed: Could not log into account @” To resolve this issue, do one of the following:
If you want to disable NTLM authentication, follow these steps: 1. Open custom_wrapper.conf located under / profiles/IS_default/configuration directory. 2. Add the following property: wrapper.java.additional.n=-Dmail.imap.auth.ntlm.disable=true where n is the next unused sequential number in the file. 3. Restart Integration Server. Note that this behavior is consistent with the past releases of Integration Server. If you want to enable NTLM authentication, follow these steps: 1. Download jcifs-1.3.15.jar file from Index of /src into the <IntegrationServer_directory>/instances//lib/jars or <IntegrationServer_directory>/lib/jars directory. 2. Restart Integration Server.

9

Hi,

for all jars not directly delivered by SAG I would recommend to place them under lib/jars/custom instead of lib/jars.

This makes it easier to identify the jars which have been added manually to IS over those pre-delivered during installlation.

Regards,
Holger