Hi,
I’m working as developer in sustaining of one application which is basically Instant Message app. Our customer wants to login to XMPP server over VPN. For security reasons, they do not want any entries in Windows hosts file and also DNS over VPN is forbidden (I don’t know exact reason but its a fact). They will connect to XMPP server by using IP address and they are aware of it.
Problem is that during XMPP login process - TLS handshaking is broken. XMPPConnection.connect is executed fine, but XMPPConnection.login fails.
Here are XMPP message sent:
<stream:stream to=“pasternak.pst” xmlns=“jabber:client” xmlns:stream=“http://etherx.jabber.org/streams” version=“1.0”>
my_username
<stream:stream to=“pasternak.pst” xmlns=“jabber:client” xmlns:stream=“http://etherx.jabber.org/streams” version=“1.0”>
<stream:stream to=“pasternak.pst” xmlns=“jabber:client” xmlns:stream=“http://etherx.jabber.org/streams” version=“1.0”>
</stream:stream>
and received:
<stream:stream xmlns:stream=‘http://etherx.jabber.org/streams’ xmlns=‘jabber:client’ xml:lang=‘en-US.UTF-8’ id=‘48C183909B1’ from=‘pasternak.pst’ version=‘1.0’>
stream:features</stream:features >
<stream:stream xmlns:stream=‘http://etherx.jabber.org/streams’ xmlns=‘jabber:client’ xml:lang=‘en-US.UTF-8’ id=‘48D5D924CBD’ from=‘pasternak.pst’ version=‘1.0’>
stream:features</stream:features >
<stream:stream xmlns:stream=‘http://etherx.jabber.org/streams’ xmlns=‘jabber:client’ xml:lang=‘en-US.UTF-8’ id=‘48D5D924CBD’ from=‘pasternak.pst’ version=‘1.0’>
stream:featuresPLAINUSER_DEFINED_MECHANISM</stream:features>
Here is output:
java.net.SocketException: Connection reset
at java.net.SocketInputStream.read(Unknown Source)
at java.net.SocketInputStream.read(Unknown Source)
at sun.security.ssl.InputRecord.readFully(Unknown Source)
at sun.security.ssl.InputRecord.read(Unknown Source)
at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
at sun.security.ssl.SSLSocketImpl.waitForClose(Unknown Source)
at sun.security.ssl.HandshakeOutStream.flush(Unknown Source)
at sun.security.ssl.Handshaker.kickstart(Unknown Source)
at sun.security.ssl.SSLSocketImpl.kickstartHandshake(Unknown Source)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source
)
at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at org.jivesoftware.smack.XMPPConnection.proceedTLSReceived(XMPPConnecti
on.java:806)
at org.jivesoftware.smack.PacketReader.parsePackets(PacketReader.java:26
at org.jivesoftware.smack.PacketReader.access$000(PacketReader.java:43)
at org.jivesoftware.smack.PacketReader$1.run(PacketReader.java:70)
connection.login() Exception
No response from the server.:
I have reproduced it on my maching by manuall blocking remote port 53 (DNS).
After few days of investigation I have found following issue SMACK-344.
org.jivesoftware.smack.SASLAuthentication - currentMechanism.authenticate(username,connection.getServiceName(), password);
That’s why I thought that by switching from smack-3.1.0 which is used in our application, to smack-3.2.2 - problem will be solved. But, I’m still experiencing this issue in my test app.
Basically, my question is: is there any way to avoid DNS reverse lookup during XMPPConnection.login()?
Any other hint is also appreciated.
Regards,
Nebojsa