powered by Jive Software

GAIM 1.4.0 and Jive 2.2.0

I have searched and read all the old posts. All I can tell you is that this config does not work. Yes, I put the port to 5223. I tried it with “use old style SSL” checked and unchecked. When checked, I get “SSL handshake failed”. That is all I see on the client. On the server, I see this which is suspect:

javax.net.ssl.SSLHandshakeException: no cipher suites in common

Now, on TLS, I get “XML parse error”. On the server, I get:

2005.08.09 16:44:49 SSL Connect f429d7[SSL_NULL_WITH_NULL_NULL: Socket[addr=/10.1.6.4,port=48970,localport=5223]]

2005.08.09 16:44:49 Error creating session

javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection?

at com.sun.net.ssl.internal.ssl.InputRecord.handleUnknownRecord(Unknown Source)

at com.sun.net.ssl.internal.ssl.InputRecord.read(Unknown Source)

at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown Source)

at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)

at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readDataRecord(Unknown Source)

at com.sun.net.ssl.internal.ssl.AppInputStream.read(Unknown Source)

at sun.nio.cs.StreamDecoder$CharsetSD.readBytes(Unknown Source)

at sun.nio.cs.StreamDecoder$CharsetSD.implRead(Unknown Source)

at sun.nio.cs.StreamDecoder.read(Unknown Source)

at java.io.InputStreamReader.read(Unknown Source)

at org.xmlpull.mxp1.MXParser.fillBuf(MXParser.java:2971)

at org.xmlpull.mxp1.MXParser.more(MXParser.java:3025)

at org.xmlpull.mxp1.MXParser.parseProlog(MXParser.java:1410)

at org.xmlpull.mxp1.MXParser.nextImpl(MXParser.java:1395)

at org.xmlpull.mxp1.MXParser.next(MXParser.java:1093)

at org.jivesoftware.messenger.net.SocketReader.createSession(SocketReader.java:397 )

at org.jivesoftware.messenger.net.SocketReader.run(SocketReader.java:102)

at java.lang.Thread.run(Unknown Source)

I found a thread way back in February that mentioned a new XMPP TLS method that Jive did not support. Is that still the case here with GAIM?

Hey Brian,

Can you check if your keystore includes an RSA certificate? You can execute keytool -list -keystore keystore[/b] from your command line to get the list of certificates you have in your keystore. Remember to run the keytool command from the resources/security folder. The first column in each certificate shows the type of algorithm used for the certificate. It can be DSA or RSA.

Regards,

– Gato

"Yes, my question has been answered. " - sort of.

I take it this answer means “You need an RSA key with GAIM”. So, we installed one and it works using old style SSL. I guess you did not want to be rude. I appreciate that.

I would still like to know the root of the TLS problem if someone has a clue.

Brian,

Yep, you’'re right – GAIM requires an RSA key for some reason. We now ship the default keystore with both DSA and RSA keys.

Regards,

Matt

By any chance was your server upgraded to 2.2.0 or was it a fresh install?

It was a fresh install.

Brian - Out of the box (fresh install) I had Ver. 2.2.0 working just fine with Gaim 1.4.0 using SSL.

I know that statement does not help you - but a couple of things come to mind - are you on a Linux machine? Is your server name in DNS? Do non SSL connections work?

This thread is helpful for createing an RSA key for your server - I have used it add an alias to my server.

http://www.jivesoftware.org/forums/thread.jspa?messageID=98910&#98910

Yeah, we created an RSA key and have it working now.

My remaining question is about TLS. I am hoping for a dev to answer that question.

My remaining question is about TLS. I am hoping for

a dev to answer that question.

Sorry about that – missed your earlier question about TLS. The XMPP spec does define a new TLS protocol (that supersedes the dedicated SSL port approach). We’'re in the process of implementing it so it should be available soon.

Regards,

Matt