Are the dialback issues still present?

I’m using openfire 3.10.3, compiled from source, on a linux host. I’ve attempted to setup server2server as best as I can and believe it should be working. I’ve read a few posts on the internet indicating errors with s2s support in openfire…
I’m testing it against two accounts on two public xmpp servers: one is working (sort of) and the other isn’t at all. I have a domain and the domain resolves to my server IP, I added two SRV records (even though in theory this isn’t needed) and enabled debug mode. I also disabled dialback by setting xmpp.server.dialback.enabled to false, when attempting to send a message to the server that fails, my debug log shows (testing against riseup.net):

2015.12.29 01:17:50 org.jivesoftware.openfire.session.LocalOutgoingServerSession - LocalOutgoingServerSession: OS - Trying to connect to riseup.net:5269(DNS lookup: xmpp.riseup.net:5269)
2015.12.29 01:17:51 org.jivesoftware.openfire.session.LocalOutgoingServerSession - LocalOutgoingServerSession: OS - Plain connection to riseup.net:5269 successful
2015.12.29 01:17:51 org.jivesoftware.openfire.session.LocalOutgoingServerSession['riseup.net'] - Indicating we want TLS to riseup.net
2015.12.29 01:17:51 org.jivesoftware.openfire.session.LocalOutgoingServerSession['riseup.net'] - Negotiating TLS...
2015.12.29 01:17:52 org.jivesoftware.openfire.session.LocalOutgoingServerSession['riseup.net'] - TLS negotiation was successful.
2015.12.29 01:17:52 org.jivesoftware.openfire.session.LocalOutgoingServerSession['riseup.net'] - Offering dialback functionality: true
2015.12.29 01:17:52 org.jivesoftware.openfire.session.LocalOutgoingServerSession['riseup.net'] - Offering EXTERNAL SASL: false
2015.12.29 01:17:52 org.jivesoftware.openfire.session.LocalOutgoingServerSession['riseup.net'] - Skipping server dialback attempt as it has been disabled by local configuration.
2015.12.29 01:17:52 org.apache.mina.filter.ssl.SslFilter - Session Server[2](SSL): Writing Message : WriteRequest: HeapBuffer[pos=0 lim=223 cap=4096: 3C 6D 65 73 73 61 67 65 20 69 64 3D 22 70 75 72...]
2015.12.29 01:17:52 org.jivesoftware.openfire.server.OutgoingSessionPromise - OutgoingSessionPromise: Error sending packet to remote server:
<message type="chat" id="purpledc64497a" to="***@riseup.net" from="***@domain/17c404b8">
  <active xmlns="http://jabber.org/protocol/chatstates"/>
  <body>**</body>
</message>
java.lang.Exception: Failed to create connection to remote server
        at org.jivesoftware.openfire.server.OutgoingSessionPromise$PacketsProcessor.sendPacket(OutgoingSessionPromise.java:275)
        at org.jivesoftware.openfire.server.OutgoingSessionPromise$PacketsProcessor.run(OutgoingSessionPromise.java:239)
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
        at java.lang.Thread.run(Thread.java:744)
2015.12.29 01:17:52 org.apache.mina.filter.executor.OrderedThreadPoolExecutor - Adding event MESSAGE_SENT to session 2
Queue : [MESSAGE_SENT, ]

I’m not sure why it shows ‘offering dialback functionality: true’ (line 6) then says it skips it because it’s not supported, surely it shouldn’t be offering dialback support? The data sent to the riseup user never arrives anyhow.

For another connection, I’m testing against alpha-labs.net, this shows my account as being online but is giving me a ‘404: remote server not found’ error? The connection and dialback text appears correct for this connection attempt:

2015.12.29 01:17:50 org.jivesoftware.openfire.session.LocalOutgoingServerSession - LocalOutgoingServerSession: OS - Trying to connect to alpha-labs.net:5269(DNS lookup: jarvis.alpha-labs.net:5269)
2015.12.29 01:17:50 org.jivesoftware.openfire.session.LocalOutgoingServerSession - LocalOutgoingServerSession: OS - Plain connection to alpha-labs.net:5269 successful
2015.12.29 01:17:50 org.jivesoftware.openfire.session.LocalOutgoingServerSession['alpha-labs.net'] - Indicating we want TLS to alpha-labs.net
2015.12.29 01:17:50 org.jivesoftware.openfire.session.LocalOutgoingServerSession['alpha-labs.net'] - Negotiating TLS...
2015.12.29 01:17:51 org.jivesoftware.openfire.session.LocalOutgoingServerSession['alpha-labs.net'] - TLS negotiation was successful.
2015.12.29 01:17:51 org.jivesoftware.openfire.session.LocalOutgoingServerSession['alpha-labs.net'] - Offering dialback functionality: false
2015.12.29 01:17:51 org.jivesoftware.openfire.session.LocalOutgoingServerSession['alpha-labs.net'] - Offering EXTERNAL SASL: false
2015.12.29 01:17:51 org.jivesoftware.openfire.session.LocalOutgoingServerSession['alpha-labs.net'] - Skipping server dialback attempt as it has been disabled by local configuration.

So is this showing that s2s support is broken, or is it more likely to be a configuration error on my end?

If I enable dialback support, the connections behave differently:

2015.12.29 01:44:20 org.jivesoftware.openfire.session.LocalOutgoingServerSession['alpha-labs.net'] - Indicating we want TLS to alpha-labs.net
2015.12.29 01:44:20 org.jivesoftware.openfire.session.LocalOutgoingServerSession['alpha-labs.net'] - Negotiating TLS...
2015.12.29 01:44:20 org.jivesoftware.openfire.session.LocalOutgoingServerSession['alpha-labs.net'] - TLS negotiation was successful.
2015.12.29 01:44:20 org.jivesoftware.openfire.session.LocalOutgoingServerSession['alpha-labs.net'] - Offering dialback functionality: false
2015.12.29 01:44:20 org.jivesoftware.openfire.session.LocalOutgoingServerSession['alpha-labs.net'] - Offering EXTERNAL SASL: false
2015.12.29 01:44:20 org.jivesoftware.openfire.session.LocalOutgoingServerSession['alpha-labs.net'] - Trying to connecting using dialback over TLS.
2015.12.29 01:44:20 org.jivesoftware.openfire.server.ServerDialback - ServerDialback: OS - Sent dialback key to host: alpha-labs.net id: b91ef163 from domain: domain
2015.12.29 01:44:20 org.jivesoftware.openfire.net.BlockingAcceptingMode - Connect Socket[addr=/46.229.47.139,port=43480,localport=5269]
2015.12.29 01:44:20 org.jivesoftware.openfire.server.ServerDialback - ServerDialback: AS - Verifying key for host: alpha-labs.net id: b91ef163
2015.12.29 01:44:20 org.jivesoftware.openfire.server.ServerDialback - ServerDialback: AS - Key was: VALID for host: alpha-labs.net id: b91ef163
2015.12.29 01:44:20 org.jivesoftware.openfire.net.BlockingReadingMode - Logging off domain/e70088b1 on org.jivesoftware.openfire.net.SocketConnection@3fe8abc1 socket: Socket[addr=/46.229.47.139,port=43480,localport=5269] session: org.jivesoftware.openfire.session.Lo$
2015.12.29 01:44:20 org.jivesoftware.openfire.server.ServerDialback - ServerDialback: OS - Validation GRANTED from: alpha-labs.net id: b91ef163 for domain: domain
2015.12.29 01:44:20 org.jivesoftware.openfire.session.LocalOutgoingServerSession['alpha-labs.net'] - Dialback over TLS was successful.
2015.12.29 01:44:20 org.jivesoftware.openfire.net.BlockingAcceptingMode - Connect Socket[addr=/46.229.47.139,port=43481,localport=5269]

