Cannot connect using SSL/TLS

Openfire Openfire Support
1

I am using Wildfire 3.1.1 w/ spark 2.4.1 or 2.0.8.

I can access the admin web page fine using SSL on port 9091.

I can connect w/ my client on port 5222

I get the following errors when I try to connect my spark client on port 5223:

client error:

javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection?

at com.sun.net.ssl.internal.ssl.InputRecord.handleUnknownRecord(Unknown Source)

at com.sun.net.ssl.internal.ssl.InputRecord.read(Unknown Source)

at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown Source)

at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)

at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readDataRecord(Unknown Source)

at com.sun.net.ssl.internal.ssl.AppInputStream.read(Unknown Source)

at sun.nio.cs.StreamDecoder.readBytes(Unknown Source)

at sun.nio.cs.StreamDecoder.implRead(Unknown Source)

at sun.nio.cs.StreamDecoder.read(Unknown Source)

at java.io.InputStreamReader.read(Unknown Source)

at java.io.BufferedReader.read1(Unknown Source)

at java.io.BufferedReader.read(Unknown Source)

at org.jivesoftware.smack.util.ObservableReader.read(ObservableReader.java:42)

at org.xmlpull.mxp1.MXParser.fillBuf(MXParser.java:2971)

at org.xmlpull.mxp1.MXParser.more(MXParser.java:3025)

at org.xmlpull.mxp1.MXParser.parseProlog(MXParser.java:1410)

at org.xmlpull.mxp1.MXParser.nextImpl(MXParser.java:1395)

at org.xmlpull.mxp1.MXParser.next(MXParser.java:1093)

at org.jivesoftware.smack.PacketReader.parsePackets(PacketReader.java:398)

at org.jivesoftware.smack.PacketReader.access$000(PacketReader.java:45)

at org.jivesoftware.smack.PacketReader$1.run(PacketReader.java:77)

server debug error:

2007.02.02 15:14:04 SSL Connect b5c292[SSL_NULL_WITH_NULL_NULL: Socket[addr=/[edited machine IP addresss],port=1264,localport=5223]]

2007.02.02 15:14:04 Error creating session

javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection?

at com.sun.net.ssl.internal.ssl.InputRecord.handleUnknownRecord(Unknown Source)

at com.sun.net.ssl.internal.ssl.InputRecord.read(Unknown Source)

at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown Source)

at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)

at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readDataRecord(Unknown Source)

at com.sun.net.ssl.internal.ssl.AppInputStream.read(Unknown Source)

at org.jivesoftware.wildfire.net.ServerTrafficCounter$InputStreamWrapper.read(Serv erTrafficCounter.java:183)

at sun.nio.cs.StreamDecoder$CharsetSD.readBytes(Unknown Source)

at sun.nio.cs.StreamDecoder$CharsetSD.implRead(Unknown Source)

at sun.nio.cs.StreamDecoder.read(Unknown Source)

at java.io.InputStreamReader.read(Unknown Source)

at org.xmlpull.mxp1.MXParser.fillBuf(MXParser.java:2992)

at org.xmlpull.mxp1.MXParser.more(MXParser.java:3046)

at org.xmlpull.mxp1.MXParser.parseProlog(MXParser.java:1410)

at org.jivesoftware.wildfire.net.MXParser.nextImpl(MXParser.java:331)

at org.xmlpull.mxp1.MXParser.next(MXParser.java:1093)

at org.jivesoftware.wildfire.net.SocketReader.createSession(SocketReader.java:435)

at org.jivesoftware.wildfire.net.BlockingReadingMode.run(BlockingReadingMode.java: 53)

at org.jivesoftware.wildfire.net.SocketReader.run(SocketReader.java:123)

at java.lang.Thread.run(Unknown Source)

2007.02.02 15:14:04 Connection closed before session established

I’‘ve read through the forums, but I cannot find a solution to this issue. I’'m also using ldap authentication. When I cannot using port 5223 it throws up a username or password not valid error, but I can connect fine on port 5222.

Any ideas?

2

Hi,

Spark does not support SSL (port 5223) any more.

Use port 5222 (TLS or plaintext), you can configure Wildfire to require TLS.

LG

3

Thanks for the reply, but I’'m still a bit unclear…

In the server admin console it states:

2: IP:Port, Security: IPADDRESS:5223, TLS (SSL)

How can I tell if a client is connected via TLS if it is on port 5222?

4

In the admin console, go to the “Security Settings” page. You can select “Required” for clients, meaning clients are not allowed to connect without either SSL or TLS.

5

shamploo wrote:

How can I tell if a client is connected via TLS if it is on port 5222?

There’'s a small lock next to people using encryption on the user sessions page.

6

Hi,

IP:Port, Security: 127.0.0.1:5222, NORMAL

is a display bug of Wildfire 3.1.1.

Wildfire 3.2 displays:

5222 Client to Server The standard port for clients to connect to the server. Connections may or may not be encrypted. You can update the security settings for this port.

5223 Client to Server The port used for clients to connect to the server using the old SSL method. The old SSL method is not an XMPP standard method and will be deprecated in the future. You can update the security settings for this port.

As Alumno said, the locked lock tells you that the connection is secure.

LG

7

How do you disable TLS in Spark? I don’‘t want the extra overhead of TLS for in-house people…i only require it for our remote users. In pandion i just set it in the brand.xml file, but i’'m planning to switch to Spark soon.

Thanks,

Josh

8

Anyone?

9

Hi Josh,

Spark has no option to require or to disable TLS.

LG

PS: If you have other new questions please open a new thread. If they are related to Spark like this one then the Spark forum is the much better place to post.