powered by Jive Software

S2S connection fails with other openfire

Hi,
I have 3 openfire servers and I am trying to make them connect using server 2 server connection.
While each server can connect to any xmpp servers (IE: conversations.im) as soon as I try to connect to my other openfires it fails.

Sending server to server ping request to XXXXXXXX.XXX
Sending server to server ping request to XXXXXXXX.XXX
Start domain authentication ...
Start domain authentication ...
Searching for pre-existing outgoing sessions to the remote domain (if one exists, it will be re-used) ...
Searching for pre-existing outgoing sessions to the remote domain (if one exists, it will be re-used) ...
There are no pre-existing outgoing sessions to the remote domain itself. Searching for pre-existing outgoing sessions to super- or subdomains of the remote domain (if one exists, it might be re-usable) ...
There are no pre-existing outgoing sessions to the remote domain itself. Searching for pre-existing outgoing sessions to super- or subdomains of the remote domain (if one exists, it might be re-usable) ...
There are no pre-existing session to other domains hosted on the remote domain.
There are no pre-existing session to other domains hosted on the remote domain.
Unable to re-use an existing session. Creating a new session ...
Unable to re-use an existing session. Creating a new session ...
Creating new session...
Creating new session...
Creating plain socket connection to a host that belongs to the remote XMPP domain.
Creating plain socket connection to a host that belongs to the remote XMPP domain.
Creating a socket connection to XMPP domain 'XXXXXXXX.XXX' ...
Creating a socket connection to XMPP domain 'XXXXXXXX.XXX' ...
Use DNS to resolve remote hosts for the provided XMPP domain 'XXXXXXXX.XXX' (default port: 5269) ...
Use DNS to resolve remote hosts for the provided XMPP domain 'XXXXXXXX.XXX' (default port: 5269) ...
Found 2 host(s) for XMPP domain 'XXXXXXXX.XXX'.
Found 2 host(s) for XMPP domain 'XXXXXXXX.XXX'.
Trying to create socket connection to XMPP domain 'XXXXXXXX.XXX' using remote host: XXXXXXXX.XXX:5269 (blocks up to 120000 ms) ...
Trying to create socket connection to XMPP domain 'XXXXXXXX.XXX' using remote host: XXXXXXXX.XXX:5269 (blocks up to 120000 ms) ...
Successfully created socket connection to XMPP domain 'XXXXXXXX.XXX' using remote host: XXXXXXXX.XXX:5269!
Successfully created socket connection to XMPP domain 'XXXXXXXX.XXX' using remote host: XXXXXXXX.XXX:5269!
Configured TrustManager class: org.jivesoftware.openfire.keystore.OpenfireX509TrustManager
Configured TrustManager class: org.jivesoftware.openfire.keystore.OpenfireX509TrustManager
Attempting to instantiate 'class org.jivesoftware.openfire.keystore.OpenfireX509TrustManager' using the three-argument constructor that is properietary to Openfire.
Attempting to instantiate 'class org.jivesoftware.openfire.keystore.OpenfireX509TrustManager' using the three-argument constructor that is properietary to Openfire.
Constructed trust manager. Number of trusted issuers: 148, accepts self-signed: true, checks validity: false
Constructed trust manager. Number of trusted issuers: 148, accepts self-signed: true, checks validity: false
Successfully instantiated 'class org.jivesoftware.openfire.keystore.OpenfireX509TrustManager'.
Successfully instantiated 'class org.jivesoftware.openfire.keystore.OpenfireX509TrustManager'.
An exception occurred while creating an encrypted session. Closing connection.
javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection?
	at sun.security.ssl.EngineInputRecord.bytesInCompletePacket(EngineInputRecord.java:156) ~[?:1.8.0_222]
	at sun.security.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:857) ~[?:1.8.0_222]
	at sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:766) ~[?:1.8.0_222]
	at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:624) ~[?:1.8.0_222]
	at org.jivesoftware.openfire.net.TLSStreamHandler.doHandshake(TLSStreamHandler.java:244) ~[xmppserver-4.4.1.jar:4.4.1]
	at org.jivesoftware.openfire.net.TLSStreamHandler.start(TLSStreamHandler.java:181) ~[xmppserver-4.4.1.jar:4.4.1]
	at org.jivesoftware.openfire.net.SocketConnection.startTLS(SocketConnection.java:189) ~[xmppserver-4.4.1.jar:4.4.1]
	at org.jivesoftware.openfire.session.LocalOutgoingServerSession.createOutgoingSession(LocalOutgoingServerSession.java:265) [xmppserver-4.4.1.jar:4.4.1]
	at org.jivesoftware.openfire.session.LocalOutgoingServerSession.authenticateDomain(LocalOutgoingServerSession.java:211) [xmppserver-4.4.1.jar:4.4.1]
	at org.jivesoftware.openfire.server.OutgoingSessionPromise$PacketsProcessor.sendPacket(OutgoingSessionPromise.java:261) [xmppserver-4.4.1.jar:4.4.1]
