Не решено Ошибка после перезапуска почтового сервера

lonertin

Почетный гость

В офисе стоит почтовый сервер! Он моментами тупит и падает сеть.(в офисе у всех почтовый клиент Zimbra) Рестартнули, у всех всё хорошо кроме меня. Вылетает такая ошибка, как фиксить умельцы?

Текст ошибки:

Сообщение отладки: DH ServerKeyExchange does not comply to algorithm constraints
Исключение:

com.zimbra.common.service.ServiceException: error while proxying request to target server: DH ServerKeyExchange does not comply to algorithm constraints
ExceptionId:btpool0-5:1676539234109:c67be2653e1cdf0a
Code:service.PROXY_ERROR Arg:(url, STR, "https://192.168.1.10/service/soap/")
at com.zimbra.common.service.ServiceException.PROXY_ERROR(ServiceException.java:318)
at com.zimbra.cs.mailbox.ZcsMailbox.sendRequest(ZcsMailbox.java:705)
at com.zimbra.cs.mailbox.ZcsMailbox.sendRequest(ZcsMailbox.java:652)
at com.zimbra.cs.mailbox.ZcsMailbox.sendRequest(ZcsMailbox.java:647)
at com.zimbra.cs.mailbox.ZcsMailbox.sendRequest(ZcsMailbox.java:640)
at com.zimbra.cs.mailbox.ZcsMailbox.sendRequest(ZcsMailbox.java:636)
at com.zimbra.cs.mailbox.ZcsMailbox.getAuthToken(ZcsMailbox.java:177)
at com.zimbra.cs.account.offline.OfflineProvisioning.getProxyAuthToken(OfflineProvisioning.java:2766)
at com.zimbra.soap.SoapEngine.dispatch(SoapEngine.java:230)
at com.zimbra.soap.SoapEngine.dispatch(SoapEngine.java:158)
at com.zimbra.soap.SoapServlet.doWork(SoapServlet.java:303)
at com.zimbra.soap.SoapServlet.doPost(SoapServlet.java:217)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:725)
at com.zimbra.cs.servlet.ZimbraServlet.service(ZimbraServlet.java:206)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:814)
at org.mortbay.jetty.servlet.ServletHolder.handle(ServletHolder.java:511)
at org.mortbay.jetty.servlet.ServletHandler.handle(ServletHandler.java:390)
at org.mortbay.jetty.security.SecurityHandler.handle(SecurityHandler.java:218)
at org.mortbay.jetty.servlet.SessionHandler.handle(SessionHandler.java:182)
at org.mortbay.jetty.handler.ContextHandler.handle(ContextHandler.java:765)
at org.mortbay.jetty.webapp.WebAppContext.handle(WebAppContext.java:422)
at org.mortbay.jetty.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:230)
at org.mortbay.jetty.handler.HandlerCollection.handle(HandlerCollection.java:114)
at org.mortbay.jetty.handler.HandlerWrapper.handle(HandlerWrapper.java:152)
at org.mortbay.jetty.handler.rewrite.RewriteHandler.handle(RewriteHandler.java:230)
at org.mortbay.jetty.handler.HandlerWrapper.handle(HandlerWrapper.java:152)
at org.mortbay.jetty.Server.handle(Server.java:326)
at org.mortbay.jetty.HttpConnection.handleRequest(HttpConnection.java:585)
at org.mortbay.jetty.HttpConnection$RequestHandler.content(HttpConnection.java:988)
at org.mortbay.jetty.HttpParser.parseNext(HttpParser.java:756)
at org.mortbay.jetty.HttpParser.parseAvailable(HttpParser.java:218)
at org.mortbay.jetty.HttpConnection.handle(HttpConnection.java:415)
at org.mortbay.io.nio.SelectChannelEndPoint.run(SelectChannelEndPoint.java:429)
at org.mortbay.thread.BoundedThreadPool$PoolThread.run(BoundedThreadPool.java:451)
Caused by: javax.net.ssl.SSLHandshakeException: DH ServerKeyExchange does not comply to algorithm constraints
at sun.security.ssl.Alert.createSSLException(Unknown Source)
at sun.security.ssl.Alert.createSSLException(Unknown Source)
at sun.security.ssl.TransportContext.fatal(Unknown Source)
at sun.security.ssl.TransportContext.fatal(Unknown Source)
at sun.security.ssl.TransportContext.fatal(Unknown Source)
at sun.security.ssl.DHServerKeyExchange$DHServerKeyExchangeConsumer.consume(Unknown Source)
at sun.security.ssl.ServerKeyExchange$ServerKeyExchangeConsumer.consume(Unknown Source)
at sun.security.ssl.SSLHandshake.consume(Unknown Source)
at sun.security.ssl.HandshakeContext.dispatch(Unknown Source)
at sun.security.ssl.HandshakeContext.dispatch(Unknown Source)
at sun.security.ssl.TransportContext.dispatch(Unknown Source)
at sun.security.ssl.SSLTransport.decode(Unknown Source)
at sun.security.ssl.SSLSocketImpl.decode(Unknown Source)
at sun.security.ssl.SSLSocketImpl.readHandshakeRecord(Unknown Source)
at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at com.zimbra.common.net.CustomSSLSocket.startHandshake(CustomSSLSocket.java:90)
at com.zimbra.common.net.CustomSSLSocket.getInputStream(CustomSSLSocket.java:341)
at org.apache.commons.httpclient.HttpConnection.open(HttpConnection.java:745)
at org.apache.commons.httpclient.MultiThreadedHttpConnectionManager$HttpConnectionAdapter.open(MultiThreadedHttpConnectionManager.java:1361)
at org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:387)
at org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:171)
at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:397)
at com.zimbra.common.soap.SoapHttpTransport.invoke(SoapHttpTransport.java:243)
at com.zimbra.common.soap.SoapHttpTransport.invoke(SoapHttpTransport.java:164)
at com.zimbra.common.soap.SoapTransport.invoke(SoapTransport.java:407)
at com.zimbra.common.soap.SoapTransport.invokeWithoutSession(SoapTransport.java:393)
at com.zimbra.cs.mailbox.ZcsMailbox.sendRequest(ZcsMailbox.java:690)
... 32 more
 
А сервер то какой и на чем ? Zimbra? Судя по ошибкам - ругань на сертификат и алгоритм шифрования. Копайте в эту сторону
 
1. Check "java.security" config for DH key size to see if it's configured as below.jdk.tls.disabledAlgorithms=SSLv3, TLSv1, TLSv1.1, RC4, DES, MD5withRSA, \
DH keySize < 1024, EC keySize < 224, 3DES_EDE_CBC, anon, NULL, \
include jdk.disabled.namedCurves
2. If yes, then check "security.useSystemPropertiesFile" is set to true in the same file above.
3. If the answer for step2 is yes, please go to "/etc/crypto-policies/back-ends/java.conf" and replace "jdk.tls.disabledAlgorithms=DH Keysize < 2048" with "jdk.tls.disabledAlgorithms=DH Keysize < 1024"
4. Restart the runtime
 
Может обновиться ? Какие ОС используются и версии ПО ?
 
А сервер то какой и на чем ? Zimbra? Судя по ошибкам - ругань на сертификат и алгоритм шифрования. Копайте в эту сторону
Я честно сказать не многое в этом понимаю. Вроде на Linuxе работает. А сервер вот такой как на картинке rx 300 s3
fujitsu-siemens-primergy-rx300-s3-1.jpg
 
Назад
Верх