Connect to OF with Smack 4.1.8 via SSL (Port 5223)

Sebastian15 · August 26, 2016, 7:04am

Hi everybody,

I have a little problem: I want to connect to my Openfire server with Smack 4.1.8 via SSL (Port: 5223). I use the folowing code:

config = XMPPTCPConnectionConfiguration.builder()

 .setServiceName(SERVICENAME)

 .setHost("127.0.0.1")

 .setPort(5223)

 .setCompressionEnabled(**true**)

  .setDebuggerEnabled(**true**)

  .setSocketFactory(SSLSocketFactory.*getDefault*())

  .setUsernameAndPassword(USERNAME, PASSWORD)

  .setSecurityMode(SecurityMode.***required***)

  .build();

connection = new XMPPTCPConnection(config);

connection.setPacketReplyTimeout(3000);

connection.connect();

connection.login();

But everytime I get a timeout.

On the server side it tells me: SSL Handshake failed.

And if I use the DummySSLFactory, i get:

java.net.SocketException: Unconnected sockets not implemented

at javax.net.SocketFactory.createSocket(SocketFactory.java:125)

at org.jivesoftware.smack.tcp.XMPPTCPConnection.connectUsingConfiguration(XMPPTCPConnection.java:573)

at org.jivesoftware.smack.tcp.XMPPTCPConnection.connectInternal(XMPPTCPConnection.java:851)

at org.jivesoftware.smack.AbstractXMPPConnection.connect(AbstractXMPPConnection.java:364)

at de.smacktest.sender.ID_RegistrationClient.login(ID_RegistrationClient.java:62)

at de.smacktest.sender.ID_RegistrationClient.(ID_RegistrationClient.java:41)

at de.smacktest.App.main(App.java:15)

Caused by: java.lang.UnsupportedOperationException

at javax.net.SocketFactory.createSocket(SocketFactory.java:123)

… 6 more

Sorry, I am quite new to SSL. Do I need a certificate? How to create or import a certificate?

If anyone could help me out, it would be great

Thank you

wroot · August 26, 2016, 7:42am

You should use 5222 port. 5223 is obsolete legacy port.

Sebastian15 · August 26, 2016, 7:51am

… same problem

Flow · August 26, 2016, 8:56am

If you use 5222, which you should, then don’t set a SSLSocketFactory as SocketFactory.

Sebastian15 · August 26, 2016, 2:07pm

…but then I’m getting:

Error

org.jivesoftware.smack.SmackException: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader.parsePackets(XMPPTCPC onnection.java:1029)

at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader.access$300(XMPPTCPCon nection.java:956)

at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader$1.run(XMPPTCPConnecti on.java:971)

at java.lang.Thread.run(Thread.java:745)

Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)

at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1904)

at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:279)

at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:273)

at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1446)

at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:209)

at sun.security.ssl.Handshaker.processLoop(Handshaker.java:901)

at sun.security.ssl.Handshaker.process_record(Handshaker.java:837)

at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1023)

at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1332)

at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1359)

at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1343)

at org.jivesoftware.smack.tcp.XMPPTCPConnection.proceedTLSReceived(XMPPTCPConnecti on.java:769)

at org.jivesoftware.smack.tcp.XMPPTCPConnection.access$1000(XMPPTCPConnection.java :140)

at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader.parsePackets(XMPPTCPC onnection.java:1022)

… 3 more

…

Flow · August 27, 2016, 2:13pm

Your SSLContext is not able to build a valid trust path from the certs in the trust store to the cert presented. Your options are:

Find a cert which when put in the trust store establishes a valid trust chain
Install a end-entity certificate which has a valid trust path on the service
Use TLS pinning (e.g. java-pinning) on the client side
Use TOFU principe for trust the certificate (e.g. Memorizing Trust Manager for Android).
Accept all certificate (Don’t do that)
Don’t use TLS

Please also read up on TLS and make sure to understand how it works before you try to secure connections via TLS.