[ejabberd] S2S and starttls not working

Thomas Martin tmartincpp at gmail.com
Tue Nov 25 14:37:15 MSK 2014


Hi Christoph ,

2014-11-25 12:23 GMT+01:00 Christoph (JabJab.de) <mail at jabjab.de>:
> Hi Thomas,
>
> I guess the right options for s2s_use_starttls are:
>
> false
> optional
> required
> required_trusted
>
> Did you tried one of these?
>
> Greetings
>
> Christoph
>

This is a really good point, I should have tried that, but
unfortunately this is not working either with "required".

I got the same log in ejabberd.log with "required" or "true":
=INFO REPORT==== 2014-11-25 12:30:56 ===
I(<0.476.0>:ejabberd_s2s_out:1203) : Trying to open s2s connection:
jabber.domain1 -> jabber.domain2 with TLS=true
=INFO REPORT==== 2014-11-25 12:30:56 ===
I(<0.476.0>:ejabberd_s2s_out:623) : wait for auth result: closed


Thank you.

Thomas

> ------ Originalnachricht ------
> Von: "Thomas Martin" <tmartincpp at gmail.com>
> An: ejabberd at jabber.ru
> Gesendet: 25.11.2014 12:18:17
> Betreff: [ejabberd] S2S and starttls not working
>>
>> Hello,
>>
>> I'm having an issue to make ejabberd work in S2S with starttls enabled.
>>
>> If I set "s2s_use_starttls" to "true" the s2s connection don't work
>> (no connection established).
>> Any other TLS works (ejabberd_c2s, ejabberd_http).
>>
>> I'm only using one s2s connexion between two servers for two different
>> domains.
>>
>> Configuration is the same on both sides (except for domain2 which is
>> replaced by domain1):
>> {5269, ejabberd_s2s_in, [
>>                {shaper, s2s_shaper},
>>                {max_stanza_size, 131072}
>>               ]},
>>
>> {s2s_use_starttls, false}.
>> {s2s_certfile, "/etc/ejabberd/cert.pem"}.
>> {s2s_default_policy, deny}.
>> {{s2s_host, "jabber.mydomain2"}, allow}.
>> {{s2s_host, "conference.jabber.mydomain2"}, allow}.
>> {access, s2s_shaper, [{fast, all}]}
>>
>>
>> I tried to use openssl to test this issue and I don't get any answers:
>> $ openssl s_client -connect jabber.domain2:5269 -starttls xmpp
>> CONNECTED(00000003)
>> test
>>
>>
>> Same test without TLS:
>> $ telnet jabber.domain2 5269
>> Escape character is '^]'.
>> test
>> <?xml version='1.0'?><stream:stream
>> xmlns:stream='http://etherx.jabber.org/streams' xmlns='jabber:server'
>> xmlns:db='jabber:server:dialback'
>> id='1408836793'><stream:error><xml-not-well-formed
>>
>> xmlns='urn:ietf:params:xml:ns:xmpp-streams'/></stream:error></stream:stream>Connection
>> closed by foreign host.
>>
>>
>> Version used: 2.1.10 (using Debian's package).
>>
>> Do you have any clues?
>>
>> Thanks!
>>
>> Thomas.
>> _______________________________________________
>> ejabberd mailing list
>> ejabberd at jabber.ru
>> http://lists.jabber.ru/mailman/listinfo/ejabberd
>
>
> _______________________________________________
> ejabberd mailing list
> ejabberd at jabber.ru
> http://lists.jabber.ru/mailman/listinfo/ejabberd
>


More information about the ejabberd mailing list