and

2015.12.29 01:45:12 org.jivesoftware.openfire.session.LocalOutgoingServerSession - LocalOutgoingServerSession: OS - Plain connection to riseup.net:5269 successful
2015.12.29 01:45:12 org.jivesoftware.openfire.session.LocalOutgoingServerSession['riseup.net'] - Indicating we want TLS to riseup.net
2015.12.29 01:45:12 org.jivesoftware.openfire.session.LocalOutgoingServerSession['riseup.net'] - Negotiating TLS...
2015.12.29 01:45:13 org.jivesoftware.openfire.session.LocalOutgoingServerSession['riseup.net'] - TLS negotiation was successful.
2015.12.29 01:45:13 org.jivesoftware.openfire.session.LocalOutgoingServerSession['riseup.net'] - Offering dialback functionality: true
2015.12.29 01:45:13 org.jivesoftware.openfire.session.LocalOutgoingServerSession['riseup.net'] - Offering EXTERNAL SASL: false
2015.12.29 01:45:13 org.jivesoftware.openfire.session.LocalOutgoingServerSession['riseup.net'] - Trying to connecting using dialback over TLS.
2015.12.29 01:45:13 org.jivesoftware.openfire.server.ServerDialback - ServerDialback: OS - Sent dialback key to host: riseup.net id: id_removed from domain: domain
2015.12.29 01:45:13 org.jivesoftware.openfire.net.BlockingAcceptingMode - Connect Socket[addr=/198.252.153.234,port=46925,localport=5269]
2015.12.29 01:45:14 org.jivesoftware.openfire.net.BlockingReadingMode - Logging off domain/a9543d9 on org.jivesoftware.openfire.net.SocketConnection@15934a01 socket: Socket[addr=/198.252.153.234,port=46925,localport=5269] session: org.jivesoftware.openfire.session.L$
2015.12.29 01:48:42 org.jivesoftware.openfire.server.ServerDialback - ServerDialback: OS - Time out waiting for answer in validation from: riseup.net id: id_removed for domain: domain

Are you in a position to test this with the Openfire 4.0 beta? A lot has changed in the s2s code, so perhaps this is resolved with 4.0?

OK I’ve just compiled the latest code from github (not the 4.0.0 beta on the release page), cleared the database and started afresh, seems it hasn’t resolved this issue:

2015.12.31 09:41:45 org.apache.mina.filter.codec.ProtocolCodecFilter - Processing a MESSAGE_RECEIVED for session 3
2015.12.31 09:41:45 org.jivesoftware.openfire.session.LocalOutgoingServerSession - LocalOutgoingServerSession: OS - Trying to connect to riseup.net:5269(DNS lookup: xmpp.riseup.net:5269)
2015.12.31 09:41:45 org.jivesoftware.openfire.session.LocalOutgoingServerSession - LocalOutgoingServerSession: OS - Plain connection to riseup.net:5269 successful
2015.12.31 09:41:45 org.jivesoftware.openfire.session.LocalOutgoingServerSession['riseup.net'] - Indicating we want TLS to riseup.net
2015.12.31 09:41:45 org.jivesoftware.openfire.session.LocalOutgoingServerSession['riseup.net'] - Negotiating TLS...
2015.12.31 09:41:45 org.jivesoftware.openfire.keystore.OpenfireX509TrustManager - Constructed trust manager. Number of trusted issuers: 163, accepts self-signed: true, checks validity: true
2015.12.31 09:41:46 org.jivesoftware.openfire.keystore.OpenfireX509TrustManager - Attempting to verify a chain of 4 certificates.
2015.12.31 09:41:46 org.jivesoftware.openfire.keystore.OpenfireX509TrustManager - Validating chain with 4 certificates, using 157 trust anchors.
2015.12.31 09:41:46 org.jivesoftware.openfire.session.LocalOutgoingServerSession['riseup.net'] - TLS negotiation was successful.
2015.12.31 09:41:46 org.jivesoftware.util.CertificateManager - CertificateManager: Subject Alternative Name Mapping returned []
2015.12.31 09:41:46 org.jivesoftware.util.CertificateManager - CertificateManager: Common Name Mapping returned [*.riseup.net]
2015.12.31 09:41:46 org.jivesoftware.openfire.session.LocalOutgoingServerSession['riseup.net'] - Offering dialback functionality: true
2015.12.31 09:41:46 org.jivesoftware.openfire.session.LocalOutgoingServerSession['riseup.net'] - Offering EXTERNAL SASL: false
2015.12.31 09:41:46 org.jivesoftware.openfire.session.LocalOutgoingServerSession['riseup.net'] - Trying to connecting using dialback over TLS.
2015.12.31 09:41:46 org.jivesoftware.openfire.server.ServerDialback - ServerDialback: OS - Sent dialback key to host: riseup.net id: _key from domain: domain
2015.12.31 09:41:47 org.jivesoftware.openfire.net.BlockingAcceptingMode - Connect Socket[addr=/198.252.153.234,port=42678,localport=5269]
2015.12.31 09:41:48 org.jivesoftware.openfire.keystore.OpenfireX509TrustManager - Constructed trust manager. Number of trusted issuers: 163, accepts self-signed: true, checks validity: true
2015.12.31 09:41:48 org.jivesoftware.openfire.net.BlockingReadingMode - Connection closed before session establishedSocket[addr=/198.252.153.234,port=42678,localport=5269]
2015.12.31 09:45:15 org.jivesoftware.openfire.server.ServerDialback - ServerDialback: OS - Time out waiting for answer in validation from: riseup.net id: _key for domain: domain
2015.12.31 09:45:15 org.jivesoftware.openfire.session.LocalOutgoingServerSession['riseup.net'] - Dialback over TLS failed
2015.12.31 09:45:15 org.jivesoftware.openfire.net.SocketConnection - Failed to deliver stream close tag: Socket closed
2015.12.31 09:45:15 org.jivesoftware.openfire.session.LocalOutgoingServerSession - LocalOutgoingServerSession: OS - Going to try connecting using server dialback with: riseup.net
2015.12.31 09:45:15 org.jivesoftware.openfire.server.ServerDialback - ServerDialback: OS - Trying to connect to riseup.net:5269(DNS lookup: xmpp.riseup.net:5269)
2015.12.31 09:45:15 org.jivesoftware.openfire.server.ServerDialback - ServerDialback: OS - Connection to riseup.net:5269 successful
2015.12.31 09:45:16 org.jivesoftware.openfire.server.ServerDialback - ServerDialback: OS - Sent dialback key to host: riseup.net id: _key from domain: domain
2015.12.31 09:45:16 org.jivesoftware.openfire.net.BlockingAcceptingMode - Connect Socket[addr=/198.252.153.234,port=42699,localport=5269]
2015.12.31 09:45:16 org.jivesoftware.openfire.keystore.OpenfireX509TrustManager - Constructed trust manager. Number of trusted issuers: 163, accepts self-signed: true, checks validity: true
2015.12.31 09:45:16 org.jivesoftware.openfire.net.BlockingReadingMode - Connection closed before session establishedSocket[addr=/198.252.153.234,port=42699,localport=5269]
2015.12.31 09:45:21 org.jivesoftware.util.log.util.CommonsLogFactory - Closing statement 6cf1cdf0 (belonging to connection 3) automatically
2015.12.31 09:48:46 org.jivesoftware.openfire.server.ServerDialback - ServerDialback: OS - Time out waiting for answer in validation from: riseup.net id: _key for domain: domain
2015.12.31 09:48:46 org.apache.mina.filter.ssl.SslFilter - Session Server[3](SSL): Writing Message : WriteRequest: HeapBuffer[pos=0 lim=223 cap=4096: 3C 6D 65 73 73 61 67 65 20 69 64 3D 22 70 75 72...]
2015.12.31 09:48:46 org.jivesoftware.openfire.server.OutgoingSessionPromise - OutgoingSessionPromise: Error sending packet to remote server:
<message type="chat" id="purplea95d2101" to="user@riseup.net" from="user@domain/77281ecb">
  <active xmlns="http://jabber.org/protocol/chatstates"/>
  <body>test</body>
</message>
java.lang.Exception: Failed to create connection to remote server
        at org.jivesoftware.openfire.server.OutgoingSessionPromise$PacketsProcessor.sendPacket(OutgoingSessionPromise.java:279)
        at org.jivesoftware.openfire.server.OutgoingSessionPromise$PacketsProcessor.run(OutgoingSessionPromise.java:243)
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
        at java.lang.Thread.run(Thread.java:744)