	at org.jivesoftware.openfire.server.OutgoingSessionPromise$PacketsProcessor.run(OutgoingSessionPromise.java:239) [xmppserver-4.4.1.jar:4.4.1]
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) [?:1.8.0_222]
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) [?:1.8.0_222]
	at java.lang.Thread.run(Thread.java:748) [?:1.8.0_222]
An exception occurred while creating an encrypted session. Closing connection.
javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection?
	at sun.security.ssl.EngineInputRecord.bytesInCompletePacket(EngineInputRecord.java:156) ~[?:1.8.0_222]
	at sun.security.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:857) ~[?:1.8.0_222]
	at sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:766) ~[?:1.8.0_222]
	at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:624) ~[?:1.8.0_222]
	at org.jivesoftware.openfire.net.TLSStreamHandler.doHandshake(TLSStreamHandler.java:244) ~[xmppserver-4.4.1.jar:4.4.1]
	at org.jivesoftware.openfire.net.TLSStreamHandler.start(TLSStreamHandler.java:181) ~[xmppserver-4.4.1.jar:4.4.1]
	at org.jivesoftware.openfire.net.SocketConnection.startTLS(SocketConnection.java:189) ~[xmppserver-4.4.1.jar:4.4.1]
	at org.jivesoftware.openfire.session.LocalOutgoingServerSession.createOutgoingSession(LocalOutgoingServerSession.java:265) [xmppserver-4.4.1.jar:4.4.1]
	at org.jivesoftware.openfire.session.LocalOutgoingServerSession.authenticateDomain(LocalOutgoingServerSession.java:211) [xmppserver-4.4.1.jar:4.4.1]
	at org.jivesoftware.openfire.server.OutgoingSessionPromise$PacketsProcessor.sendPacket(OutgoingSessionPromise.java:261) [xmppserver-4.4.1.jar:4.4.1]
	at org.jivesoftware.openfire.server.OutgoingSessionPromise$PacketsProcessor.run(OutgoingSessionPromise.java:239) [xmppserver-4.4.1.jar:4.4.1]
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) [?:1.8.0_222]
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) [?:1.8.0_222]
	at java.lang.Thread.run(Thread.java:748) [?:1.8.0_222]
Unable to create a new session. Going to try connecting using server dialback as a fallback.
Unable to create a new session. Going to try connecting using server dialback as a fallback.
Creating new outgoing session...
Creating new outgoing session...
Creating a socket connection to XMPP domain 'XXXXXXXX.XXX' ...
Creating a socket connection to XMPP domain 'XXXXXXXX.XXX' ...
Use DNS to resolve remote hosts for the provided XMPP domain 'XXXXXXXX.XXX' (default port: 5269) ...
Use DNS to resolve remote hosts for the provided XMPP domain 'XXXXXXXX.XXX' (default port: 5269) ...
Found 2 host(s) for XMPP domain 'XXXXXXXX.XXX'.
Found 2 host(s) for XMPP domain 'XXXXXXXX.XXX'.
Trying to create socket connection to XMPP domain 'XXXXXXXX.XXX' using remote host: XXXXXXXX.XXX:5269 (blocks up to 120000 ms) ...
Trying to create socket connection to XMPP domain 'XXXXXXXX.XXX' using remote host: XXXXXXXX.XXX:5269 (blocks up to 120000 ms) ...
Successfully created socket connection to XMPP domain 'XXXXXXXX.XXX' using remote host: XXXXXXXX.XXX:5269!
Successfully created socket connection to XMPP domain 'XXXXXXXX.XXX' using remote host: XXXXXXXX.XXX:5269!
Configured TrustManager class: org.jivesoftware.openfire.keystore.OpenfireX509TrustManager
Configured TrustManager class: org.jivesoftware.openfire.keystore.OpenfireX509TrustManager
Attempting to instantiate 'class org.jivesoftware.openfire.keystore.OpenfireX509TrustManager' using the three-argument constructor that is properietary to Openfire.
Attempting to instantiate 'class org.jivesoftware.openfire.keystore.OpenfireX509TrustManager' using the three-argument constructor that is properietary to Openfire.
Constructed trust manager. Number of trusted issuers: 148, accepts self-signed: true, checks validity: false
Constructed trust manager. Number of trusted issuers: 148, accepts self-signed: true, checks validity: false
Successfully instantiated 'class org.jivesoftware.openfire.keystore.OpenfireX509TrustManager'.
Successfully instantiated 'class org.jivesoftware.openfire.keystore.OpenfireX509TrustManager'.
Failed to establish server to server session.
Failed to establish server to server session.

I’m really blocked with this one. So far everything I tried failed.

Alexis and me have investigated this issue offline. The core issue here was a misconfiguration of DNS SRV records for XMPP over TLS (as described in XEP-0368). By accident, the domain that Alexis was using had that pointed to the same port as where ‘normal’ (StartTLS) traffic was expected.

Fixing the DNS SRV records appears to have resolved the issue. Going one step further, we’ve been working on improving Openfire to more gracefully handle misconfigurations like this. This effort is tracked in OF-1849.

1 Like