SSLException: No PSK available. Unable to resume.

  • 7024286
  • 22-Nov-2019
  • 22-Nov-2019

Environment

Retain Unified Archiving 4.x

Situation

Seeing the following error when attempting to archive from GroupWise 18.2 (and newer) post offices that support TLS v1.3.

Error Message: com.sun.xml.ws.client.ClientTransportException: HTTP transport error: javax.net.ssl.SSLException: No PSK available. Unable to resume.  (cachedItemList == null) error 2 com.gwava.gweasysoap.ThreadedEasyCursor.readCursor
HTTP transport error: javax.net.ssl.SSLException: No PSK available. Unable to resume. com.sun.xml.ws.transport.http.client.HttpClientTransport.getOutput
caused by No PSK available. Unable to resume. sun.security.ssl.Alert.createSSLException, archiverID=4F4642A0CEFCDBC31702C0C20E0E5E27, 4112mailboxintuuid=2963C070-14FB-0000-9667-773137623031}

Resolution

For Retain 4.8.1.0 and 4.8.0.1:

Add "TLSv1.3" to the jdk.tls.disabledAlgorithms= line in:

/opt/beginfinite/retain/java/jdk-11+28/conf/security/java.security

   or

C:\Program Files\Beginfinite\Retain\Java\jdk-11+28\conf\security\java.security

jdk.tls.disabledAlgorithms=SSLv3, RC4, MD5withRSA, DH keySize < 1024, \
 EC keySize < 224, DES40_CBC, RC4_40, 3DES_EDE_CBC

then becomes:

jdk.tls.disabledAlgorithms=SSLv3, RC4, MD5withRSA, DH keySize < 1024, \
 EC keySize < 224, DES40_CBC, RC4_40, 3DES_EDE_CBC, TLSv1.3