Just performed a trace using wireshark and it goes something like this:

<riseup DNS lookup>
<connects to riseup.net>
<sends STREAM to riseup>
<gets STREAM from riseup>
<sends STARTTLS to riseup>
<gets PROCEED from riseup>
<SSLv2 client hello>
<TLSv1.2 server hello>
<gets certificate from riseup>
<sends certificate/key exchange to riseup>
<sends certificate verify/change cipher spec/encrypted handshake to riseup>
<gets change cipher spec/encrypted handshake from riseup>
<sends some encrypted data to riseup>
<gets some encrypted data from riseup>
<sends some encrypted data to riseup>
<incoming connection from riseup>
<gets STREAM from riseup>
<sends STREAM to riseup>
<sends FEATURES to riseup>
<gets STARTTLS from riseup>
<sends PROCEED to riseup>
<gets SSL client hello from riseup>
<sends FAILURE to riseup>
<sends STREAM END to riseup>
<second TCP connection is terminated>

I think the issue is in line 22/23.

Could you kindly again compile the latest code from github and see if dialback still fails? Guus did some work in this area.

OK I’ve pulled the latest from master and retried but the behaviour is the same, riseup sends an SSL client hello and openfire sends back ‘FAILURE’ then ‘STREAM END’ and disconnects.

Thanks for bearing with us. Could you have a look at your log files? I’ve added a massive amount of logging. Hopefully that will help to explain what’s going on.

In all.log:

in warn.log:

in debug.log:

2016.01.06 22:49:01 org.jivesoftware.openfire.server.ServerDialback[Acting as Originating Server: Authenticate domain: domain with RS: riseup.net (id: 722edd8d-d722-4a12-97ab-c7c169cf58af)] - Failed to authenticate domain: Time out waiting for validation response. 2016.01.06 22:49:01 org.jivesoftware.openfire.session.LocalOutgoingServerSession[Dialback over TLS for: domain to: riseup.net (Stream ID: 722edd8d-d722-4a12-97ab-c7c169cf58af)] - Dialback over TLS failed 2016.01.06 22:49:01 org.jivesoftware.openfire.session.LocalOutgoingServerSession[Secure/Authenticat e connection for: domain to: riseup.net] - Failed to authenticate with dialback. 2016.01.06 22:49:01 org.jivesoftware.openfire.session.LocalOutgoingServerSession[Create outgoing session for: domain to riseup.net] - Unable to secure and authenticate the connection with TLS & SASL. 2016.01.06 22:49:01 org.jivesoftware.openfire.session.LocalOutgoingServerSession[Create outgoing session for: domain to riseup.net] - Something went wrong so close the connection and try server dialback over a plain connection 2016.01.06 22:49:01 org.jivesoftware.openfire.net.SocketConnection - Failed to deliver stream close tag: Socket closed 2016.01.06 22:49:01 org.jivesoftware.openfire.session.LocalOutgoingServerSession[Create outgoing session for: domain to riseup.net] - Unable to create a new session. Going to try connecting using server dialback as a fallback. 2016.01.06 22:49:01 org.jivesoftware.openfire.server.ServerDialback[Acting as Originating Server: Create Outgoing Session from: domain to RS at: riseup.net (port: 5269)] - Creating new outgoing session… 2016.01.06 22:49:01 org.jivesoftware.openfire.net.SocketUtil - Creating a socket connection to XMPP domain ‘riseup.net’ … 2016.01.06 22:49:01 org.jivesoftware.openfire.net.SocketUtil - Use DNS to resolve remote hosts for the provided XMPP domain ‘riseup.net’ (default port: 5269) … 2016.01.06 22:49:01 org.jivesoftware.openfire.net.SocketUtil - Found 1 host(s) for XMPP domain ‘riseup.net’. 2016.01.06 22:49:01 org.jivesoftware.openfire.net.SocketUtil - Trying to create socket connection to XMPP domain ‘riseup.net’ using remote host: xmpp.riseup.net:5269 (blocks up to 120000 ms) … 2016.01.06 22:49:01 org.jivesoftware.openfire.net.SocketUtil - Successfully created socket connection to XMPP domain ‘riseup.net’ using remote host: xmpp.riseup.net:5269! 2016.01.06 22:49:01 org.jivesoftware.openfire.server.ServerDialback[Acting as Originating Server: Create Outgoing Session from: domain to RS at: riseup.net (port: 5269)] - Send the stream header and wait for response… 2016.01.06 22:49:01 org.jivesoftware.openfire.server.ServerDialback[Acting as Originating Server: Create Outgoing Session from: domain to RS at: riseup.net (port: 5269)] - Got a response. Check if the remote server supports dialback… 2016.01.06 22:49:01 org.jivesoftware.openfire.server.ServerDialback[Acting as Originating Server: Create Outgoing Session from: domain to RS at: riseup.net (port: 5269)] - Dialback seems to be supported by the remote server. 2016.01.06 22:49:01 org.jivesoftware.openfire.server.ServerDialback[Acting as Originating Server: Authenticate domain: domain with RS: riseup.net (id: d8842572-d505-472e-9025-f22ec15c8a96)] - Authenticating domain … 2016.01.06 22:49:01 org.jivesoftware.openfire.server.ServerDialback[Acting as Originating Server: Authenticate domain: domain with RS: riseup.net (id: d8842572-d505-472e-9025-f22ec15c8a96)] - Sending dialback key and wait for the validation response… 2016.01.06 22:49:02 org.jivesoftware.openfire.net.BlockingAcceptingMode - Connect Socket[addr=/198.252.153.234,port=60935,localport=5269] 2016.01.06 22:49:02 org.jivesoftware.openfire.keystore.OpenfireX509TrustManager - Constructed trust manager. Number of trusted issuers: 163, accepts self-signed: true, checks validity: false

