[ejabberd] Compliance Tester and XEP-0368

Nk nk at os.vu
Mon Nov 6 14:54:22 MSK 2017

Thanks for your reply.

Sun, 5 Nov 2017 15:04:50 +0100
Nk <nk at os.vu> wrote:

> running XEP-0357: Push Notifications… FAILED
> running XEP-0368: SRV records for XMPP over TLS… FAILED
> running XEP-0384: OMEMO Encryption… FAILED
> running XEP-0313: Message Archive Management (MUC)… FAILED
> passed 11/15

Both XEP-0357 and XEP-0368 support was added in 17.09 (IIRC). Although,
strictly speaking you don't need XEP-0368 support for incoming
c2s connections if you're using SSLH.
I now have SSLH forwarding c2s connections to 5222 with the xmpp-client probe, and HTTP Uploads connections forwarded to 5444 with the TLS probe and SNI indication for xu.domain.org, but as I understand it this is a hack, since port 5223 / XEP 0368 should support all traffic on a single port, correct?

> I don’t understand why 0313 would fail. This is my config:

Probably because ejabberd doesn't support the latest XEP version?
Ok I see, is this on the development timeline? Do we know what is missing specifically?

> Also, I have a broad question about 0368. Theoretically its use is to
> specify an SRV record for xmpps connections [either on port 5223 or
> 443] if I understand correctly. But what is ejabberd’s role in this?
> What actually changes in v17.09?

See above. XEP-0368 is only supported for outgoing s2s connections
(i.e. ejabberd is able to resolve "_xmpps-server" SRV records).
Ok thanks I see. This doesn’t really make a difference though since connections on port 5269 already require encryption in my configuration, right?

> I basically need a client to work with port 443 for all services,
> this is a must have if we want to work at a user-friendliness level
> like that of Signal [right, @weiss? ;]

Just configure SSLH properly (SNI/ALPN/etc).
I’m still not able to forward TLS service on port 443 with ALPN indication over to port 5223 successfully, I don’t think Conversations is sending the ALPN indication, so probably I can’t really test this at all. I hope my HTTP Uploads “hack” is formally correct.

I still don’t really understand how port 5223 / ALPN and XEP 0368 are handled by Conversations or clients in general, so the fact is that I don’t really understand where the problem is, let alone how to solve it correctly.

Thanks for your help!

ejabberd mailing list
ejabberd at jabber.ru
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.jabber.ru/pipermail/ejabberd/attachments/20171106/61dea7ec/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: Message signed with OpenPGP using AMPGpg
URL: <http://lists.jabber.ru/pipermail/ejabberd/attachments/20171106/61dea7ec/attachment.sig>

More information about the ejabberd mailing list