Can't send messages to other servers

I am trying to debug an issue where i can’t talk to users on other servers. Whatever i try, i always get this:

2022.11.02 21:28:40 WARN [pool-5-thread-1]: org.jivesoftware.openfire.session.LocalOutgoingServerSession[Create outgoing session for: {home.hacker3000.cf -> xmpp.jp}] - An exception occurred while creating an encrypted session. Closing connection.
java.io.EOFException: input contained no data
    at org.xmlpull.mxp1.MXParser.fillBuf(MXParser.java:3003) ~[xpp3-1.1.4c.jar:?]
    at org.xmlpull.mxp1.MXParser.more(MXParser.java:3046) ~[xpp3-1.1.4c.jar:?]
    at org.jivesoftware.openfire.net.MXParser.more(MXParser.java:372) ~[xmppserver-4.7.3.jar:4.7.3]
    at org.xmlpull.mxp1.MXParser.parseProlog(MXParser.java:1410) ~[xpp3-1.1.4c.jar:?]
    at org.jivesoftware.openfire.net.MXParser.nextImpl(MXParser.java:337) ~[xmppserver-4.7.3.jar:4.7.3]
    at org.xmlpull.mxp1.MXParser.next(MXParser.java:1093) ~[xpp3-1.1.4c.jar:?]
    at org.jivesoftware.openfire.session.LocalOutgoingServerSession.secureAndAuthenticate(LocalOutgoingServerSession.java:489) ~[xmppserver-4.7.3.jar:4.7.3]
    at org.jivesoftware.openfire.session.LocalOutgoingServerSession.createOutgoingSession(LocalOutgoingServerSession.java:356) [xmppserver-4.7.3.jar:4.7.3]
    at org.jivesoftware.openfire.session.LocalOutgoingServerSession.authenticateDomain(LocalOutgoingServerSession.java:212) [xmppserver-4.7.3.jar:4.7.3]
    at org.jivesoftware.openfire.server.OutgoingSessionPromise$PacketsProcessor.establishConnection(OutgoingSessionPromise.java:296) [xmppserver-4.7.3.jar:4.7.3]
    at org.jivesoftware.openfire.server.OutgoingSessionPromise$PacketsProcessor.run(OutgoingSessionPromise.java:252) [xmppserver-4.7.3.jar:4.7.3]
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) [?:1.8.0_332]
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) [?:1.8.0_332]
    at java.lang.Thread.run(Thread.java:750) [?:1.8.0_332]
2022.11.02 21:28:40 INFO [pool-5-thread-1]: org.jivesoftware.util.cache.CacheFactory - Created cache [org.jivesoftware.util.cache.DefaultLocalCacheStrategy] for Secret Keys Cache
2022.11.02 21:29:11 WARN [pool-5-thread-1]: org.jivesoftware.openfire.server.ServerDialback[Acting as Originating Server: Authenticate domain: home.hacker3000.cf with a RS in the domain of: xmpp.jp (id: 6931467984129225658)] - Ignoring unexpected answer while waiting for dialback validation: <stream:error xmlns:stream="http://etherx.jabber.org/streams"><connection-timeout xmlns="urn:ietf:params:xml:ns:xmpp-streams"></connection-timeout><text xmlns="urn:ietf:params:xml:ns:xmpp-streams" xml:lang="en">Idle connection</text></stream:error>
2022.11.02 21:29:11 WARN [Server SR - 1703343968]: org.jivesoftware.openfire.net.BlockingReadingMode - Stream error detected. Session: LocalIncomingServerSession{address=home.hacker3000.cf/4m175esc31, streamID=4m175esc31, status=1 (connected), isSecure=true, isDetached=false, isUsingServerDialback=true, localDomain=home.hacker3000.cf, defaultIdentity=xmpp.jp, validatedDomains={}}