For some reason using html tags isn’t working so I’ll try just pasting it unformatted this time:

In all.log:

2016.01.06 22:49:02 DEBUG [Socket Listener at port 5269]: org.jivesoftware.openfire.net.BlockingAcceptingMode - Connect Socket[addr=/198.252.153.234,port=60935,localport=5269]

2016.01.06 22:49:02 DEBUG [Server SR - 825867896]: org.jivesoftware.openfire.keystore.OpenfireX509TrustManager - Constructed trust manager. Number of trusted issuers: 163, accepts self-signed: true, checks validity: false

2016.01.06 22:49:02 WARN [Server SR - 825867896]: org.jivesoftware.openfire.net.SocketReadingMode - An exception occurred while performing STARTTLS negotiation (with: org.jivesoftware.openfire.net.SocketConnection@759b756a socket: Socket[addr=/198.252.153.234,po

rt=60935,localport=5269] session: org.jivesoftware.openfire.session.LocalIncomingServerSession@35ac4ccd status: 1 address: domain/8whowh1ig8 id: 8whowh1ig8)

java.lang.RuntimeException: sun.security.pkcs11.wrapper.PKCS11Exception: CKR_DOMAIN_PARAMS_INVALID

at sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1287)

at sun.security.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:513)

at sun.security.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:793)

at sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:761)

at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:624)

at org.jivesoftware.openfire.net.TLSStreamHandler.doHandshake(TLSStreamHandler.jav a:241)

at org.jivesoftware.openfire.net.TLSStreamHandler.start(TLSStreamHandler.java:178)

at org.jivesoftware.openfire.net.SocketConnection.startTLS(SocketConnection.java:1 95)

at org.jivesoftware.openfire.net.SocketReadingMode.negotiateTLS(SocketReadingMode. java:87)

at org.jivesoftware.openfire.net.BlockingReadingMode.readStream(BlockingReadingMod e.java:138)

at org.jivesoftware.openfire.net.BlockingReadingMode.run(BlockingReadingMode.java: 76)

at org.jivesoftware.openfire.net.SocketReader.run(SocketReader.java:145)

at java.lang.Thread.run(Thread.java:744)

Caused by: java.security.ProviderException: sun.security.pkcs11.wrapper.PKCS11Exception: CKR_DOMAIN_PARAMS_INVALID

at sun.security.pkcs11.P11KeyPairGenerator.generateKeyPair(P11KeyPairGenerator.jav a:323)

at java.security.KeyPairGenerator$Delegate.generateKeyPair(KeyPairGenerator.java:6 87)

at sun.security.ssl.ECDHCrypt.(ECDHCrypt.java:63)

at sun.security.ssl.ServerHandshaker.setupEphemeralECDHKeys(ServerHandshaker.java: 1208)

at sun.security.ssl.ServerHandshaker.trySetCipherSuite(ServerHandshaker.java:1062)

at sun.security.ssl.ServerHandshaker.chooseCipherSuite(ServerHandshaker.java:889)

at sun.security.ssl.ServerHandshaker.clientHello(ServerHandshaker.java:622)

at sun.security.ssl.ServerHandshaker.processMessage(ServerHandshaker.java:167)

at sun.security.ssl.Handshaker.processLoop(Handshaker.java:868)

at sun.security.ssl.Handshaker$1.run(Handshaker.java:808)

at sun.security.ssl.Handshaker$1.run(Handshaker.java:806)

at java.security.AccessController.doPrivileged(Native Method)

at sun.security.ssl.Handshaker$DelegatedTask.run(Handshaker.java:1227)

at org.jivesoftware.openfire.net.TLSStreamHandler.doTasks(TLSStreamHandler.java:34 4)

at org.jivesoftware.openfire.net.TLSStreamHandler.doHandshake(TLSStreamHandler.jav a:254)

… 7 more

Caused by: sun.security.pkcs11.wrapper.PKCS11Exception: CKR_DOMAIN_PARAMS_INVALID

at sun.security.pkcs11.wrapper.PKCS11.C_GenerateKeyPair(Native Method)

at sun.security.pkcs11.P11KeyPairGenerator.generateKeyPair(P11KeyPairGenerator.jav a:314)

… 21 more

2016.01.06 22:49:02 DEBUG [Server SR - 825867896]: org.jivesoftware.openfire.net.BlockingReadingMode - Connection closed before session establishedSocket[addr=/198.252.153.234,port=60935,localport=5269]

2016.01.06 22:49:22 INFO [Thread-1]: org.jivesoftware.openfire.XMPPServer - Shutting down 50 modules …

2016.01.06 22:49:22 DEBUG [ShutdownHook]: org.jivesoftware.util.log.util.CommonsLogFactory - Running ShutdownHook

2016.01.06 22:49:22 DEBUG [Shutdown Hook]: org.jivesoftware.util.log.util.CommonsLogFactory - Shutting down ‘openfire’ pool immediately [Shutdown Hook]

in warn.log:

2016.01.06 22:47:01 org.jivesoftware.openfire.server.ServerDialback[Acting as Originating Server: Authenticate domain: domain with RS: riseup.net (id: 722edd8d-d722-4a12-97ab-c7c169cf58af)] - Ignoring unexpected answer while waiting for dialback validation: <stream:error xmlns:stream=“http://etherx.jabber.org/streams”></stream:error>

2016.01.06 22:49:01 org.jivesoftware.openfire.session.LocalOutgoingServerSession[Secure/Authenticat e connection for: domain to: riseup.net] - Unable to secure and authenticate connection: Exhausted all options.

