powered by Jive Software

Can't connect Xabber with OpenFire

Hello.
I have clear install OpenFire 4.1.6 (x64).
I publish port 5222, 5269 on my firewall’s WAN interface and trying to connect any external XMPP client with server.

  • any desktop xmpp clients are work fine from Internet (I try Psi, Pidgin, Miranda and Spark)
  • mobile xmpp-clients - not so good. I fine some mobile cliemts which are working, but i still can’t force to work my favorite app - Xabber. It’s just not connecting to server.

I try to debug connection and see the next:
part of Xabber debug Log (i cahnge real JID to “testuser@mydomain” and my real domain name to “mydomain” for security reasons, sorry)


2017-10-19_13-14-59 E/ConnectionThread: testuser@mydomain/Xabber_ddd﹕ org.jivesoftware.smack.SmackException$NoResponseException: No response received within reply timeout. Timeout was 30000ms (~30s). While waiting for establishing TLS
2017-10-19_13-14-59 E/ConnectionThread: testuser@mydomain/Xabber_ddd﹕ org.jivesoftware.smack.SynchronizationPoint.checkForResponse(Unknown Source)
2017-10-19_13-14-59 E/ConnectionThread: testuser@mydomain/Xabber_ddd﹕ org.jivesoftware.smack.SynchronizationPoint.checkIfSuccessOrWait(Unknown Source)
2017-10-19_13-14-59 E/ConnectionThread: testuser@mydomain/Xabber_ddd﹕ org.jivesoftware.smack.SynchronizationPoint.checkIfSuccessOrWaitOrThrow(Unknown Source)
2017-10-19_13-14-59 E/ConnectionThread: testuser@mydomain/Xabber_ddd﹕ org.jivesoftware.smack.AbstractXMPPConnection.connect(Unknown Source)
2017-10-19_13-14-59 E/ConnectionThread: testuser@mydomain/Xabber_ddd﹕ com.xabber.android.data.connection.ConnectionThread.connectAndLogin(Unknown Source)
2017-10-19_13-14-59 E/ConnectionThread: testuser@mydomain/Xabber_ddd﹕ com.xabber.android.data.connection.ConnectionThread$1.run(Unknown Source)
2017-10-19_13-14-59 E/ConnectionThread: testuser@mydomain/Xabber_ddd﹕ java.lang.Thread.run(Thread.java:818)
2017-10-19_13-14-59 D/ConnectionThread: testuser@mydomain/Xabber_ddd﹕ There was no successful connection, disabling account
2017-10-19_13-14-59 D/org.jivesoftware.smack.tcp.XMPPTCPConnection﹕ PacketWriter has been shut down
2017-10-19_13-14-59 D/org.jivesoftware.smack.tcp.XMPPTCPConnection﹕ PacketReader shutdown()
2017-10-19_13-14-59 D/org.jivesoftware.smack.tcp.XMPPTCPConnection﹕ PacketReader has been shut down
2017-10-19_13-14-59 W/org.jivesoftware.smack.AbstractXMPPConnection: Connection XMPPTCPConnection[not-authenticated] (2) closed with error
2017-10-19_13-14-59 W/org.jivesoftware.smack.AbstractXMPPConnection: javax.net.ssl.SSLProtocolException: Read error: ssl=0x7f72591b80: Failure in SSL library, usually a protocol error
error:0c0890ba:ASN.1 encoding routines:asn1_check_tlen:WRONG_TAG (external/boringssl/src/crypto/asn1/tasn_dec.c:1313 0x7f863c60f8:0x00000000)
error:0c09309d:ASN.1 encoding routines:asn1_template_ex_d2i:NESTED_ASN1_ERROR (external/boringssl/src/crypto/asn1/tasn_dec.c:572 0x7f7177ee00:0x00000001)
error:0c09409d:ASN.1 encoding routines:asn1_template_noexp_d2i:NESTED_ASN1_ERROR (external/boringssl/src/crypto/asn1/tasn_dec.c:735 0x7f863c60f8:0x00000000)
error:0c07909d:ASN.1 encoding routines:ASN1_item_ex_d2i:NESTED_ASN1_ERROR (external/boringssl/src/crypto/asn1/tasn_dec.c:343 0x7f71dec260:0x00000001)
error:0c09409d:ASN.1 encoding routines:asn1_template_noexp_d2i:NESTED_ASN1_ERROR (external/boringssl/src/crypto/asn1/tasn_dec.c:711 0x7f863c60f8:0x00000000)
at com.android.org.conscrypt.NativeCrypto.SSL_read(Native Method)
at com.android.org.conscrypt.OpenSSLSocketImpl$SSLInputStream.read(OpenSSLSocketImpl.java:720)
at java.io.InputStreamReader.read(InputStreamReader.java:233)
at java.io.BufferedReader.read(BufferedReader.java:325)
at org.jivesoftware.smack.util.ObservableReader.read(Unknown Source)
at org.kxml2.io.KXmlParser.fillBuffer(KXmlParser.java:1515)
at org.kxml2.io.KXmlParser.peekType(KXmlParser.java:992)
at org.kxml2.io.KXmlParser.next(KXmlParser.java:349)
at org.kxml2.io.KXmlParser.next(KXmlParser.java:313)
at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader.parsePackets(Unknown Source)
at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader.access$300(Unknown Source)
at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader$1.run(Unknown Source)
at java.lang.Thread.run(Thread.java:818)


