[ejabberd] S2S and starttls not working

Thomas Martin tmartincpp at gmail.com
Tue Nov 25 20:46:02 MSK 2014


2014-11-25 15:09 GMT+01:00 Holger Weiß <holger at zedat.fu-berlin.de>:
> * Thomas Martin <tmartincpp at gmail.com> [2014-11-25 12:18]:
>> If I set "s2s_use_starttls" to "true" the s2s connection don't work
>> (no connection established).
>
> Can you talk to other remote servers, or have you just tried this one?
> Older ejabberd versions can stumble over certificates with incorrect
> host names, for example.
>
I never tried others servers (and my servers don't have access to internet).
I will double-check certificates but users are able to connect without
issues with sames certificates and domains.


>> {s2s_default_policy, deny}.
>
> Did you try it without this setting, just to make sure it's unrelated to
> the policy configuration?
>
I tried your suggestion but the result is the same with the same error:
=INFO REPORT==== 2014-11-25 18:39:41 ===
I(<0.334.0>:ejabberd_s2s_out:1203) : Trying to open s2s connection:
jabber.domain1 -> jabber.domain2 with TLS=true
=INFO REPORT==== 2014-11-25 18:39:41 ===
I(<0.334.0>:ejabberd_s2s_out:623) : wait for auth result: closed


>> I tried to use openssl to test this issue and I don't get any answers:
>> $ openssl s_client -connect jabber.domain2:5269 -starttls xmpp
>
> OpenSSL's s_client tool supports STARTTLS only for client-to-server
> connections, not for server-to-server connections.
>
I didn't know that, now I understand why I don't get any response.


>> Version used: 2.1.10 (using Debian's package).
>
> If you'd like to try a newer version on Wheezy, you could use the
> following inofficial repository:
>
>         https://jabber.at/en/apt-repository
>
> Holger
I will give a shot, that seems really interesting.

Thanks for helping me.

Thomas


More information about the ejabberd mailing list