[Pkg-xmpp-devel] Bug#851997: Bug#851997: Bug#851997: No TLS encryption possible

Thadeu Lima de Souza Cascardo cascardo at minaslivre.org
Tue Feb 7 10:42:45 UTC 2017 

On Tue, Feb 07, 2017 at 10:34:09AM +0100, Karsten Malcher wrote:
> Hello Simon,
> 
> Am 07.02.2017 um 10:12 schrieb Simon Josefsson:
> > You need to provide more details for this to be a useful bug report.
> > Your statements above can easily be disproved.  I'm using
> > 2.4.0-1~bpo8+1 and TLS works just as I want it to work, see for example:
> >
> > https://www.xmpp.net/result.php?domain=josefsson.org&type=server
> > https://www.xmpp.net/result.php?domain=josefsson.org&type=client
> 
> I don't know what is tested there - but all i can test is
> 
> $ openssl s_client -connect chat.josefsson.org:5222 -starttls xmpp
> CONNECTED(00000003)
> 
> There is no TLS connection established!
> 

On the other hand, when I run it here:

$ cat /etc/debian_version
9.0
$ apt-cache policy openssl
openssl:
  Installed: 1.1.0d-2
  Candidate: 1.1.0d-2
  Version table:
 *** 1.1.0d-2 500
        500 http://ftp.debian.org/debian sid/main amd64 Packages
        100 /var/lib/dpkg/status
$ openssl s_client -connect chat.josefsson.org:5222 -starttls xmpp
CONNECTED(00000003)
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 497 bytes and written 123 bytes
Verification: OK
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
---
$

> 
> But when i test the same to my prosody server i get
> ...
> ---
> SSL handshake has read 1946 bytes and written 627 bytes
> ---
> New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384
> Server public key is 2048 bit
> Secure Renegotiation IS supported
> Compression: NONE
> Expansion: NONE
> SSL-Session:
>     Protocol  : TLSv1.2
>     Cipher    : ECDHE-RSA-AES256-GCM-SHA384
> ...
> 
> This is an working TLS connection!
> 
> >
> > All of my configurations are available here:
> >
> > https://gitlab.com/jas/sjd-cosmos/tree/master/chat.josefsson.org/overlay/etc/jabberd2
> 
> So at least you use
> 
> |<id password-change='mu' require-starttls='mu' pemfile='/etc/jabberd2/server.pem'>josefsson.org</id> |
> 
> That's what i already tested.
> 
> > As far as I can tell, what you are looking for is help to configure
> > jabberd2.  To get help, you need to find someone to help you and you
> > need to explain what you have tried and what happenes, and what you
> > expect to happen.
> 
> I have written all this information in the linked bug reports.
> There is nothing more that could be find out.
> The developer doesn't support help or more information.
> 
> Sorry.
> It's just a warning to users who want's to have a secure XMPP server.
> 
> Best regards
> Karsten
> 
> _______________________________________________
> Pkg-xmpp-devel mailing list
> Pkg-xmpp-devel at lists.alioth.debian.org
> http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-xmpp-devel

More information about the Pkg-xmpp-devel mailing list