and at Openfire’s side i see the next (don’t pay your attention to time, it’s not the same connection, but one of the many exactly the same)


2017.10.19 13:50:02 org.apache.mina.filter.executor.OrderedThreadPoolExecutor - Adding event SESSION_OPENED to session 119
Queue : [SESSION_OPENED, ]

2017.10.19 13:50:02 org.apache.mina.filter.executor.OrderedThreadPoolExecutor - Adding event MESSAGE_RECEIVED to session 119
Queue : [MESSAGE_RECEIVED, ]

2017.10.19 13:50:02 org.apache.mina.filter.codec.ProtocolCodecFilter - Processing a MESSAGE_RECEIVED for session 119
2017.10.19 13:50:02 org.apache.mina.filter.executor.OrderedThreadPoolExecutor - Adding event MESSAGE_SENT to session 119
Queue : [MESSAGE_SENT, ]

2017.10.19 13:50:02 org.jivesoftware.openfire.net.SASLAuthentication - Cannot support ‘ANONYMOUS’ as it has been disabled by configuration.
2017.10.19 13:50:02 org.jivesoftware.openfire.net.SASLAuthentication - Cannot support ‘SCRAM-SHA-1’ as the AuthFactory that’s in used does not support password retrieval nor SCRAM.
2017.10.19 13:50:02 org.jivesoftware.openfire.net.SASLAuthentication - Cannot support ‘GSSAPI’ as the ‘sasl.gssapi.config’ property has not been defined.
2017.10.19 13:50:02 org.jivesoftware.openfire.net.SASLAuthentication - Cannot support ‘CRAM-MD5’ as the AuthFactory that’s in used does not support password retrieval.
2017.10.19 13:50:02 org.jivesoftware.openfire.net.SASLAuthentication - Cannot support ‘DIGEST-MD5’ as the AuthFactory that’s in used does not support password retrieval.
2017.10.19 13:50:02 org.jivesoftware.openfire.net.SASLAuthentication - Cannot support ‘JIVE-SHAREDSECRET’ as it has been disabled by configuration.
2017.10.19 13:50:02 org.apache.mina.filter.executor.OrderedThreadPoolExecutor - Adding event MESSAGE_SENT to session 119
Queue : [MESSAGE_SENT, , MESSAGE_SENT, ]

2017.10.19 13:50:02 org.apache.mina.filter.executor.OrderedThreadPoolExecutor - Adding event MESSAGE_RECEIVED to session 119
Queue : [MESSAGE_RECEIVED, ]