javax.net.ssl.SSLException: Tag mismatch!
    at sun.security.ssl.Alert.createSSLException(Alert.java:133) ~[?:1.8.0_332]
    at sun.security.ssl.TransportContext.fatal(TransportContext.java:324) ~[?:1.8.0_332]
    at sun.security.ssl.TransportContext.fatal(TransportContext.java:267) ~[?:1.8.0_332]
    at sun.security.ssl.TransportContext.fatal(TransportContext.java:262) ~[?:1.8.0_332]
    at sun.security.ssl.SSLTransport.decode(SSLTransport.java:119) ~[?:1.8.0_332]
    at sun.security.ssl.SSLEngineImpl.decode(SSLEngineImpl.java:588) ~[?:1.8.0_332]
    at sun.security.ssl.SSLEngineImpl.readRecord(SSLEngineImpl.java:544) ~[?:1.8.0_332]
    at sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:411) ~[?:1.8.0_332]
    at sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:390) ~[?:1.8.0_332]
    at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:626) ~[?:1.8.0_332]
    at org.jivesoftware.openfire.net.TLSWrapper.unwrap(TLSWrapper.java:154) ~[xmppserver-4.7.3.jar:4.7.3]
    at org.jivesoftware.openfire.net.TLSStreamReader.decrypt(TLSStreamReader.java:117) ~[xmppserver-4.7.3.jar:4.7.3]
    at org.jivesoftware.openfire.net.TLSStreamReader.doRead(TLSStreamReader.java:80) ~[xmppserver-4.7.3.jar:4.7.3]
    at org.jivesoftware.openfire.net.TLSStreamReader.access$000(TLSStreamReader.java:32) ~[xmppserver-4.7.3.jar:4.7.3]
    at org.jivesoftware.openfire.net.TLSStreamReader$1.read(TLSStreamReader.java:167) ~[xmppserver-4.7.3.jar:4.7.3]
    at sun.nio.cs.StreamDecoder.readBytes(StreamDecoder.java:284) ~[?:1.8.0_332]
    at sun.nio.cs.StreamDecoder.implRead(StreamDecoder.java:326) ~[?:1.8.0_332]
    at sun.nio.cs.StreamDecoder.read(StreamDecoder.java:178) ~[?:1.8.0_332]
    at java.io.InputStreamReader.read(InputStreamReader.java:184) ~[?:1.8.0_332]
    at org.xmlpull.mxp1.MXParser.fillBuf(MXParser.java:2992) ~[xpp3-1.1.4c.jar:?]
    at org.xmlpull.mxp1.MXParser.more(MXParser.java:3046) ~[xpp3-1.1.4c.jar:?]
    at org.jivesoftware.openfire.net.MXParser.more(MXParser.java:372) ~[xmppserver-4.7.3.jar:4.7.3]
    at org.xmlpull.mxp1.MXParser.parseProlog(MXParser.java:1410) ~[xpp3-1.1.4c.jar:?]
    at org.jivesoftware.openfire.net.MXParser.nextImpl(MXParser.java:337) ~[xmppserver-4.7.3.jar:4.7.3]
    at org.xmlpull.mxp1.MXParser.next(MXParser.java:1093) ~[xpp3-1.1.4c.jar:?]
    at org.jivesoftware.openfire.net.BlockingReadingMode.tlsNegotiated(BlockingReadingMode.java:201) ~[xmppserver-4.7.3.jar:4.7.3]
    at org.jivesoftware.openfire.net.BlockingReadingMode.readStream(BlockingReadingMode.java:145) ~[xmppserver-4.7.3.jar:4.7.3]
    at org.jivesoftware.openfire.net.BlockingReadingMode.run(BlockingReadingMode.java:81) [xmppserver-4.7.3.jar:4.7.3]
    at org.jivesoftware.openfire.net.SocketReader.run(SocketReader.java:150) [xmppserver-4.7.3.jar:4.7.3]