2016.01.06 22:49:02 org.jivesoftware.openfire.net.SocketReadingMode - An exception occurred while performing STARTTLS negotiation (with: org.jivesoftware.openfire.net.SocketConnection@759b756a socket: Socket[addr=/198.252.153.234,port=60935,localport=5269] session: org.jivesoftware.openfire.session.LocalIncomingServerSession@35ac4ccd status: 1 address: domain/8whowh1ig8 id: 8whowh1ig8)

java.lang.RuntimeException: sun.security.pkcs11.wrapper.PKCS11Exception: CKR_DOMAIN_PARAMS_INVALID

at sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1287)

at sun.security.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:513)

at sun.security.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:793)

at sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:761)

at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:624)

at org.jivesoftware.openfire.net.TLSStreamHandler.doHandshake(TLSStreamHandler.jav a:241)

at org.jivesoftware.openfire.net.TLSStreamHandler.start(TLSStreamHandler.java:178)

at org.jivesoftware.openfire.net.SocketConnection.startTLS(SocketConnection.java:1 95)

at org.jivesoftware.openfire.net.SocketReadingMode.negotiateTLS(SocketReadingMode. java:87)

at org.jivesoftware.openfire.net.BlockingReadingMode.readStream(BlockingReadingMod e.java:138)

at org.jivesoftware.openfire.net.BlockingReadingMode.run(BlockingReadingMode.java: 76)

at org.jivesoftware.openfire.net.SocketReader.run(SocketReader.java:145)

at java.lang.Thread.run(Thread.java:744)

Caused by: java.security.ProviderException: sun.security.pkcs11.wrapper.PKCS11Exception: CKR_DOMAIN_PARAMS_INVALID

at sun.security.pkcs11.P11KeyPairGenerator.generateKeyPair(P11KeyPairGenerator.jav a:323)

at java.security.KeyPairGenerator$Delegate.generateKeyPair(KeyPairGenerator.java:6 87)

at sun.security.ssl.ECDHCrypt.(ECDHCrypt.java:63)

at sun.security.ssl.ServerHandshaker.setupEphemeralECDHKeys(ServerHandshaker.java: 1208)

at sun.security.ssl.ServerHandshaker.trySetCipherSuite(ServerHandshaker.java:1062)

at sun.security.ssl.ServerHandshaker.chooseCipherSuite(ServerHandshaker.java:889)

at sun.security.ssl.ServerHandshaker.clientHello(ServerHandshaker.java:622)

at sun.security.ssl.ServerHandshaker.processMessage(ServerHandshaker.java:167)

at sun.security.ssl.Handshaker.processLoop(Handshaker.java:868)

at sun.security.ssl.Handshaker$1.run(Handshaker.java:808)

at sun.security.ssl.Handshaker$1.run(Handshaker.java:806)

at java.security.AccessController.doPrivileged(Native Method)

at sun.security.ssl.Handshaker$DelegatedTask.run(Handshaker.java:1227)

at org.jivesoftware.openfire.net.TLSStreamHandler.doTasks(TLSStreamHandler.java:34 4)

at org.jivesoftware.openfire.net.TLSStreamHandler.doHandshake(TLSStreamHandler.jav a:254)

… 7 more

Caused by: sun.security.pkcs11.wrapper.PKCS11Exception: CKR_DOMAIN_PARAMS_INVALID

at sun.security.pkcs11.wrapper.PKCS11.C_GenerateKeyPair(Native Method)

at sun.security.pkcs11.P11KeyPairGenerator.generateKeyPair(P11KeyPairGenerator.jav a:314)

… 21 more

in debug.log:

2016.01.06 22:49:01 org.jivesoftware.openfire.server.ServerDialback[Acting as Originating Server: Authenticate domain: domain with RS: riseup.net (id: 722edd8d-d722-4a12-97ab-c7c169cf58af)] - Failed to authenticate domain: Time out waiting for validation response.

2016.01.06 22:49:01 org.jivesoftware.openfire.session.LocalOutgoingServerSession[Dialback over TLS for: domain to: riseup.net (Stream ID: 722edd8d-d722-4a12-97ab-c7c169cf58af)] - Dialback over TLS failed

2016.01.06 22:49:01 org.jivesoftware.openfire.session.LocalOutgoingServerSession[Secure/Authenticat e connection for: domain to: riseup.net] - Failed to authenticate with dialback.

2016.01.06 22:49:01 org.jivesoftware.openfire.session.LocalOutgoingServerSession[Create outgoing session for: domain to riseup.net] - Unable to secure and authenticate the connection with TLS & SASL.

2016.01.06 22:49:01 org.jivesoftware.openfire.session.LocalOutgoingServerSession[Create outgoing session for: domain to riseup.net] - Something went wrong so close the connection and try server dialback over a plain connection

2016.01.06 22:49:01 org.jivesoftware.openfire.net.SocketConnection - Failed to deliver stream close tag: Socket closed

2016.01.06 22:49:01 org.jivesoftware.openfire.session.LocalOutgoingServerSession[Create outgoing session for: domain to riseup.net] - Unable to create a new session. Going to try connecting using server dialback as a fallback.

2016.01.06 22:49:01 org.jivesoftware.openfire.server.ServerDialback[Acting as Originating Server: Create Outgoing Session from: domain to RS at: riseup.net (port: 5269)] - Creating new outgoing session…

2016.01.06 22:49:01 org.jivesoftware.openfire.net.SocketUtil - Creating a socket connection to XMPP domain ‘riseup.net’ …

2016.01.06 22:49:01 org.jivesoftware.openfire.net.SocketUtil - Use DNS to resolve remote hosts for the provided XMPP domain ‘riseup.net’ (default port: 5269) …

2016.01.06 22:49:01 org.jivesoftware.openfire.net.SocketUtil - Found 1 host(s) for XMPP domain ‘riseup.net’.

2016.01.06 22:49:01 org.jivesoftware.openfire.net.SocketUtil - Trying to create socket connection to XMPP domain ‘riseup.net’ using remote host: xmpp.riseup.net:5269 (blocks up to 120000 ms) …

2016.01.06 22:49:01 org.jivesoftware.openfire.net.SocketUtil - Successfully created socket connection to XMPP domain ‘riseup.net’ using remote host: xmpp.riseup.net:5269!

2016.01.06 22:49:01 org.jivesoftware.openfire.server.ServerDialback[Acting as Originating Server: Create Outgoing Session from: domain to RS at: riseup.net (port: 5269)] - Send the stream header and wait for response…

2016.01.06 22:49:01 org.jivesoftware.openfire.server.ServerDialback[Acting as Originating Server: Create Outgoing Session from: domain to RS at: riseup.net (port: 5269)] - Got a response. Check if the remote server supports dialback…

2016.01.06 22:49:01 org.jivesoftware.openfire.server.ServerDialback[Acting as Originating Server: Create Outgoing Session from: domain to RS at: riseup.net (port: 5269)] - Dialback seems to be supported by the remote server.

