[ejabberd] S2S and starttls not working

Thomas Martin tmartincpp at gmail.com
Tue Nov 25 14:18:17 MSK 2014


Hello,

I'm having an issue to make ejabberd work in S2S with starttls enabled.

If I set "s2s_use_starttls" to "true" the s2s connection don't work
(no connection established).
Any other TLS works (ejabberd_c2s, ejabberd_http).

I'm only using one s2s connexion between two servers for two different domains.

Configuration is the same on both sides (except for domain2 which is
replaced by domain1):
{5269, ejabberd_s2s_in, [
               {shaper, s2s_shaper},
               {max_stanza_size, 131072}
              ]},

{s2s_use_starttls, false}.
{s2s_certfile, "/etc/ejabberd/cert.pem"}.
{s2s_default_policy, deny}.
{{s2s_host, "jabber.mydomain2"}, allow}.
{{s2s_host, "conference.jabber.mydomain2"}, allow}.
{access, s2s_shaper, [{fast, all}]}


I tried to use openssl to test this issue and I don't get any answers:
$ openssl s_client -connect jabber.domain2:5269 -starttls xmpp
CONNECTED(00000003)
test


Same test without TLS:
$ telnet jabber.domain2 5269
Escape character is '^]'.
test
<?xml version='1.0'?><stream:stream
xmlns:stream='http://etherx.jabber.org/streams' xmlns='jabber:server'
xmlns:db='jabber:server:dialback'
id='1408836793'><stream:error><xml-not-well-formed
xmlns='urn:ietf:params:xml:ns:xmpp-streams'/></stream:error></stream:stream>Connection
closed by foreign host.


Version used: 2.1.10 (using Debian's package).

Do you have any clues?

Thanks!

Thomas.


More information about the ejabberd mailing list