    at java.lang.Thread.run(Thread.java:750) [?:1.8.0_332]
Caused by: javax.crypto.AEADBadTagException: Tag mismatch!
    at com.sun.crypto.provider.GaloisCounterMode.decryptFinal(GaloisCounterMode.java:620) ~[sunjce_provider.jar:1.8.0_332]
    at com.sun.crypto.provider.CipherCore.finalNoPadding(CipherCore.java:1116) ~[sunjce_provider.jar:1.8.0_332]
    at com.sun.crypto.provider.CipherCore.fillOutputBuffer(CipherCore.java:1053) ~[sunjce_provider.jar:1.8.0_332]
    at com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:941) ~[sunjce_provider.jar:1.8.0_332]
    at com.sun.crypto.provider.AESCipher.engineDoFinal(AESCipher.java:491) ~[sunjce_provider.jar:1.8.0_332]
    at javax.crypto.CipherSpi.bufferCrypt(CipherSpi.java:779) ~[?:1.8.0_332]
    at javax.crypto.CipherSpi.engineDoFinal(CipherSpi.java:730) ~[?:1.8.0_332]
    at javax.crypto.Cipher.doFinal(Cipher.java:2463) ~[?:1.8.0_332]
    at sun.security.ssl.SSLCipher$T13GcmReadCipherGenerator$GcmReadCipher.decrypt(SSLCipher.java:1880) ~[?:1.8.0_332]
    at sun.security.ssl.SSLEngineInputRecord.decodeInputRecord(SSLEngineInputRecord.java:240) ~[?:1.8.0_332]
    at sun.security.ssl.SSLEngineInputRecord.decode(SSLEngineInputRecord.java:197) ~[?:1.8.0_332]
    at sun.security.ssl.SSLEngineInputRecord.decode(SSLEngineInputRecord.java:160) ~[?:1.8.0_332]
    at sun.security.ssl.SSLTransport.decode(SSLTransport.java:109) ~[?:1.8.0_332]
    ... 25 more
2022.11.02 21:31:11 WARN [pool-5-thread-1]: org.jivesoftware.openfire.server.ServerDialback[Acting as Originating Server: Create Outgoing Session from: home.hacker3000.cf to a RS in the domain of: xmpp.jp (port: 5269)] - Unable to create a new outgoing session
2022.11.02 21:31:11 WARN [pool-5-thread-1]: org.jivesoftware.openfire.session.LocalOutgoingServerSession[Create outgoing session for: {home.hacker3000.cf -> xmpp.jp}] - Unable to create a new session: Dialback (as a fallback) failed.
2022.11.02 21:31:11 WARN [pool-5-thread-1]: org.jivesoftware.openfire.session.LocalOutgoingServerSession[Authenticate local domain: 'home.hacker3000.cf' to remote domain: 'xmpp.jp'] - Unable to authenticate: Fail to create new session.
2022.11.02 21:31:11 WARN [pool-5-thread-1]: org.jivesoftware.openfire.server.OutgoingSessionPromise$PacketsProcessor - An exception occurred while trying to establish a connection for {home.hacker3000.cf -> xmpp.jp}
java.lang.Exception: Failed to create connection to remote server
    at org.jivesoftware.openfire.server.OutgoingSessionPromise$PacketsProcessor.establishConnection(OutgoingSessionPromise.java:309) ~[xmppserver-4.7.3.jar:4.7.3]
    at org.jivesoftware.openfire.server.OutgoingSessionPromise$PacketsProcessor.run(OutgoingSessionPromise.java:252) [xmppserver-4.7.3.jar:4.7.3]
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) [?:1.8.0_332]
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) [?:1.8.0_332] 

