powered by Jive Software

Connect to OF with Smack 4.1.8 via SSL (Port 5223)

Hi everybody,

I have a little problem: I want to connect to my Openfire server with Smack 4.1.8 via SSL (Port: 5223). I use the folowing code:

config = XMPPTCPConnectionConfiguration.builder()

 .setServiceName(SERVICENAME)

 .setHost("127.0.0.1")

 .setPort(5223)

 .setCompressionEnabled(**true**)

  .setDebuggerEnabled(**true**)

  .setSocketFactory(SSLSocketFactory.*getDefault*())

  .setUsernameAndPassword(USERNAME, PASSWORD)

  .setSecurityMode(SecurityMode.***required***)

  .build();

connection = new XMPPTCPConnection(config);

connection.setPacketReplyTimeout(3000);

connection.connect();

connection.login();

But everytime I get a timeout.

On the server side it tells me: SSL Handshake failed.

And if I use the DummySSLFactory, i get:

java.net.SocketException: Unconnected sockets not implemented

at javax.net.SocketFactory.createSocket(SocketFactory.java:125)

at org.jivesoftware.smack.tcp.XMPPTCPConnection.connectUsingConfiguration(XMPPTCPConnection.java:573)

at org.jivesoftware.smack.tcp.XMPPTCPConnection.connectInternal(XMPPTCPConnection.java:851)

at org.jivesoftware.smack.AbstractXMPPConnection.connect(AbstractXMPPConnection.java:364)

at de.smacktest.sender.ID_RegistrationClient.login(ID_RegistrationClient.java:62)

at de.smacktest.sender.ID_RegistrationClient.(ID_RegistrationClient.java:41)

at de.smacktest.App.main(App.java:15)

Caused by: java.lang.UnsupportedOperationException

at javax.net.SocketFactory.createSocket(SocketFactory.java:123)

… 6 more

Sorry, I am quite new to SSL. Do I need a certificate? How to create or import a certificate?

If anyone could help me out, it would be great

Thank you

You should use 5222 port. 5223 is obsolete legacy port.

… same problem

If you use 5222, which you should, then don’t set a SSLSocketFactory as SocketFactory.

…but then I’m getting:

Error

org.jivesoftware.smack.SmackException: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader.parsePackets(XMPPTCPC onnection.java:1029)

at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader.access$300(XMPPTCPCon nection.java:956)

at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader$1.run(XMPPTCPConnecti on.java:971)

at java.lang.Thread.run(Thread.java:745)

Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)

at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1904)

at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:279)

at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:273)

at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1446)

at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:209)

at sun.security.ssl.Handshaker.processLoop(Handshaker.java:901)

at sun.security.ssl.Handshaker.process_record(Handshaker.java:837)

at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1023)

at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1332)

at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1359)

at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1343)

at org.jivesoftware.smack.tcp.XMPPTCPConnection.proceedTLSReceived(XMPPTCPConnecti on.java:769)

at org.jivesoftware.smack.tcp.XMPPTCPConnection.access$1000(XMPPTCPConnection.java :140)

at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader.parsePackets(XMPPTCPC onnection.java:1022)

… 3 more

Your SSLContext is not able to build a valid trust path from the certs in the trust store to the cert presented. Your options are:

  • Find a cert which when put in the trust store establishes a valid trust chain

  • Install a end-entity certificate which has a valid trust path on the service

  • Use TLS pinning (e.g. java-pinning) on the client side

  • Use TOFU principe for trust the certificate (e.g. Memorizing Trust Manager for Android).

  • Accept all certificate (Don’t do that)

  • Don’t use TLS

Please also read up on TLS and make sure to understand how it works before you try to secure connections via TLS.