ServerDialback warning w/ self-signed certificate of remote server

Openfire Openfire Support
1

Hello,

i recently discovered some ServerDialback warnings while connecting to remote servers.

I wonder if this happens because of my OF setting or is this because of the remote xmpp server?

My OF version is 3.7.1

SSL-Seetings:

  • optional: clients my use secure connection

  • optional: s2s connections my be secure

  • Accept self-signed certificates. Server dialback over TLS is now available

I am using a self signed certificate.

2012.03.05 16:34:41 org.jivesoftware.openfire.net.ServerTrustManager - Accepting self-signed certificate of remote server: []                                2012.03.05 16:34:41 org.jivesoftware.openfire.server.ServerDialback - ServerDialback: OS - Ignoring unexpected answer in validation from: thesecure.biz id: 1426091580 for domain: jabber-server.de answer:<stream:features xmlns:stream="http://etherx.jabber.org/streams"><starttls xmlns="urn:ietf:params:xml:ns:xmpp-tls"/><c xmlns="http://jabber.org/protocol/caps" hash="sha-1" node="http://www.process-one.net/en/ejabberd/" ver="GsiKFJVOYbcPer34j2sRC4+aV9U="/></stream:features>                                2012.03.05 16:35:04 org.jivesoftware.openfire.net.ServerTrustManager - Accepting self-signed certificate of remote server: [xmpp.welfenlab.de]                                2012.03.05 16:35:05 org.jivesoftware.openfire.server.ServerDialback - ServerDialback: OS - Ignoring unexpected answer in validation from: xmpp.welfenlab.de id: 2696254148 for domain: jabber-server.de answer:<stream:features xmlns:stream="http://etherx.jabber.org/streams"><starttls xmlns="urn:ietf:params:xml:ns:xmpp-tls"/></stream:features>                                2012.03.05 16:35:08 org.jivesoftware.openfire.server.ServerDialback - ServerDialback: OS - Ignoring unexpected answer in validation from: xmpp.hs-esslingen.de id: 1142895041 for domain: jabber-server.de answer:<stream:features xmlns:stream="http://etherx.jabber.org/streams"><starttls xmlns="urn:ietf:params:xml:ns:xmpp-tls"/></stream:features>                                2012.03.05 16:35:49 org.jivesoftware.openfire.server.ServerDialback - ServerDialback: OS - Ignoring unexpected answer in validation from: jabber.hot-chilli.net id: 1154612348 for domain: jabber-server.de answer:<stream:features xmlns:stream="http://etherx.jabber.org/streams"><starttls xmlns="urn:ietf:params:xml:ns:xmpp-tls"/><c xmlns="http://jabber.org/protocol/caps" hash="sha-1" node="http://www.process-one.net/en/ejabberd/" ver="ZyBkGBchlsyFBstj0muFrxUfNk0="/></stream:features>                                2012.03.05 16:37:15 org.jivesoftware.openfire.server.ServerDialback - ServerDialback: OS - Ignoring unexpected answer in validation from: proxy.eu.jabber.org id: 01164896aa36a74c for domain: jabber-server.de answer:<stream:features xmlns:stream="http://etherx.jabber.org/streams"><starttls xmlns="urn:ietf:params:xml:ns:xmpp-tls"/><dialback xmlns="urn:xmpp:features:dialback"/><compression xmlns="http://jabber.org/features/compress"><method>zlib</method></compression></stream:features>                                2012.03.05 16:37:46 org.jivesoftware.openfire.server.ServerDialback - ServerDialback: OS - Ignoring unexpected answer in validation from: qip.ru id: 2813096063 for domain: jabber-server.de answer:<stream:features xmlns:stream="http://etherx.jabber.org/streams"><starttls xmlns="urn:ietf:params:xml:ns:xmpp-tls"/></stream:features>                                2012.03.05 16:37:52 org.jivesoftware.openfire.server.ServerDialback - ServerDialback: OS - Ignoring unexpected answer in