[ejabberd] anyone here managed to do s2s to gmail.com domain using TLS ?

Konstantin Khomoutov flatworm at users.sourceforge.net
Wed Nov 3 07:23:42 MSK 2010


On Tue, Nov 02, 2010 at 03:45:46PM +0000, Chris Maciejewski wrote:

> Right, I see. Thanks for pointing me in the right direction.
> 
> ...however it seems to me s2s service listening on port 5269 at
> xmpp-server.l.google.com is not SSL enabled at all ???
> 
> openssl s_client -connect xmpp-server.l.google.com:5269
> 7019:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown
> protocol:s23_clnt.c:601:
`openssl s_client -connect` assumes the remote side talks TLS right from the
start which is wrong in case of s2s: the remote sise talks plain text
using s2s-part of the XMPP spec and *may* support the STARTTLS feature
(or may not). STARTTLS is a way to negotiate using of TLS over a plain
text stream.

> So how do we connect to Google s2s via SSL in that case?
http://www.ejabberd.im/s2s-encryption



More information about the ejabberd mailing list