powered by Jive Software

Openfire doesn't like legacy SSL

I’m working on setting up an Openfire as an intranet jabber server, and whenever I try to enable old port (legacy, port 5223) SSL through the admin it says “Settings updated successfully”… and reverts the option back to “Not enabled”. I can do whatever with TLS, but it just will not allow old port SSL to be enabled. Nothing is being logged and I’ve nmapped the host to confirm that 5223 is closed. Is there a known cause for this issue, or does Openfire hate me with unequaled passion?

Strange. It works for me. Check http://server:9090/ssl-settings.jsp Do you have old SSL enabled here? (Custom)

The problem is that every time I click the option to enable it and tell Openfire to save the changes, when it reloads the page it’s set to disabled again. I traced through the JSP source into the openfire libraries and edited the configuration settings that are modified when you enable it via the web interface and put the values in both XML and SQL but it still registers it as disabled and won’t listen on the port.

I found the solution - what was happening was that there was no self-signed certificate in Openfire’s keystore, but for some reason Openfire will not even register as being set up to accept legacy SSL when there is not a certificate (I believe a self signed cert is created when Openfire goes through setup, however, I had just unpacked Openfire and imported my configuration.

I found this error when attempting to use TLS (which *did *register as enabled) - after I was unable to connect, error.log recorded the problems.

While I am not sure of the root cause of Openfire being unwilling to say that legacy SSL was enabled when it was willing to say TLS was, I suggest that the admin console’s security setting page check for certificates and if none are found, inform the user of that and of how SSL and TLS require one.

solipsism wrote:

I believe a self signed cert is created when Openfire goes through setup

No, certificates are not generated in the setup process.

according to http://www.igniterealtime.org/builds/openfire/docs/latest/documentation/ssl-guid e.html

Once the setup process is completed Openfire will create self-signed certificates
for the assigned Openfire’s domain.
I’m starting from an openfire.xml with true stored.

You were right. They are generated in the setup process. I havent done fresh setup for a long time, so i thought they arent generated by itself.