2016.01.06 22:49:01 org.jivesoftware.openfire.server.ServerDialback[Acting as Originating Server: Authenticate domain: domain with RS: riseup.net (id: d8842572-d505-472e-9025-f22ec15c8a96)] - Authenticating domain …

2016.01.06 22:49:01 org.jivesoftware.openfire.server.ServerDialback[Acting as Originating Server: Authenticate domain: domain with RS: riseup.net (id: d8842572-d505-472e-9025-f22ec15c8a96)] - Sending dialback key and wait for the validation response…

2016.01.06 22:49:02 org.jivesoftware.openfire.net.BlockingAcceptingMode - Connect Socket[addr=/198.252.153.234,port=60935,localport=5269]

2016.01.06 22:49:02 org.jivesoftware.openfire.keystore.OpenfireX509TrustManager - Constructed trust manager. Number of trusted issuers: 163, accepts self-signed: true, checks validity: false

That’s an odd exception. We have another issue in our bugtracker that mentions it - it appears to be related to setings that are specific to the version of Java that is in use. Can you check if this verifies to your setup? [OF-636] CKR_DOMAIN_PARAMS_INVALID exception when creating SSL connection and using openjdk - Jive Software Open Source

Nice, seems to resolve the issue! Thanks for taking the time to check this. Debug now shows:

2016.01.07 20:41:51 org.apache.mina.core.filterchain.IoFilterEvent - Firing a MESSAGE_RECEIVED event for session 2

2016.01.07 20:41:51 org.apache.mina.filter.codec.ProtocolCodecFilter - Processing a MESSAGE_RECEIVED for session 2

2016.01.07 20:41:51 org.jivesoftware.openfire.session.LocalOutgoingServerSession[Authenticate local domain: ‘domain’ to remote domain: ‘riseup.net’] - Start domain authentication …

2016.01.07 20:41:51 org.apache.mina.core.filterchain.IoFilterEvent - Event MESSAGE_RECEIVED has been fired for session 2

2016.01.07 20:41:51 org.jivesoftware.openfire.session.LocalOutgoingServerSession[Authenticate local domain: ‘domain’ to remote domain: ‘riseup.net’] - Searching for pre-existing outgoing sessions to the remote domain (if one exists, it will be re-used) …

2016.01.07 20:41:51 org.jivesoftware.openfire.session.LocalOutgoingServerSession[Authenticate local domain: ‘domain’ to remote domain: ‘riseup.net’] - There are no pre-existing outgoing sessions to the remote domain itself. Searching for pre-existing outgoing sessio$

2016.01.07 20:41:51 org.jivesoftware.openfire.session.LocalOutgoingServerSession[Authenticate local domain: ‘domain’ to remote domain: ‘riseup.net’] - There are no pre-existing session to other domains hosted on the remote domain.

2016.01.07 20:41:51 org.jivesoftware.openfire.session.LocalOutgoingServerSession[Authenticate local domain: ‘domain’ to remote domain: ‘riseup.net’] - Unable to re-use an existing session. Creating a new session …

2016.01.07 20:41:51 org.jivesoftware.openfire.session.LocalOutgoingServerSession[Create outgoing session for: domain to riseup.net] - Creating new session…

2016.01.07 20:41:51 org.jivesoftware.openfire.session.LocalOutgoingServerSession[Create outgoing session for: domain to riseup.net] - Creating plain socket connection to a host that belongs to the remote XMPP domain.

2016.01.07 20:41:51 org.jivesoftware.openfire.net.SocketUtil - Creating a socket connection to XMPP domain ‘riseup.net’ …

2016.01.07 20:41:51 org.jivesoftware.openfire.net.SocketUtil - Use DNS to resolve remote hosts for the provided XMPP domain ‘riseup.net’ (default port: 5269) …

2016.01.07 20:41:51 org.jivesoftware.openfire.net.SocketUtil - Found 1 host(s) for XMPP domain ‘riseup.net’.

2016.01.07 20:41:51 org.jivesoftware.openfire.net.SocketUtil - Trying to create socket connection to XMPP domain ‘riseup.net’ using remote host: xmpp.riseup.net:5269 (blocks up to 120000 ms) …

2016.01.07 20:41:51 org.jivesoftware.openfire.net.SocketUtil - Successfully created socket connection to XMPP domain ‘riseup.net’ using remote host: xmpp.riseup.net:5269!

2016.01.07 20:41:51 org.jivesoftware.openfire.session.LocalOutgoingServerSession[Create outgoing session for: domain to riseup.net] - Send the stream header and wait for response…

2016.01.07 20:41:51 org.jivesoftware.openfire.session.LocalOutgoingServerSession[Create outgoing session for: domain to riseup.net] - Got a response (stream ID: e2cc9ddb-65af-42a7-b2da-b76290d5b10b, version: 1.0). Check if the remote server is XMPP 1.0 compliant…

2016.01.07 20:41:51 org.jivesoftware.openfire.session.LocalOutgoingServerSession[Create outgoing session for: domain to riseup.net] - The remote server is XMPP 1.0 compliant (or at least reports to be).

2016.01.07 20:41:51 org.jivesoftware.openfire.session.LocalOutgoingServerSession[Create outgoing session for: domain to riseup.net] - Processing stream features of the remote domain…

2016.01.07 20:41:51 org.jivesoftware.openfire.session.LocalOutgoingServerSession[Create outgoing session for: domain to riseup.net] - Check if both us as well as the remote server have enabled STARTTLS and/or dialback …

2016.01.07 20:41:51 org.jivesoftware.openfire.session.LocalOutgoingServerSession[Create outgoing session for: domain to riseup.net] - Both us and the remote server support the STARTTLS feature. Secure and authenticate the connection with TLS & SASL…

2016.01.07 20:41:51 org.jivesoftware.openfire.session.LocalOutgoingServerSession[Secure/Authenticat e connection for: domain to: riseup.net] - Securing and authenticating connection …

2016.01.07 20:41:51 org.jivesoftware.openfire.session.LocalOutgoingServerSession[Secure/Authenticat e connection for: domain to: riseup.net] - Indicating we want TLS and wait for response.

2016.01.07 20:41:51 org.jivesoftware.openfire.session.LocalOutgoingServerSession[Secure/Authenticat e connection for: domain to: riseup.net] - Received ‘proceed’ from remote server. Negotiating TLS…

2016.01.07 20:41:51 org.jivesoftware.openfire.keystore.OpenfireX509TrustManager - Constructed trust manager. Number of trusted issuers: 163, accepts self-signed: true, checks validity: false

2016.01.07 20:41:51 org.jivesoftware.openfire.keystore.OpenfireX509TrustManager - Attempting to verify a chain of 4 certificates.

2016.01.07 20:41:51 org.jivesoftware.openfire.keystore.OpenfireX509TrustManager - Attempting to ignore any validity (expiry) issues, as instructed by configuration.

