powered by Jive Software

Openfire 4.2.3 (SSL error)


#1

Hi. There was an openfire server with version 3.6.4. There was his regular customers, who worked using SSL (old mechanism). It was fine. Put new 4.2.3 and cannot force to work at least 1 client, an error on SSL. Here is the log:
2018.08.14 11:30:36 WARN [socket_c2s_ssl-thread-3]: org.jivesoftware.openfire.nio.ConnectionHandler - Closing connection due to exception in session: (0x00000006: nio socket, server, /192.168.0.84:53274 => /192.168.0.194:10074)
javax.net.ssl.SSLHandshakeException: SSL handshake failed.
at org.apache.mina.filter.ssl.SslFilter.messageReceived(SslFilter.java:487)
at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:417)
at org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1200(DefaultIoFilterChain.java:47)
at org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:765)
at org.apache.mina.core.filterchain.IoFilterEvent.fire(IoFilterEvent.java:74)
at org.apache.mina.core.session.IoEvent.run(IoEvent.java:63)
at org.apache.mina.filter.executor.OrderedThreadPoolExecutor$Worker.runTask(OrderedThreadPoolExecutor.java:769)
at org.apache.mina.filter.executor.OrderedThreadPoolExecutor$Worker.runTasks(OrderedThreadPoolExecutor.java:761)
at org.apache.mina.filter.executor.OrderedThreadPoolExecutor$Worker.run(OrderedThreadPoolExecutor.java:703)
at java.lang.Thread.run(Unknown Source)
Caused by: javax.net.ssl.SSLHandshakeException: Client requested protocol TLSv1 not enabled or not supported
at sun.security.ssl.Handshaker.checkThrown(Unknown Source)
at sun.security.ssl.SSLEngineImpl.checkTaskThrown(Unknown Source)
at sun.security.ssl.SSLEngineImpl.writeAppRecord(Unknown Source)
at sun.security.ssl.SSLEngineImpl.wrap(Unknown Source)
at javax.net.ssl.SSLEngine.wrap(Unknown Source)
at org.apache.mina.filter.ssl.SslHandler.handshake(SslHandler.java:578)
at org.apache.mina.filter.ssl.SslHandler.messageReceived(SslHandler.java:351)
at org.apache.mina.filter.ssl.SslFilter.messageReceived(SslFilter.java:468)
… 9 more
Caused by: javax.net.ssl.SSLHandshakeException: Client requested protocol TLSv1 not enabled or not supported
at sun.security.ssl.Alerts.getSSLException(Unknown Source)
at sun.security.ssl.SSLEngineImpl.fatal(Unknown Source)
at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
at sun.security.ssl.ServerHandshaker.clientHello(Unknown Source)
at sun.security.ssl.ServerHandshaker.processMessage(Unknown Source)
at sun.security.ssl.Handshaker.processLoop(Unknown Source)
at sun.security.ssl.Handshaker$1.run(Unknown Source)
at sun.security.ssl.Handshaker$1.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at sun.security.ssl.Handshaker$DelegatedTask.run(Unknown Source)
at org.apache.mina.filter.ssl.SslHandler.doTasks(SslHandler.java:759)
at org.apache.mina.filter.ssl.SslHandler.handshake(SslHandler.java:544)
… 11 more


#2

That’s the cause of your problem. You need to update your client.


#6
SSL /192.168.0.84:53459 - OPEN - (   20582221)
SSL /192.168.0.84:53459 - SENT - (   20582221): <?xml version='1.0' encoding='UTF-8'?>
<stream:stream xmlns:stream="http://etherx.jabber.org/streams" xmlns="jabber:client" from="telemonitor" id="3ggtjbm5sf" xml:lang="en">
INT /192.168.0.84:????? - RECV - ( 3ggtjbm5sf): <iq type="set" id="t_auth" from="telemonitor/3ggtjbm5sf">
<query xmlns="jabber:iq:auth"><username>000</username><password>000</password><resource>TC</resource></query></iq>
INT /192.168.0.84:????? - SENT - ( 3ggtjbm5sf): <iq type="result" id="t_auth" to="000@telemonitor/TC"/>
SSL /192.168.0.84:53459 - SENT - (   20582221): <iq type="result" id="t_auth" to="000@telemonitor/TC"/>
INT /192.168.0.84:????? - RECV - ( 3ggtjbm5sf): <iq type="get" id="t" from="000@telemonitor/TC"><query xmlns="jabber:iq:time"></query></iq>
INT /192.168.0.84:????? - SENT - ( 3ggtjbm5sf): <iq type="error" id="t" to="000@telemonitor/TC"><query xmlns="jabber:iq:time"></query>
<error code="503" type="cancel"><service-unavailable xmlns="urn:ietf:params:xml:ns:xmpp-stanzas"/></error></iq>
SSL /192.168.0.84:53459 - SENT - (   20582221): <iq type="error" id="t" to="000@telemonitor/TC"><query xmlns="jabber:iq:time"></query>
<error code="503" type="cancel"><service-unavailable xmlns="urn:ietf:params:xml:ns:xmpp-stanzas"/></error></iq>
INT /192.168.0.84:????? - RECV - ( 3ggtjbm5sf): 
<presence type="unavailable" to="t0101@telemonitor" from="000@telemonitor/TC"><status>04C8;-85;0</status><x xmlns="c:t">A5J6Mv4=</x>
<n xmlns="c:n">250;01;089D;04C8;14</n></presence>
INT                  - RECV - ( 3ggtjbm5sf): 
<presence type="unavailable" to="t0102@telemonitor" from="000@telemonitor/TC"><status>04C8;-85;0</status><x xmlns="c:t">A5J6Mv4=</x>
<n xmlns="c:n">250;01;089D;04C8;14</n></presence>
INT                  - RECV - ( 3ggtjbm5sf): <presence type="unavailable" from="000@telemonitor/TC"/>