Version: Openfire 4.7.3
Java Version: 1.8.0_332 Oracle Corporation – OpenJDK 64-Bit Server VM
Appserver: jetty/9.4.43.v20210629

s2s settings1555×788 22.6 KB

Sending server to server ping request to xmpp.jp
An exception occurred while creating an encrypted session. Closing connection.
java.io.EOFException: input contained no data
	at org.xmlpull.mxp1.MXParser.fillBuf(MXParser.java:3003) ~[xpp3-1.1.4c.jar:?]
	at org.xmlpull.mxp1.MXParser.more(MXParser.java:3046) ~[xpp3-1.1.4c.jar:?]
	at org.jivesoftware.openfire.net.MXParser.more(MXParser.java:372) ~[xmppserver-4.7.3.jar:4.7.3]
	at org.xmlpull.mxp1.MXParser.parseProlog(MXParser.java:1410) ~[xpp3-1.1.4c.jar:?]
	at org.jivesoftware.openfire.net.MXParser.nextImpl(MXParser.java:337) ~[xmppserver-4.7.3.jar:4.7.3]
	at org.xmlpull.mxp1.MXParser.next(MXParser.java:1093) ~[xpp3-1.1.4c.jar:?]
	at org.jivesoftware.openfire.session.LocalOutgoingServerSession.secureAndAuthenticate(LocalOutgoingServerSession.java:489) ~[xmppserver-4.7.3.jar:4.7.3]
	at org.jivesoftware.openfire.session.LocalOutgoingServerSession.createOutgoingSession(LocalOutgoingServerSession.java:356) [xmppserver-4.7.3.jar:4.7.3]
	at org.jivesoftware.openfire.session.LocalOutgoingServerSession.authenticateDomain(LocalOutgoingServerSession.java:212) [xmppserver-4.7.3.jar:4.7.3]
	at org.jivesoftware.openfire.server.OutgoingSessionPromise$PacketsProcessor.establishConnection(OutgoingSessionPromise.java:296) [xmppserver-4.7.3.jar:4.7.3]
	at org.jivesoftware.openfire.server.OutgoingSessionPromise$PacketsProcessor.run(OutgoingSessionPromise.java:252) [xmppserver-4.7.3.jar:4.7.3]
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) [?:1.8.0_332]
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) [?:1.8.0_332]
	at java.lang.Thread.run(Thread.java:750) [?:1.8.0_332]
Ignoring unexpected answer while waiting for dialback validation: <stream:error xmlns:stream="http://etherx.jabber.org/streams"><connection-timeout xmlns="urn:ietf:params:xml:ns:xmpp-streams"></connection-timeout><text xmlns="urn:ietf:params:xml:ns:xmpp-streams" xml:lang="en">Idle connection</text></stream:error>
Stream error detected. Session: LocalIncomingServerSession{address=home.hacker3000.cf/6h4rw5wrxi, streamID=6h4rw5wrxi, status=1 (connected), isSecure=true, isDetached=false, isUsingServerDialback=true, localDomain=home.hacker3000.cf, defaultIdentity=xmpp.jp, validatedDomains={}}
javax.net.ssl.SSLException: Tag mismatch!
	at sun.security.ssl.Alert.createSSLException(Alert.java:133) ~[?:1.8.0_332]
	at sun.security.ssl.TransportContext.fatal(TransportContext.java:324) ~[?:1.8.0_332]
	at sun.security.ssl.TransportContext.fatal(TransportContext.java:267) ~[?:1.8.0_332]
	at sun.security.ssl.TransportContext.fatal(TransportContext.java:262) ~[?:1.8.0_332]
	at sun.security.ssl.SSLTransport.decode(SSLTransport.java:119) ~[?:1.8.0_332]
	at sun.security.ssl.SSLEngineImpl.decode(SSLEngineImpl.java:588) ~[?:1.8.0_332]
	at sun.security.ssl.SSLEngineImpl.readRecord(SSLEngineImpl.java:544) ~[?:1.8.0_332]
	at sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:411) ~[?:1.8.0_332]
	at sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:390) ~[?:1.8.0_332]
	at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:626) ~[?:1.8.0_332]
	at org.jivesoftware.openfire.net.TLSWrapper.unwrap(TLSWrapper.java:154) ~[xmppserver-4.7.3.jar:4.7.3]
	at org.jivesoftware.openfire.net.TLSStreamReader.decrypt(TLSStreamReader.java:117) ~[xmppserver-4.7.3.jar:4.7.3]
	at org.jivesoftware.openfire.net.TLSStreamReader.doRead(TLSStreamReader.java:80) ~[xmppserver-4.7.3.jar:4.7.3]
	at org.jivesoftware.openfire.net.TLSStreamReader.access$000(TLSStreamReader.java:32) ~[xmppserver-4.7.3.jar:4.7.3]
	at org.jivesoftware.openfire.net.TLSStreamReader$1.read(TLSStreamReader.java:167) ~[xmppserver-4.7.3.jar:4.7.3]
	at sun.nio.cs.StreamDecoder.readBytes(StreamDecoder.java:284) ~[?:1.8.0_332]
