Secure Server to Server failing

Trevor_Fields · September 5, 2008, 1:21am

With the update from 3.5.2 to 3.6.0a I am now having trouble with openfire servers connecting securely.

When security settings are changed from required to optional the servers will connect. Selecting “Accept self-signed certificates. Server dialback over TLS is now available” makes no difference.

Both servers trust the Certificate Authority that issued their certificates.

Before the update both connected fine.

Debug msgs:

2008.09.04 18:06:04 LocalOutgoingServerSession: OS - Trying to connect to server1.mydomain.com:5269(DNS lookup: server1.mydomain.com:5269)
2008.09.04 18:06:04 LocalOutgoingServerSession: OS - Plain connection to server1.mydomain.com:5269 successful
2008.09.04 18:06:04 LocalOutgoingServerSession: OS - Indicating we want TLS to server1.mydomain.com
2008.09.04 18:06:04 LocalOutgoingServerSession: OS - Negotiating TLS with server1.mydomain.com
2008.09.04 18:06:04 LocalOutgoingServerSession: OS - TLS negotiation with server1.mydomain.com was successful
2008.09.04 18:06:04 LocalOutgoingServerSession: OS - Error, EXTERNAL SASL and SERVER DIALBACK were not offered by server1.mydomain.com

Error msgs:

2008.09.04 17:13:35 [org.jivesoftware.openfire.session.LocalOutgoingServerSession.createOutgoingSes sion(LocalOutgoingServerSession.java:258)] Error trying to connect to remote server: mydomain.com(DNS lookup: mydomain.com:5269)
java.net.ConnectException: Connection refused
at java.net.PlainSocketImpl.socketConnect(Native Method)
at java.net.PlainSocketImpl.doConnect(Unknown Source)
at java.net.PlainSocketImpl.connectToAddress(Unknown Source)
at java.net.PlainSocketImpl.connect(Unknown Source)
at java.net.SocksSocketImpl.connect(Unknown Source)
at java.net.Socket.connect(Unknown Source)
at org.jivesoftware.openfire.session.LocalOutgoingServerSession.createOutgoingSess ion(LocalOutgoingServerSession.java:253)
at org.jivesoftware.openfire.session.LocalOutgoingServerSession.authenticateDomain (LocalOutgoingServerSession.java:185)
at org.jivesoftware.openfire.server.OutgoingSessionPromise$PacketsProcessor.sendPa cket(OutgoingSessionPromise.java:239)
at org.jivesoftware.openfire.server.OutgoingSessionPromise$PacketsProcessor.run(Ou tgoingSessionPromise.java:216)
at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)

I read the changelog http://www.igniterealtime.org/builds/openfire/docs/latest/changelog.html and the notes on trusting self signed certs http://www.igniterealtime.org/community/docs/DOC-1552.but can not see what changed that now I get this error.

Thanks in advanced for the help.

akrherz · September 5, 2008, 1:44am

Hi,

I am hitting this as well tonight Are both servers running 3.6.0 ?

daryl

Gaston_Dombiak · September 5, 2008, 6:49am

Hey Trevor,

From the debug log I see that TLS was successfully negotiated. That means that certificates are fine. The problem is that your server was waiting from the remote server the option to use SASL EXTERNAL or to user server dialback and none of those things were received. Having said that, do you know which software is running the other server? Is it Openfire? Which version of Openfire?

Regards,

– Gato

Trevor_Fields · September 5, 2008, 11:49pm

Both servers are running 3.6.0a.

They were upgraded from 3.5.2 which was working with secure connections.

Thanks,

Trevor