FS#60154 - [ejabberd] is broken with openssl v1.1.1
Attached to Project:
Community Packages
Opened by Ahmed W. (OneOfOne) - Friday, 21 September 2018, 20:43 GMT
Last edited by Sergej Pupykin (sergej) - Monday, 29 October 2018, 09:35 GMT
Opened by Ahmed W. (OneOfOne) - Friday, 21 September 2018, 20:43 GMT
Last edited by Sergej Pupykin (sergej) - Monday, 29 October 2018, 09:35 GMT
|
This task depends upon
Closed by Sergej Pupykin (sergej)
Monday, 29 October 2018, 09:35 GMT
Reason for closing: Fixed
Additional comments about closing: rebuilt with fast_tls revision 9b25543cf1200e3b216996598771962461ea51c8
Monday, 29 October 2018, 09:35 GMT
Reason for closing: Fixed
Additional comments about closing: rebuilt with fast_tls revision 9b25543cf1200e3b216996598771962461ea51c8
I have the same issue. Ejabberd is working well except for client with TLS1.3 support like Conversation on Android.
When I try to connect I get the following lines in ejabberd log:
2018-10-11 10:27:20.678 [info] <0.307.0>@ejabberd_listener:accept:221 (<0.479.0>) Accepted connection ::ffff:x.x.x.x:2381 -> ::ffff:x.x.x.x:5222
2018-10-11 10:27:20.681 [info] <0.479.0> (tcp|<0.479.0>) Received XML on stream = <<"<?xml version='1.0'?>">>
2018-10-11 10:27:20.731 [info] <0.479.0> (tcp|<0.479.0>) Received XML on stream = <<"<stream:stream version=\"1.0\" xml:lang=\"en\" xmlns:stream=\"http://etherx.jabber.org/streams\" xmlns=\"jabber:client\" to=\"example.com\">">>
2018-10-11 10:27:20.731 [info] <0.479.0> (tcp|<0.479.0>) Send XML on stream = <<"<?xml version='1.0'?><stream:stream id='17255034304564522187' version='1.0' xml:lang='en' xmlns:stream='http://etherx.jabber.org/streams' from='example.com' xmlns='jabber:client'>">>
2018-10-11 10:27:20.731 [info] <0.479.0> (tcp|<0.479.0>) Send XML on stream = <<"<stream:features><starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'><required/></starttls></stream:features>">>
2018-10-11 10:27:20.781 [info] <0.479.0> (tcp|<0.479.0>) Received XML on stream = <<"<starttls xmlns=\"urn:ietf:params:xml:ns:xmpp-tls\"/>">>
2018-10-11 10:27:20.781 [info] <0.479.0> (tcp|<0.479.0>) Send XML on stream = <<"<proceed xmlns='urn:ietf:params:xml:ns:xmpp-tls'/>">>
2018-10-11 10:27:20.941 [warning] <0.479.0>@ejabberd_c2s:process_terminated:280 (tls|<0.479.0>) Failed to secure c2s connection: TLS failed: client renegotiations forbidden
I did rebuild ejabberd package on my server and checked that the patch is used (fast_tls checkout commit is after the one mentionned by @loqs)
define_macro:
'TLS_OPTIONS':
- "no_sslv2"
- "no_sslv3"
- "no_tlsv1_3"
...
starttls: true
protocol_options: 'TLS_OPTIONS'
works for me