[ejabberd] Logging TLS version and cipher for ejabberd 15.x c2s/s2s

Jonathan Siegle jsiegle at psu.edu
Tue Mar 22 21:19:32 MSK 2016


Just a follow up, yes it was possible and it was painful. The only client 
that we use that cannot use TLS 1.2 is Trillian Pro. The maintainers of 
that that client thanked us for identifying the problem and promise to 
fix it, but have not provide a date.

I guess the s2s part was not as important because as we know, google can't 
spell TLS when it comes to XMPP...



-Jonathan
On 2016-01-06 at 08:45, Jonathan Siegle wrote:

> Greetings,
> 	I wish to log the TLS version(1.0,1.1,1.2) and the cipher in an 
> effort to understand what XMPP clients and servers are using and what happens 
> when I turn off TLS version 1 and 1.1. I would like to do it in such a 
> fashion that I can pin it to a user or IP address for c2s connections and the 
> name of the domain for s2s connections.
>
>
> I could call syslog from the c code(/deps/p1_tls/c_src/p1_tls_drv.c) . It is 
> not obvious to me that any state information is being passed into the c 
> module from the erlang code (./deps/p1_tls/src/p1_tls.erl)
>
> I'm open to ideas on where in the code to put this. Is it 
> code(/deps/p1_tls/c_src/p1_tls_drv.c or
> ./src/ejabberd_c2s.erl or ??
>
> The c2s log line in ejabberd.log for an accepted authentication looks like:
> 016-01-06 08:43:13.343 [info] <0.441.0>@ejabberd_listener:accept:299 
> (#Port<0.1307111>) Accepted connection 128.118.57.79:35542 -> 
> 128.118.2.219:5222
> 2016-01-06 08:43:13.397 [info] 
> <0.15735.60>@ejabberd_c2s:wait_for_feature_request:747 
> ({socket_state,p1_tls,{tlssock,#Port<0.1307111>,#Port<0.1307109>},<0.15736.60>}) 
> Accepted authentication for userid by ejabberd_auth_pam from 128.118.57.79
> 2016-01-06 08:43:13.401 [info] 
> <0.15735.60>@ejabberd_c2s:wait_for_session:1117 
> ({socket_state,p1_tls,{tlssock,#Port<0.1307111>,#Port<0.1307109>},<0.15736.60>}) 
> Opened session for userid at chat.aittest.psu.edu/jmslaptop
>
>
> Is "(#Port<0.1307111>)" a piece of state information that may be available to 
> the c source?
>
> The s2s log line in ejabberd.log looks like:
>
> 2016-01-06 07:55:11.032 [info] 
> <0.12225.60>@ejabberd_s2s_in:stream_established:514 Accepted s2s dialback 
> authentication for jabber.org (TLS=true)
>
>
> from ./src/ejabberd_s2s_in.erl .
>
>
> Thanks,
> Jonathan
>
>
> _______________________________________________
> ejabberd mailing list
> ejabberd at jabber.ru
> http://lists.jabber.ru/mailman/listinfo/ejabberd
>


More information about the ejabberd mailing list