powered by Jive Software

Problem with server to server connection

Hello, I am new to setting up XMPP servers and clients, and am running into an issue trying to have two clients talk to each other that are registered with separate servers. First I am using Wildfire 3.2.3 for the servers and Spark for the clients. The servers are setup on different ips/hosts with one running on Linux and one on Windows. I started having this problem after I went through the SSL Guide to setup SSL connections. Before this I was able to have clients talking. I also have some error in my error logs, which are listed below. I was just wondering if this have been experienced before, or if there is there something that I may have missed in setting up the SSL connections? If more information is needed, please ask.

Error while negotiating TLS: org.jivesoftware.wildfire.net.SocketConnection@130b5e2 socket: Socket[addr=/192.168.5.105,port=33134,localport=5269] session: org.jivesoftware.wildfire.session.IncomingServerSession@bd5df status: 1 address: nathanvm/2882df3f id: 2882df3f

javax.net.ssl.SSLException: Unsupported record version Unknown-47.115

at com.sun.net.ssl.internal.ssl.EngineInputRecord.bytesInCompletePacket(Unknown Source)

at com.sun.net.ssl.internal.ssl.SSLEngineImpl.readNetRecord(Unknown Source)

at com.sun.net.ssl.internal.ssl.SSLEngineImpl.unwrap(Unknown Source)

at javax.net.ssl.SSLEngine.unwrap(Unknown Source)

at org.jivesoftware.wildfire.net.TLSStreamHandler.doHandshake(TLSStreamHandler.jav a:211)

at org.jivesoftware.wildfire.net.TLSStreamHandler.start(TLSStreamHandler.java:157)

at org.jivesoftware.wildfire.net.SocketConnection.startTLS(SocketConnection.java:1 64)

at org.jivesoftware.wildfire.net.SocketReadingMode.negotiateTLS(SocketReadingMode. java:72)

at org.jivesoftware.wildfire.net.BlockingReadingMode.readStream(BlockingReadingMod e.java:126)

at org.jivesoftware.wildfire.net.BlockingReadingMode.run(BlockingReadingMode.java: 62)

at org.jivesoftware.wildfire.net.SocketReader.run(SocketReader.java:120)

at java.lang.Thread.run(Unknown Source)

and

Error while negotiating TLS: org.jivesoftware.wildfire.net.SocketConnection@10a519 socket: Socket[addr=/192.168.5.105,port=33133,localport=5269] session: org.jivesoftware.wildfire.session.IncomingServerSession@7857a5 status: 1 address: nathanvm/8602a934 id: 8602a934

javax.net.ssl.SSLException: Unsupported record version Unknown-47.115

at com.sun.net.ssl.internal.ssl.EngineInputRecord.bytesInCompletePacket(Unknown Source)

at com.sun.net.ssl.internal.ssl.SSLEngineImpl.readNetRecord(Unknown Source)

at com.sun.net.ssl.internal.ssl.SSLEngineImpl.unwrap(Unknown Source)

at javax.net.ssl.SSLEngine.unwrap(Unknown Source)

at org.jivesoftware.wildfire.net.TLSStreamHandler.doHandshake(TLSStreamHandler.jav a:211)

at org.jivesoftware.wildfire.net.TLSStreamHandler.start(TLSStreamHandler.java:157)

at org.jivesoftware.wildfire.net.SocketConnection.startTLS(SocketConnection.java:1 64)

at org.jivesoftware.wildfire.net.SocketReadingMode.negotiateTLS(SocketReadingMode. java:72)

at org.jivesoftware.wildfire.net.BlockingReadingMode.readStream(BlockingReadingMod e.java:126)

at org.jivesoftware.wildfire.net.BlockingReadingMode.run(BlockingReadingMode.java: 62)

at org.jivesoftware.wildfire.net.SocketReader.run(SocketReader.java:120)

at java.lang.Thread.run(Unknown Source)

Thanks in advance,

Nate

Hi,

If I am not mistaken, these errors are a result of s2s trying to validate the self-singed SSL certs. You need to go into the system properties and set

xmpp.server.certificate.verify false

HTH,

daryl

Hello,

I have set the property xmpp.server.certificate.verify=false for both servers, but still get those errors.

– Nate

Hey,

my s2s isn’'t encrypted too.

I installed two certifactes signed by cacert.org in openfire and only one serverconnection is encrypted - and ONLY when he connect to me …

so a friend told me, that he has to many servers a encrypted connection but he is using ejabberd.

so, why are my connections not encrypted? :smiley:

on the titlesite, a lock is shown by the s2s-port and in the security-settings “optional” is selected.

i also have set the validate = false option in my configuration …

can someone help me?

Cu

BigDaddy