Secure Server to Server failing

With the update from 3.5.2 to 3.6.0a I am now having trouble with openfire servers connecting securely.

When security settings are changed from required to optional the servers will connect. Selecting “Accept self-signed certificates. Server dialback over TLS is now available” makes no difference.

Both servers trust the Certificate Authority that issued their certificates.

Before the update both connected fine.

Debug msgs:

2008.09.04 18:06:04 LocalOutgoingServerSession: OS - Trying to connect to lookup:
2008.09.04 18:06:04 LocalOutgoingServerSession: OS - Plain connection to successful
2008.09.04 18:06:04 LocalOutgoingServerSession: OS - Indicating we want TLS to
2008.09.04 18:06:04 LocalOutgoingServerSession: OS - Negotiating TLS with
2008.09.04 18:06:04 LocalOutgoingServerSession: OS - TLS negotiation with was successful
2008.09.04 18:06:04 LocalOutgoingServerSession: OS - Error, EXTERNAL SASL and SERVER DIALBACK were not offered by

Error msgs:

2008.09.04 17:13:35 [org.jivesoftware.openfire.session.LocalOutgoingServerSession.createOutgoingSes sion(] Error trying to connect to remote server: lookup: Connection refused
at Method)
at Source)
at Source)
at Source)
at Source)
at Source)
at org.jivesoftware.openfire.session.LocalOutgoingServerSession.createOutgoingSess ion(
at org.jivesoftware.openfire.session.LocalOutgoingServerSession.authenticateDomain (
at org.jivesoftware.openfire.server.OutgoingSessionPromise$PacketsProcessor.sendPa cket(
at org.jivesoftware.openfire.server.OutgoingSessionPromise$
at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor$ Source)
at Source)

I read the changelog and the notes on trusting self signed certs can not see what changed that now I get this error.

Thanks in advanced for the help.


I am hitting this as well tonight Are both servers running 3.6.0 ?


Hey Trevor,

From the debug log I see that TLS was successfully negotiated. That means that certificates are fine. The problem is that your server was waiting from the remote server the option to use SASL EXTERNAL or to user server dialback and none of those things were received. Having said that, do you know which software is running the other server? Is it Openfire? Which version of Openfire?


– Gato

Both servers are running 3.6.0a.

They were upgraded from 3.5.2 which was working with secure connections.