[ejabberd] S2S and starttls not working

Christoph (JabJab.de) mail at jabjab.de
Tue Nov 25 14:23:57 MSK 2014

Hi Thomas,

I guess the right options for s2s_use_starttls are:


Did you tried one of these?



------ Originalnachricht ------
Von: "Thomas Martin" <tmartincpp at gmail.com>
An: ejabberd at jabber.ru
Gesendet: 25.11.2014 12:18:17
Betreff: [ejabberd] S2S and starttls not working
>I'm having an issue to make ejabberd work in S2S with starttls enabled.
>If I set "s2s_use_starttls" to "true" the s2s connection don't work
>(no connection established).
>Any other TLS works (ejabberd_c2s, ejabberd_http).
>I'm only using one s2s connexion between two servers for two different 
>Configuration is the same on both sides (except for domain2 which is
>replaced by domain1):
>{5269, ejabberd_s2s_in, [
>                {shaper, s2s_shaper},
>                {max_stanza_size, 131072}
>               ]},
>{s2s_use_starttls, false}.
>{s2s_certfile, "/etc/ejabberd/cert.pem"}.
>{s2s_default_policy, deny}.
>{{s2s_host, "jabber.mydomain2"}, allow}.
>{{s2s_host, "conference.jabber.mydomain2"}, allow}.
>{access, s2s_shaper, [{fast, all}]}
>I tried to use openssl to test this issue and I don't get any answers:
>$ openssl s_client -connect jabber.domain2:5269 -starttls xmpp
>Same test without TLS:
>$ telnet jabber.domain2 5269
>Escape character is '^]'.
><?xml version='1.0'?><stream:stream
>xmlns:stream='http://etherx.jabber.org/streams' xmlns='jabber:server'
>closed by foreign host.
>Version used: 2.1.10 (using Debian's package).
>Do you have any clues?
>ejabberd mailing list
>ejabberd at jabber.ru
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 2335 bytes
Desc: not available
URL: <http://lists.jabber.ru/pipermail/ejabberd/attachments/20141125/db3a7cae/attachment.bin>

More information about the ejabberd mailing list