FS#60154 - [ejabberd] is broken with openssl v1.1.1

Attached to Project: Community Packages
Opened by Ahmed W. (OneOfOne) - Friday, 21 September 2018, 20:43 GMT
Last edited by Sergej Pupykin (sergej) - Monday, 29 October 2018, 09:35 GMT
Task Type Bug Report
Category Packages
Status Closed
Assigned To Sergej Pupykin (sergej)
Architecture All
Severity Medium
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 3
Private No
This task depends upon

Closed by  Sergej Pupykin (sergej)
Monday, 29 October 2018, 09:35 GMT
Reason for closing:  Fixed
Additional comments about closing:  rebuilt with fast_tls revision 9b25543cf1200e3b216996598771962461ea51c8
Comment by loqs (loqs) - Friday, 21 September 2018, 21:00 GMT Comment by Ahmed W. (OneOfOne) - Friday, 21 September 2018, 21:25 GMT
I did not, I tried to build ejabberd-git from the aur and it errored out.
Comment by Ahmed W. (OneOfOne) - Monday, 24 September 2018, 17:06 GMT
Update, I tried, it didn't work.
Comment by Uwe Sauter (UweSauter) - Tuesday, 02 October 2018, 18:34 GMT
New version 18.09-1 was released yesterday for Arch. But that version keeps crashing on my server, see #59795.
Comment by Baudouin Feildel (amdg) - Thursday, 11 October 2018, 08:29 GMT
Hello,

I have the same issue. Ejabberd is working well except for client with TLS1.3 support like Conversation on Android.

When I try to connect I get the following lines in ejabberd log:

2018-10-11 10:27:20.678 [info] <0.307.0>@ejabberd_listener:accept:221 (<0.479.0>) Accepted connection ::ffff:x.x.x.x:2381 -> ::ffff:x.x.x.x:5222
2018-10-11 10:27:20.681 [info] <0.479.0> (tcp|<0.479.0>) Received XML on stream = <<"<?xml version='1.0'?>">>
2018-10-11 10:27:20.731 [info] <0.479.0> (tcp|<0.479.0>) Received XML on stream = <<"<stream:stream version=\"1.0\" xml:lang=\"en\" xmlns:stream=\"http://etherx.jabber.org/streams\" xmlns=\"jabber:client\" to=\"example.com\">">>
2018-10-11 10:27:20.731 [info] <0.479.0> (tcp|<0.479.0>) Send XML on stream = <<"<?xml version='1.0'?><stream:stream id='17255034304564522187' version='1.0' xml:lang='en' xmlns:stream='http://etherx.jabber.org/streams' from='example.com' xmlns='jabber:client'>">>
2018-10-11 10:27:20.731 [info] <0.479.0> (tcp|<0.479.0>) Send XML on stream = <<"<stream:features><starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'><required/></starttls></stream:features>">>
2018-10-11 10:27:20.781 [info] <0.479.0> (tcp|<0.479.0>) Received XML on stream = <<"<starttls xmlns=\"urn:ietf:params:xml:ns:xmpp-tls\"/>">>
2018-10-11 10:27:20.781 [info] <0.479.0> (tcp|<0.479.0>) Send XML on stream = <<"<proceed xmlns='urn:ietf:params:xml:ns:xmpp-tls'/>">>
2018-10-11 10:27:20.941 [warning] <0.479.0>@ejabberd_c2s:process_terminated:280 (tls|<0.479.0>) Failed to secure c2s connection: TLS failed: client renegotiations forbidden

I did rebuild ejabberd package on my server and checked that the patch is used (fast_tls checkout commit is after the one mentionned by @loqs)
Comment by Sergej Pupykin (sergej) - Friday, 12 October 2018, 19:07 GMT
https://github.com/processone/ejabberd/issues/2614

define_macro:
'TLS_OPTIONS':
- "no_sslv2"
- "no_sslv3"
- "no_tlsv1_3"

...
starttls: true
protocol_options: 'TLS_OPTIONS'

works for me
Comment by Sergej Pupykin (sergej) - Friday, 12 October 2018, 19:08 GMT Comment by Uwe Sauter (UweSauter) - Saturday, 13 October 2018, 12:11 GMT
If you upgrade to 18.09 make sure that erlang-nox is installed, not erlang-nox-20. See https://bugs.archlinux.org/task/59795 .
Comment by Iru Dog (mytbk) - Tuesday, 23 October 2018, 08:51 GMT
ejabberd still needs to repackage with fast_tls revision 9b25543cf1200e3b216996598771962461ea51c8.

Loading...