2017.10.19 13:50:02 org.apache.mina.filter.codec.ProtocolCodecFilter - Processing a MESSAGE_RECEIVED for session 119
2017.10.19 13:50:02 org.jivesoftware.openfire.keystore.OpenfireX509TrustManager - Constructed trust manager. Number of trusted issuers: 173, accepts self-signed: false, checks validity: true
2017.10.19 13:50:02 org.jivesoftware.openfire.keystore.OpenfireX509TrustManager - Constructed trust manager. Number of trusted issuers: 173, accepts self-signed: false, checks validity: true
2017.10.19 13:50:02 org.apache.mina.filter.ssl.SslFilter - Adding the SSL Filter tls to the chain
2017.10.19 13:50:02 org.apache.mina.filter.ssl.SslHandler - Session Server[119](no sslEngine) Initializing the SSL Handler
2017.10.19 13:50:02 org.apache.mina.filter.ssl.SslHandler - Session Server[119](no sslEngine) SSL Handler Initialization done.
2017.10.19 13:50:02 org.apache.mina.filter.ssl.SslFilter - Session Server119 : Starting the first handshake
2017.10.19 13:50:02 org.apache.mina.filter.ssl.SslHandler - Session Server119 processing the NEED_UNWRAP state
2017.10.19 13:50:02 org.apache.mina.filter.ssl.SslFilter - Session Server119: Writing Message : WriteRequest: HeapBuffer[pos=0 lim=50 cap=64: 3C 70 72 6F 63 65 65 64 20 78 6D 6C 6E 73 3D 22…]
2017.10.19 13:50:02 org.apache.mina.filter.ssl.SslFilter - Session Server119: Message received : HeapBuffer[pos=0 lim=198 cap=1024: 16 03 01 00 C1 01 00 00 BD 03 03 BD F7 BE B1 3C…]
2017.10.19 13:50:02 org.apache.mina.filter.ssl.SslHandler - Session Server119 Processing the received message
2017.10.19 13:50:02 org.apache.mina.filter.ssl.SslHandler - Session Server119 processing the NEED_UNWRAP state
2017.10.19 13:50:02 org.apache.mina.filter.ssl.SslHandler - Session Server119 processing the NEED_TASK state
2017.10.19 13:50:02 org.apache.mina.filter.ssl.SslHandler - Session Server119 processing the NEED_WRAP state
2017.10.19 13:50:02 org.apache.mina.filter.ssl.SslFilter - Session Server119: Writing Message : WriteRequest: HeapBuffer[pos=0 lim=16389 cap=16921: 16 03 03 40 00 02 00 00 4D 03 03 59 E8 83 5A 30…]
2017.10.19 13:50:02 org.apache.mina.filter.ssl.SslHandler - Session Server119 processing the NEED_WRAP state
2017.10.19 13:50:02 org.apache.mina.filter.ssl.SslFilter - Session Server119: Writing Message : WriteRequest: HeapBuffer[pos=0 lim=4004 cap=4230: 16 03 03 0F 9F 30 26 06 03 55 04 03 0C 1F 45 2D…]
2017.10.19 13:50:02 org.apache.mina.filter.ssl.SslHandler - Session Server119 processing the NEED_UNWRAP state
2017.10.19 13:50:02 org.apache.mina.filter.ssl.SslHandler - Session Server119 processing the NEED_UNWRAP state
2017.10.19 13:50:02 org.apache.mina.filter.ssl.SslFilter - Session Server119: Processing the SSL Data
2017.10.19 13:50:03 org.apache.mina.filter.ssl.SslFilter - Session Server119: Message received : HeapBuffer[pos=0 lim=138 cap=1024: 16 03 03 00 07 0B 00 00 03 00 00 00 16 03 03 00…]
2017.10.19 13:50:03 org.apache.mina.filter.ssl.SslHandler - Session Server119 Processing the received message
2017.10.19 13:50:03 org.apache.mina.filter.ssl.SslHandler - Session Server119 processing the NEED_UNWRAP state
2017.10.19 13:50:03 org.apache.mina.filter.ssl.SslHandler - Session Server119 processing the NEED_TASK state
2017.10.19 13:50:03 org.apache.mina.filter.ssl.SslHandler - Session Server119 processing the NEED_UNWRAP state
2017.10.19 13:50:03 org.apache.mina.filter.ssl.SslHandler - Session Server119 processing the NEED_TASK state
2017.10.19 13:50:03 org.apache.mina.filter.ssl.SslHandler - Session Server119 processing the NEED_UNWRAP state
2017.10.19 13:50:03 org.apache.mina.filter.ssl.SslHandler - Session Server119 processing the NEED_WRAP state
2017.10.19 13:50:03 org.apache.mina.filter.ssl.SslFilter - Session Server119: Writing Message : WriteRequest: HeapBuffer[pos=0 lim=6 cap=8: 14 03 03 00 01 01]
2017.10.19 13:50:03 org.apache.mina.filter.ssl.SslHandler - Session Server119 processing the NEED_WRAP state
2017.10.19 13:50:03 org.apache.mina.filter.ssl.SslFilter - Session Server119: Writing Message : WriteRequest: HeapBuffer[pos=0 lim=45 cap=66: 16 03 03 00 28 00 00 00 00 00 00 00 00 84 49 4D…]
2017.10.19 13:50:03 org.apache.mina.filter.ssl.SslHandler - Session Server119 processing the FINISHED state
2017.10.19 13:50:03 org.apache.mina.filter.ssl.SslHandler - Session Server119 is now secured
2017.10.19 13:50:03 org.apache.mina.filter.ssl.SslHandler - Session Server119 processing the FINISHED state
2017.10.19 13:50:03 org.apache.mina.filter.ssl.SslHandler - Session Server119 is now secured
2017.10.19 13:50:03 org.apache.mina.filter.ssl.SslFilter - Session Server119: Processing the SSL Data
2017.10.19 13:50:03 org.apache.mina.filter.ssl.SslFilter - Session Server119: Message received : HeapBuffer[pos=0 lim=206 cap=512: 17 03 03 00 C9 00 00 00 00 00 00 00 01 08 54 C6…]
2017.10.19 13:50:03 org.apache.mina.filter.ssl.SslHandler - Session Server119 Processing the received message
2017.10.19 13:50:03 org.apache.mina.filter.ssl.SslFilter - Session Server119: Processing the SSL Data
2017.10.19 13:50:03 org.apache.mina.filter.executor.OrderedThreadPoolExecutor - Adding event MESSAGE_RECEIVED to session 119
Queue : [MESSAGE_RECEIVED, ]