2016.01.07 20:41:51 org.jivesoftware.openfire.keystore.OpenfireX509TrustManager - Validating chain with 4 certificates, using 163 trust anchors.

2016.01.07 20:41:52 org.jivesoftware.openfire.session.LocalOutgoingServerSession[Secure/Authenticat e connection for: domain to: riseup.net] - TLS negotiation was successful. Connection secured. Proceeding with authentication…

2016.01.07 20:41:52 org.jivesoftware.util.CertificateManager - CertificateManager: Subject Alternative Name Mapping returned []

2016.01.07 20:41:52 org.jivesoftware.util.CertificateManager - CertificateManager: Common Name Mapping returned [*.riseup.net]

2016.01.07 20:41:52 org.jivesoftware.openfire.session.LocalOutgoingServerSession[Secure/Authenticat e connection for: domain to: riseup.net] - TLS negotiation was successful so initiate a new stream.

2016.01.07 20:41:52 org.jivesoftware.openfire.session.LocalOutgoingServerSession[Secure/Authenticat e connection for: domain to: riseup.net] - Remote server is offering dialback: true, EXTERNAL SASL:

2016.01.07 20:41:52 org.jivesoftware.openfire.session.LocalOutgoingServerSession[Secure/Authenticat e connection for: domain to: riseup.net] - Trying to authenticate with dialback.

2016.01.07 20:41:52 org.jivesoftware.openfire.session.LocalOutgoingServerSession[Dialback over TLS for: domain to: riseup.net (Stream ID: d78215be-c39a-4c2e-9769-e58de33449c1)] - Trying to connecting using dialback over TLS.

2016.01.07 20:41:52 org.jivesoftware.openfire.server.ServerDialback[Acting as Originating Server: Authenticate domain: domain with RS: riseup.net (id: d78215be-c39a-4c2e-9769-e58de33449c1)] - Authenticating domain …

2016.01.07 20:41:52 org.jivesoftware.openfire.server.ServerDialback[Acting as Originating Server: Authenticate domain: domain with RS: riseup.net (id: d78215be-c39a-4c2e-9769-e58de33449c1)] - Sending dialback key and wait for the validation response…

2016.01.07 20:41:53 org.jivesoftware.openfire.net.BlockingAcceptingMode - Connect Socket[addr=/198.252.153.234,port=49279,localport=5269]

2016.01.07 20:41:53 org.jivesoftware.openfire.keystore.OpenfireX509TrustManager - Constructed trust manager. Number of trusted issuers: 163, accepts self-signed: true, checks validity: false

2016.01.07 20:41:54 org.jivesoftware.openfire.net.SocketConnection - Peer certificates have not been verified - there are no certificates to return for: null

javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated

at sun.security.ssl.SSLSessionImpl.getPeerCertificates(SSLSessionImpl.java:397)

at org.jivesoftware.openfire.net.SocketConnection.getPeerCertificates(SocketConnec tion.java:452)

at org.jivesoftware.openfire.net.SASLAuthentication.getSASLMechanismsElement(SASLA uthentication.java:200)

at org.jivesoftware.openfire.net.SASLAuthentication.getSASLMechanisms(SASLAuthenti cation.java:183)

at org.jivesoftware.openfire.net.SocketReadingMode.tlsNegotiated(SocketReadingMode .java:117)

at org.jivesoftware.openfire.net.BlockingReadingMode.tlsNegotiated(BlockingReading Mode.java:183)

at org.jivesoftware.openfire.net.BlockingReadingMode.readStream(BlockingReadingMod e.java:139)

at org.jivesoftware.openfire.net.BlockingReadingMode.run(BlockingReadingMode.java: 76)

at org.jivesoftware.openfire.net.SocketReader.run(SocketReader.java:145)

at java.lang.Thread.run(Thread.java:744)

2016.01.07 20:41:54 org.jivesoftware.openfire.server.ServerDialback[Acting as Receiving Server: Validate domain:domain(id yr1k7pppw) for OS: riseup.net] - Validating domain…

2016.01.07 20:41:54 org.jivesoftware.openfire.server.ServerDialback[Acting as Receiving Server: Validate domain:domain(id yr1k7pppw) for OS: riseup.net] - Check if the remote domain already has a connection to the target domain/subdomain

2016.01.07 20:41:54 org.jivesoftware.openfire.server.ServerDialback[Acting as Receiving Server: Validate domain:domain(id yr1k7pppw) for OS: riseup.net] - Checking to see if the remote server provides stronger authentication based on SASL. If that’s the case, dialba$

2016.01.07 20:41:54 org.jivesoftware.openfire.net.SocketConnection - Peer certificates have not been verified - there are no certificates to return for: null

javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated

at sun.security.ssl.SSLSessionImpl.getPeerCertificates(SSLSessionImpl.java:397)

at org.jivesoftware.openfire.net.SocketConnection.getPeerCertificates(SocketConnec tion.java:452)

at org.jivesoftware.openfire.server.ServerDialback.validateRemoteDomain(ServerDial back.java:518)

at org.jivesoftware.openfire.session.LocalIncomingServerSession.validateSubsequent Domain(LocalIncomingServerSession.java:248)

at org.jivesoftware.openfire.net.ServerSocketReader.processUnknowPacket(ServerSock etReader.java:143)

at org.jivesoftware.openfire.net.SocketReader.process(SocketReader.java:242)

at org.jivesoftware.openfire.net.BlockingReadingMode.readStream(BlockingReadingMod e.java:168)

at org.jivesoftware.openfire.net.BlockingReadingMode.run(BlockingReadingMode.java: 76)

at org.jivesoftware.openfire.net.SocketReader.run(SocketReader.java:145)

at java.lang.Thread.run(Thread.java:744)

2016.01.07 20:41:54 org.jivesoftware.openfire.server.ServerDialback[Acting as Receiving Server: Validate domain:domain(id yr1k7pppw) for OS: riseup.net] - Unable to authenticate host based on stronger SASL. Proceeding with dialback…

2016.01.07 20:41:54 org.jivesoftware.openfire.net.SocketUtil - Creating a socket connection to XMPP domain ‘riseup.net’ …

2016.01.07 20:41:54 org.jivesoftware.openfire.net.SocketUtil - Use DNS to resolve remote hosts for the provided XMPP domain ‘riseup.net’ (default port: 5269) …

2016.01.07 20:41:54 org.jivesoftware.openfire.net.SocketUtil - Found 1 host(s) for XMPP domain ‘riseup.net’.

2016.01.07 20:41:54 org.jivesoftware.openfire.net.SocketUtil - Trying to create socket connection to XMPP domain ‘riseup.net’ using remote host: xmpp.riseup.net:5269 (blocks up to 120000 ms) …

2016.01.07 20:41:54 org.jivesoftware.openfire.net.SocketUtil - Successfully created socket connection to XMPP domain ‘riseup.net’ using remote host: xmpp.riseup.net:5269!