	at sun.nio.cs.StreamDecoder.implRead(StreamDecoder.java:326) ~[?:1.8.0_332]
	at sun.nio.cs.StreamDecoder.read(StreamDecoder.java:178) ~[?:1.8.0_332]
	at java.io.InputStreamReader.read(InputStreamReader.java:184) ~[?:1.8.0_332]
	at org.xmlpull.mxp1.MXParser.fillBuf(MXParser.java:2992) ~[xpp3-1.1.4c.jar:?]
	at org.xmlpull.mxp1.MXParser.more(MXParser.java:3046) ~[xpp3-1.1.4c.jar:?]
	at org.jivesoftware.openfire.net.MXParser.more(MXParser.java:372) ~[xmppserver-4.7.3.jar:4.7.3]
	at org.xmlpull.mxp1.MXParser.parseProlog(MXParser.java:1410) ~[xpp3-1.1.4c.jar:?]
	at org.jivesoftware.openfire.net.MXParser.nextImpl(MXParser.java:337) ~[xmppserver-4.7.3.jar:4.7.3]
	at org.xmlpull.mxp1.MXParser.next(MXParser.java:1093) ~[xpp3-1.1.4c.jar:?]
	at org.jivesoftware.openfire.net.BlockingReadingMode.tlsNegotiated(BlockingReadingMode.java:201) ~[xmppserver-4.7.3.jar:4.7.3]
	at org.jivesoftware.openfire.net.BlockingReadingMode.readStream(BlockingReadingMode.java:145) ~[xmppserver-4.7.3.jar:4.7.3]
	at org.jivesoftware.openfire.net.BlockingReadingMode.run(BlockingReadingMode.java:81) [xmppserver-4.7.3.jar:4.7.3]
	at org.jivesoftware.openfire.net.SocketReader.run(SocketReader.java:150) [xmppserver-4.7.3.jar:4.7.3]
	at java.lang.Thread.run(Thread.java:750) [?:1.8.0_332]
Caused by: javax.crypto.AEADBadTagException: Tag mismatch!
	at com.sun.crypto.provider.GaloisCounterMode.decryptFinal(GaloisCounterMode.java:620) ~[sunjce_provider.jar:1.8.0_332]
	at com.sun.crypto.provider.CipherCore.finalNoPadding(CipherCore.java:1116) ~[sunjce_provider.jar:1.8.0_332]
	at com.sun.crypto.provider.CipherCore.fillOutputBuffer(CipherCore.java:1053) ~[sunjce_provider.jar:1.8.0_332]
	at com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:941) ~[sunjce_provider.jar:1.8.0_332]
	at com.sun.crypto.provider.AESCipher.engineDoFinal(AESCipher.java:491) ~[sunjce_provider.jar:1.8.0_332]
	at javax.crypto.CipherSpi.bufferCrypt(CipherSpi.java:779) ~[?:1.8.0_332]
	at javax.crypto.CipherSpi.engineDoFinal(CipherSpi.java:730) ~[?:1.8.0_332]
	at javax.crypto.Cipher.doFinal(Cipher.java:2463) ~[?:1.8.0_332]
	at sun.security.ssl.SSLCipher$T13GcmReadCipherGenerator$GcmReadCipher.decrypt(SSLCipher.java:1880) ~[?:1.8.0_332]
	at sun.security.ssl.SSLEngineInputRecord.decodeInputRecord(SSLEngineInputRecord.java:240) ~[?:1.8.0_332]
	at sun.security.ssl.SSLEngineInputRecord.decode(SSLEngineInputRecord.java:197) ~[?:1.8.0_332]
	at sun.security.ssl.SSLEngineInputRecord.decode(SSLEngineInputRecord.java:160) ~[?:1.8.0_332]
	at sun.security.ssl.SSLTransport.decode(SSLTransport.java:109) ~[?:1.8.0_332]
	... 25 more
Unable to process data send through inbound connection from /192.241.200.116 to file transfer proxy: Only SOCKS5 supported. Peer is sending something that is incompatible.
Failed to establish server to server session.

forgot to include the s2s connection test

This seems to be an issue with TLSv1.3, maybe [OF-2435] - Ignite Realtime Jira

Try disabling TLSv1.3 in the Openfire admin console (you showed a screenshot of the page where that can be done) and try again.

Jumping on to say thanks for this. I encountered this issue as well.
I’m at a loss. What is the resolution? Not having 1.3 is a pretty important concern. Although the issues appear to be resolved/pulled?

There’s a workaround that can be applied by clients, that involves introducing a one-millisecond delay. Details here: Improve TLSv1.3 compatibility by netmikey · Pull Request #912 · xmppjs/xmpp.js · GitHub

To introduce stable support for TLSv1.3, we’re switching the networking library that’s used by Openfire from MINA to Netty. This effort is documented in [OF-2559] - Ignite Realtime Jira.

It is expected that after the migration to Netty, TLSv1.3 support will work without further work.

Hmm using the latest Gajim I would have expected them to be on top of any important mitigations like this.

Perhaps I’ll have to go there and raise an issue and see what’s up.