2017.10.19 13:50:03 org.apache.mina.filter.codec.ProtocolCodecFilter - Processing a MESSAGE_RECEIVED for session 119
2017.10.19 13:50:03 org.jivesoftware.openfire.net.SASLAuthentication - Cannot support ‘ANONYMOUS’ as it has been disabled by configuration.
2017.10.19 13:50:03 org.jivesoftware.openfire.net.SASLAuthentication - Cannot support ‘SCRAM-SHA-1’ as the AuthFactory that’s in used does not support password retrieval nor SCRAM.
2017.10.19 13:50:03 org.jivesoftware.openfire.net.SASLAuthentication - Cannot support ‘GSSAPI’ as the ‘sasl.gssapi.config’ property has not been defined.
2017.10.19 13:50:03 org.jivesoftware.openfire.net.SASLAuthentication - Cannot support ‘CRAM-MD5’ as the AuthFactory that’s in used does not support password retrieval.
2017.10.19 13:50:03 org.jivesoftware.openfire.net.SASLAuthentication - Cannot support ‘DIGEST-MD5’ as the AuthFactory that’s in used does not support password retrieval.
2017.10.19 13:50:03 org.jivesoftware.openfire.net.SASLAuthentication - Cannot support ‘JIVE-SHAREDSECRET’ as it has been disabled by configuration.
2017.10.19 13:50:03 org.jivesoftware.openfire.nio.NIOConnection - Peer does not offer certificates in session: org.jivesoftware.openfire.session.LocalClientSession@45c8b6f0 status: 1 address: mydomain/aog4yghpuy id: aog4yghpuy presence:

javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
at sun.security.ssl.SSLSessionImpl.getPeerCertificates(Unknown Source)
at org.jivesoftware.openfire.nio.NIOConnection.getPeerCertificates(NIOConnection.java:201)
at org.jivesoftware.openfire.net.SASLAuthentication.getSASLMechanismsElement(SASLAuthentication.java:206)
at org.jivesoftware.openfire.net.SASLAuthentication.getSASLMechanisms(SASLAuthentication.java:182)
at org.jivesoftware.openfire.net.StanzaHandler.tlsNegotiated(StanzaHandler.java:439)
at org.jivesoftware.openfire.net.StanzaHandler.process(StanzaHandler.java:137)
at org.jivesoftware.openfire.nio.ConnectionHandler.messageReceived(ConnectionHandler.java:181)
at org.apache.mina.core.filterchain.DefaultIoFilterChain$TailFilter.messageReceived(DefaultIoFilterChain.java:690)
at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:417)
at org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1200(DefaultIoFilterChain.java:47)
at org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:765)
at org.apache.mina.core.filterchain.IoFilterAdapter.messageReceived(IoFilterAdapter.java:109)
at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:417)
at org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1200(DefaultIoFilterChain.java:47)
at org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:765)
at org.apache.mina.filter.codec.ProtocolCodecFilter$ProtocolDecoderOutputImpl.flush(ProtocolCodecFilter.java:407)
at org.apache.mina.filter.codec.ProtocolCodecFilter.messageReceived(ProtocolCodecFilter.java:236)
at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:417)
at org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1200(DefaultIoFilterChain.java:47)
at org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:765)
at org.apache.mina.core.filterchain.IoFilterEvent.fire(IoFilterEvent.java:74)
at org.apache.mina.core.session.IoEvent.run(IoEvent.java:63)
at org.apache.mina.filter.executor.OrderedThreadPoolExecutor$Worker.runTask(OrderedThreadPoolExecutor.java:769)
at org.apache.mina.filter.executor.OrderedThreadPoolExecutor$Worker.runTasks(OrderedThreadPoolExecutor.java:761)
at org.apache.mina.filter.executor.OrderedThreadPoolExecutor$Worker.run(OrderedThreadPoolExecutor.java:703)
at java.lang.Thread.run(Unknown Source)
2017.10.19 13:50:03 org.apache.mina.filter.ssl.SslFilter - Session Server119: Writing Message : WriteRequest: HeapBuffer[pos=0 lim=415 cap=512: 3C 3F 78 6D 6C 20 76 65 72 73 69 6F 6E 3D 27 31…]
2017.10.19 13:50:03 org.apache.mina.filter.executor.OrderedThreadPoolExecutor - Adding event MESSAGE_SENT to session 119
Queue : [MESSAGE_SENT, ]

2017.10.19 13:50:32 org.apache.mina.filter.ssl.SslFilter - Session Server119: Message received : HeapBuffer[pos=0 lim=31 cap=512: 15 03 03 00 1A 00 00 00 00 00 00 00 02 7E A7 73…]
2017.10.19 13:50:32 org.apache.mina.filter.ssl.SslHandler - Session Server119 Processing the received message
2017.10.19 13:50:32 org.apache.mina.filter.ssl.SslFilter - Session Server119: Processing the SSL Data
2017.10.19 13:50:32 org.apache.mina.filter.ssl.SslFilter - Session Server[119]: Writing Message : WriteRequest: HeapBuffer[pos=0 lim=31 cap=33: 15 03 03 00 1A 00 00 00 00 00 00 00 02 3C B9 DB…]
2017.10.19 13:50:32 org.apache.mina.filter.executor.OrderedThreadPoolExecutor - Adding event EXCEPTION_CAUGHT to session 119
Queue : [EXCEPTION_CAUGHT, ]

2017.10.19 13:50:32 org.apache.mina.filter.executor.OrderedThreadPoolExecutor - Adding event SESSION_CLOSED to session 119
Queue : [EXCEPTION_CAUGHT, , SESSION_CLOSED, ]


I see error with establishing TLS-connection, but i can;t understand what the problem.
When i disable “secure connection” on Openfire side - Xabber works fine
When i enable “secure connection” on Openfire side - Xabber can’t connect, but other mobile XMPP clients are working (not ALL CLIENTS, but some of ).

Openfire use selfsigned sertificate, if it matters.
And i try to use “old style SSL” with port 5223 - xabber still not working although with a some different error.