On Tue, Feb 07, 2017 at 10:34:09AM +0100, Karsten Malcher wrote:
> Hello Simon,
>
> Am 07.02.2017 um 10:12 schrieb Simon Josefsson:
> > You need to provide more details for this to be a useful bug report.
> > Your statements above can easily be disproved. I'm using
> > 2.4.0-1~bpo8+1 and TLS works just as I want it to work, see for example:
> >
> > https://www.xmpp.net/result.php?domain=josefsson.org&type=server
> > https://www.xmpp.net/result.php?domain=josefsson.org&type=client
>
> I don't know what is tested there - but all i can test is
>
> $ openssl s_client -connect chat.josefsson.org:5222 -starttls xmpp
> CONNECTED(00000003)
>
> There is no TLS connection established!
>
On the other hand, when I run it here:
$ cat /etc/debian_version
9.0
$ apt-cache policy openssl
openssl:
Installed: 1.1.0d-2
Candidate: 1.1.0d-2
Version table:
*** 1.1.0d-2 500
500 http://ftp.debian.org/debian sid/main amd64 Packages
100 /var/lib/dpkg/status
$ openssl s_client -connect chat.josefsson.org:5222 -starttls xmpp
CONNECTED(00000003)
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 497 bytes and written 123 bytes
Verification: OK
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
---
$
>
> But when i test the same to my prosody server i get
> ...
> ---
> SSL handshake has read 1946 bytes and written 627 bytes
> ---
> New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384
> Server public key is 2048 bit
> Secure Renegotiation IS supported
> Compression: NONE
> Expansion: NONE
> SSL-Session:
> Protocol : TLSv1.2
> Cipher : ECDHE-RSA-AES256-GCM-SHA384
> ...
>
> This is an working TLS connection!
>
> >
> > All of my configurations are available here:
> >
> > https://gitlab.com/jas/sjd-cosmos/tree/master/chat.josefsson.org/overlay/etc/jabberd2
>
> So at least you use
>
> |<id password-change='mu' require-starttls='mu'
> pemfile='/etc/jabberd2/server.pem'>josefsson.org</id> |
>
> That's what i already tested.
>
> > As far as I can tell, what you are looking for is help to configure
> > jabberd2. To get help, you need to find someone to help you and you
> > need to explain what you have tried and what happenes, and what you
> > expect to happen.
>
> I have written all this information in the linked bug reports.
> There is nothing more that could be find out.
> The developer doesn't support help or more information.
>
> Sorry.
> It's just a warning to users who want's to have a secure XMPP server.
>
> Best regards
> Karsten
>
> _______________________________________________
> Pkg-xmpp-devel mailing list
> pkg-xmpp-de...@lists.alioth.debian.org
> http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-xmpp-devel