2016.01.07 20:41:54 org.jivesoftware.openfire.server.ServerDialback[Acting as Receiving Server: Validate domain:domain(id yr1k7pppw) for OS: riseup.net] - Verifying dialback key…

2016.01.07 20:41:54 org.jivesoftware.openfire.server.ServerDialback[Acting as Receiving Server: Verify key with AS: riseup.net for OS: domain (id yr1k7pppw)] - Verifying key …

2016.01.07 20:41:54 org.jivesoftware.openfire.server.ServerDialback[Acting as Receiving Server: Verify key with AS: riseup.net for OS: domain (id yr1k7pppw)] - Send the Authoritative Server a stream header and wait for answer.

2016.01.07 20:41:55 org.jivesoftware.openfire.server.ServerDialback[Acting as Receiving Server: Verify key with AS: riseup.net for OS: domain (id yr1k7pppw)] - Got a response.

2016.01.07 20:41:55 org.jivesoftware.openfire.server.ServerDialback[Acting as Receiving Server: Verify key with AS: riseup.net for OS: domain (id yr1k7pppw)] - The remote server is XMPP 1.0 compliant (or at least reports to be).

2016.01.07 20:41:55 org.jivesoftware.openfire.server.ServerDialback[Acting as Receiving Server: Verify key with AS: riseup.net for OS: domain (id yr1k7pppw)] - Negotiating TLS with AS…

2016.01.07 20:41:55 org.jivesoftware.openfire.keystore.OpenfireX509TrustManager - Constructed trust manager. Number of trusted issuers: 163, accepts self-signed: true, checks validity: false

2016.01.07 20:41:55 org.jivesoftware.openfire.keystore.OpenfireX509TrustManager - Attempting to verify a chain of 4 certificates.

2016.01.07 20:41:55 org.jivesoftware.openfire.keystore.OpenfireX509TrustManager - Attempting to ignore any validity (expiry) issues, as instructed by configuration.

2016.01.07 20:41:55 org.jivesoftware.openfire.keystore.OpenfireX509TrustManager - Validating chain with 4 certificates, using 163 trust anchors.

2016.01.07 20:41:56 org.jivesoftware.openfire.server.ServerDialback[Acting as Receiving Server: Verify key with AS: riseup.net for OS: domain (id yr1k7pppw)] - Successfully negotiated TLS with AS…

2016.01.07 20:41:56 org.jivesoftware.openfire.server.ServerDialback[Acting as Receiving Server: Verify key with AS: riseup.net for OS: domain (id yr1k7pppw)] - Send the Authoritative Server a stream header and wait for answer.

2016.01.07 20:41:56 org.jivesoftware.openfire.server.ServerDialback[Acting as Receiving Server: Verify key with AS: riseup.net for OS: domain (id yr1k7pppw)] - Got a response.

2016.01.07 20:41:56 org.jivesoftware.openfire.server.ServerDialback[Acting as Receiving Server: Verify key with AS: riseup.net for OS: domain (id yr1k7pppw)] - The remote server is XMPP 1.0 compliant (or at least reports to be).

2016.01.07 20:41:56 org.jivesoftware.openfire.server.ServerDialback[Acting as Receiving Server: Verify key with AS: riseup.net for OS: domain (id yr1k7pppw)] - Request for verification of the key and wait for response

2016.01.07 20:41:56 org.jivesoftware.openfire.server.ServerDialback[Acting as Receiving Server: Verify key with AS: riseup.net for OS: domain (id yr1k7pppw)] - Key was VERIFIED by the Authoritative Server.

2016.01.07 20:41:56 org.jivesoftware.openfire.server.ServerDialback[Acting as Receiving Server: Verify key with AS: riseup.net for OS: domain (id yr1k7pppw)] - Successfully verified key!

2016.01.07 20:41:56 org.jivesoftware.openfire.server.ServerDialback[Acting as Receiving Server: Validate domain:domain(id yr1k7pppw) for OS: riseup.net] - Dialback key isvalid. Sending verification result to remote domain.

2016.01.07 20:41:56 org.jivesoftware.openfire.server.ServerDialback[Acting as Receiving Server: Validate domain:domain(id yr1k7pppw) for OS: riseup.net] - Successfully validated domain!

2016.01.07 20:41:56 org.jivesoftware.openfire.server.ServerDialback[Acting as Authoritative Server: Verify key sent by RS: riseup.net (id d78215be-c39a-4c2e-9769-e58de33449c1)] - Verifying key…

2016.01.07 20:41:56 org.jivesoftware.openfire.server.ServerDialback[Acting as Authoritative Server: Verify key sent by RS: riseup.net (id d78215be-c39a-4c2e-9769-e58de33449c1)] - Verification successful! Key was: VALID

2016.01.07 20:41:56 org.jivesoftware.openfire.server.ServerDialback[Acting as Originating Server: Authenticate domain: domain with RS: riseup.net (id: d78215be-c39a-4c2e-9769-e58de33449c1)] - Authenticated succeeded!

2016.01.07 20:41:56 org.jivesoftware.openfire.session.LocalOutgoingServerSession[Dialback over TLS for: domain to: riseup.net (Stream ID: d78215be-c39a-4c2e-9769-e58de33449c1)] - Dialback over TLS was successful.

2016.01.07 20:41:56 org.jivesoftware.openfire.session.LocalOutgoingServerSession[Secure/Authenticat e connection for: domain to: riseup.net] - Successfully authenticated with dialback.

2016.01.07 20:41:56 org.jivesoftware.openfire.session.LocalOutgoingServerSession[Secure/Authenticat e connection for: domain to: riseup.net] - Successfully secured and authenticated connection!

2016.01.07 20:41:56 org.jivesoftware.openfire.session.LocalOutgoingServerSession[Create outgoing session for: domain to riseup.net] - Successfully secured/authenticated the connection with TLS/SASL)!

2016.01.07 20:41:56 org.jivesoftware.openfire.session.LocalOutgoingServerSession[Create outgoing session for: domain to riseup.net] - Successfully created new session!

2016.01.07 20:41:56 org.jivesoftware.openfire.session.LocalOutgoingServerSession[Authenticate local domain: ‘domain’ to remote domain: ‘riseup.net’] - Created a new session.

2016.01.07 20:41:56 org.jivesoftware.openfire.session.LocalOutgoingServerSession[Authenticate local domain: ‘domain’ to remote domain: ‘riseup.net’] - Authentication successful.

2016.01.07 20:41:56 org.apache.mina.filter.ssl.SslFilter - Session Server2: Writing Message : WriteRequest: HeapBuffer[pos=0 lim=275 cap=4096: 3C 6D 65 73 73 61 67 65 20 74 79 70 65 3D 22 63…]

2016.01.07 20:41:56 org.apache.mina.filter.executor.OrderedThreadPoolExecutor - Adding event MESSAGE_SENT to session 2

Queue : [MESSAGE_SENT, ]