[ejabberd] S2S and starttls not working

Christoph (JabJab.de) mail at jabjab.de
Tue Nov 25 14:23:57 MSK 2014


Hi Thomas,

I guess the right options for s2s_use_starttls are:

false
optional
required
required_trusted

Did you tried one of these?

Greetings

Christoph

------ Originalnachricht ------
Von: "Thomas Martin" <tmartincpp at gmail.com>
An: ejabberd at jabber.ru
Gesendet: 25.11.2014 12:18:17
Betreff: [ejabberd] S2S and starttls not working
>Hello,
>
>I'm having an issue to make ejabberd work in S2S with starttls enabled.
>
>If I set "s2s_use_starttls" to "true" the s2s connection don't work
>(no connection established).
>Any other TLS works (ejabberd_c2s, ejabberd_http).
>
>I'm only using one s2s connexion between two servers for two different 
>domains.
>
>Configuration is the same on both sides (except for domain2 which is
>replaced by domain1):
>{5269, ejabberd_s2s_in, [
>                {shaper, s2s_shaper},
>                {max_stanza_size, 131072}
>               ]},
>
>{s2s_use_starttls, false}.
>{s2s_certfile, "/etc/ejabberd/cert.pem"}.
>{s2s_default_policy, deny}.
>{{s2s_host, "jabber.mydomain2"}, allow}.
>{{s2s_host, "conference.jabber.mydomain2"}, allow}.
>{access, s2s_shaper, [{fast, all}]}
>
>
>I tried to use openssl to test this issue and I don't get any answers:
>$ openssl s_client -connect jabber.domain2:5269 -starttls xmpp
>CONNECTED(00000003)
>test
>
>
>Same test without TLS:
>$ telnet jabber.domain2 5269
>Escape character is '^]'.
>test
><?xml version='1.0'?><stream:stream
>xmlns:stream='http://etherx.jabber.org/streams' xmlns='jabber:server'
>xmlns:db='jabber:server:dialback'
>id='1408836793'><stream:error><xml-not-well-formed
>xmlns='urn:ietf:params:xml:ns:xmpp-streams'/></stream:error></stream:stream>Connection
>closed by foreign host.
>
>
>Version used: 2.1.10 (using Debian's package).
>
>Do you have any clues?
>
>Thanks!
>
>Thomas.
>_______________________________________________
>ejabberd mailing list
>ejabberd at jabber.ru
>http://lists.jabber.ru/mailman/listinfo/ejabberd
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 2335 bytes
Desc: not available
URL: <http://lists.jabber.ru/pipermail/ejabberd/attachments/20141125/db3a7cae/attachment.bin>


More information about the ejabberd mailing list