No s2s connection possible

Openfire Openfire Support
1

Hi!

I know this is a very common problem, but i searched the board and googled for some solutions but was not verry successful.

My server is unable to connect to another server using s2s.

I enabled debug logging and tried to join a chat from jabber.org.

Here is a snippet of the debug output:

2007.07.29 02:57:12 OS - Trying to connect to conference.jabber.org:5269(DNS lookup: conference.jabber.org:5269)

2007.07.29 02:57:12 OS - Plain connection to conference.jabber.org:5269 successful

2007.07.29 02:57:12 OS - Indicating we want TLS to conference.jabber.org

2007.07.29 02:57:12 OS - Negotiating TLS with conference.jabber.org

2007.07.29 02:57:12 SubjectAltName of invalid type found: [

… here comes some certification stuff from jabber.org

… openfire repeats his procedure another time with the same error …

2007.07.29 02:57:12 Handshake error while creating secured outgoing session to remote server: conference.jabber.org(DNS lookup: conference.jabber.org:5269)

… here comes the Java stack trace …

javax.net.ssl.SSLHandshakeException: General SSLEngine problem

… soaks down very deep …

2007.07.29 02:57:12 OS - Going to try connecting using server dialback with: conference.jabber.org

2007.07.29 02:57:12 OS - Trying to connect to conference.jabber.org:5269(DNS lookup: conference.jabber.org:5269)

2007.07.29 02:57:12 OS - Connection to conference.jabber.org:5269 successful

2007.07.29 02:57:13 OS - Sent dialback key to host: conference.jabber.org id: 1066818785 from domain: highcard.at

2007.07.29 02:57:13 EOF

2007.07.29 02:57:33 OS - Time out waiting for answer in validation from: conference.jabber.org id: 1066818785 for domain: highcard.at

2007.07.29 02:57:33 Finishing Outgoing Server Reader. No session to close.

… here comes another Java exception …

java.net.SocketException: Socket closed

… soaks down a bit …

2007.07.29 02:57:33 OS - Trying to connect to jabber.org:5269(DNS lookup: jabber.org:5269)

2007.07.29 02:57:33 OS - Plain connection to jabber.org:5269 successful

2007.07.29 02:57:33 OS - Indicating we want TLS to jabber.org

… this goes on very long …

Here is the whole logfile: www.highcard.at/openfire_debug.log

I have set xmpp.server.certificate.verify to false and signed both certificates. My server uses Java 1.5.0 Update 10 and runs Openfire 3.3.2. I configured iptables to accept incoming and outgoing data from TCP 5269.

What is the problem? I have no idea.

Regards,

Faux

2

I have set xmpp.server.certificate.verify to false and signed both certificates.

I’‘am not sure, but my theory is, that if the other server requires verification and you can’'t verify it, because it is a self-signed or not top-level signed certificate, you will not be able to establish an encrypted connection.

Coolcat