validation from: avalon.hoffentlich.net id: 2026734343 for domain: jabber-server.de answer:<stream:features xmlns:stream="http://etherx.jabber.org/streams"><starttls xmlns="urn:ietf:params:xml:ns:xmpp-tls"/><c xmlns="http://jabber.org/protocol/caps" hash="sha-1" node="http://www.process-one.net/en/ejabberd/" ver="HzhW199FSAS7rIkHllLdacqERmE="/></stream:features>                                2012.03.05 16:38:46 org.jivesoftware.openfire.net.ServerTrustManager - Accepting self-signed certificate of remote server: [jabber.berlin.ccc.de]                                2012.03.05 16:38:47 org.jivesoftware.openfire.server.ServerDialback - ServerDialback: OS - Ignoring unexpected answer in validation from: jabber.berlin.ccc.de id: 936620950 for domain: jabber-server.de answer:<stream:features xmlns:stream="http://etherx.jabber.org/streams"><starttls xmlns="urn:ietf:params:xml:ns:xmpp-tls"/><c xmlns="http://jabber.org/protocol/caps" hash="sha-1" node="http://www.process-one.net/en/ejabberd/" ver="8P/XuMtKq0lNk50DLBC8v+TXoAU="/></stream:features>                                2012.03.05 16:44:28 org.jivesoftware.openfire.server.ServerDialback - ServerDialback: OS - Ignoring unexpected answer in validation from: jabber.mafiasi.de id: 1314036079 for domain: jabber-server.de answer:<stream:features xmlns:stream="http://etherx.jabber.org/streams"><starttls xmlns="urn:ietf:params:xml:ns:xmpp-tls"/><c xmlns="http://jabber.org/protocol/caps" hash="sha-1" node="http://www.process-one.net/en/ejabberd/" ver="24jxChs7N6vPYK9B00KLGjayTpw="/></stream:features>                                2012.03.05 16:45:04 org.jivesoftware.openfire.server.ServerDialback - ServerDialback: OS - Ignoring unexpected answer in validation from: jabber.systemli.org id: 745178586 for domain: jabber-server.de answer:<stream:features xmlns:stream="http://etherx.jabber.org/streams"><starttls xmlns="urn:ietf:params:xml:ns:xmpp-tls"/><c xmlns="http://jabber.org/protocol/caps" hash="sha-1" node="http://www.process-one.net/en/ejabberd/" ver="iuv1wp1cS6sjN8DwA1g+KZMr/14="/></stream:features>                                2012.03.05 16:46:44 org.jivesoftware.openfire.server.ServerDialback - ServerDialback: OS - Ignoring unexpected answer in validation from: draugr.de id: 2471823305 for domain: jabber-server.de answer:<stream:features xmlns:stream="http://etherx.jabber.org/streams"><starttls xmlns="urn:ietf:params:xml:ns:xmpp-tls"/><c xmlns="http://jabber.org/protocol/caps" hash="sha-1" node="http://www.process-one.net/en/ejabberd/" ver="AxFG3uvIZfHAbBjOUb9t3klmoos="/></stream:features>                                2012.03.05 16:47:13 org.jivesoftware.openfire.net.ServerTrustManager - Accepting self-signed certificate of remote server: [ejabberd]                                2012.03.05 16:47:13 org.jivesoftware.openfire.server.ServerDialback - ServerDialback: OS - Ignoring unexpected answer in validation from: raymagini.de id: 2980010865 for domain: jabber-server.de answer:<stream:features xmlns:stream="http://etherx.jabber.org/streams"><starttls xmlns="urn:ietf:params:xml:ns:xmpp-tls"/><c xmlns="http://jabber.org/protocol/caps" hash="sha-1" node="http://www.process-one.net/en/ejabberd/" ver="TQ2JFyRoSa70h2G1bpgjzuXb2sU="/></stream:features>

I know that there was a dialback problem with OF 3.7.0 but it should be fixed in 3.7.1?

Cheers!

2

Same thing happens to me even when using a third party certificate from Startssl, which can be considered as trustworthy.

Any ideas?

3

I can confirm the same.

Using StartSSL class2 Certificate

Startssl, isn’t trustworthy by default; only after adding the ca/sub-cert to the keystore.