powered by Jive Software

SASL error: SASL(-1): generic failure: Server doesn't support "no layer"

Hello,

I have just updated to 4.1.1, so I have started testing after and have tried a few different users, they are all getting the error message "SASL error: SASL(-1): generic failure: Server doesn’t support “no layer” " Any ideas?

I didn’t change any settings, only updated straight to 4.1.1 from 4.0.3.

I am using XMPP format and have checked that all options are they same as they was before, nothing has changed as far as I can see.

Thank you.

I don’t recognize this error, nor the wording. The Openfire code does not include these exact sequence of characters either: “Server doesn’t support” “no layer” Furthermore, I can’t imagine what “no layer” would refer to, in SASL speak.

Where exactly are you finding this error? Is there some kind of data flow between Openfire and client that you can share?

Hello Guus,

We are using pidgin and the error message is on Pidgin. It occurs just as you try to log in, and it stops you logging in. I can take a look but am unsure off any data flow that flows between the two, the logs on open fire have some information but nothing that points towards the problem. I think that returning to 4.0.4 would possibly revert back to when it was working and then wait for the next patch and try again?

Thank you

Cyran

Are you running an older version of Pidgin, perhaps? I did find an odd reference via Google (related to Pidgin and another XMPP project), that suggests that Pidgin uses/used a pretty old TLS/SSL implementation.

In Openfire, you can configure these settings via the admin console, by navigating to: Server > Server Settings > Client Connections > Plain-text (with STARTTLS) connections > Advanced configuration > Encryption Protocols

Try enabling some of the older SSL protocols there, see if that makes a difference for you. If it does, then I suspect that you’re running with old software (as I know of others that use Pidgin successfully, with Openfire 4.1.x), and you might want to update.

Pidgin is up to date as far as I am aware, I have given it a go using the older SSL protocols, no change. I will look into pidgin further and double check that it is up to date.

Do you know off any settings that would automatically change as of 4.1.1?

Thank you

The differences between the 4.0 and 4.1 branch are pretty extensive (many months of work, over 100 changes I believe), so there’s bound to be something different. I can’t be specific though.

Perhaps you should try disabling TLS/SSL for a bit (on the same admin console page) - that will at least give you an indication if we’re looking in the right spot.

Bingo! I have played about with them a little bit and have got it say SSL handshake error now, this is with the most recent TSL enabled and none of the others also with sslv2hellow and sslv3 enabled. At least it has located the problem! Any ideas on the SSL handshake?

Thank you

Not really, to be honest. Is there anything in the Openfire logs perhaps?

Have you tried connecting with a client other than Pidgin?

Also note that the version of Java that you’re using might influence encryption settings - you might want to update that to a recent Java 8 release, if you’re not running that already. That is, however, another stab in the dark.