[solved] Problem with s2s connection to ejabberd 2.1.5-2


we are having trouble with s2s connection between OpenFire 3.6.4 and ejabberd. The problem itself was spotted when OpenFire users were unable to successfully add ejabberd users to roster (no auth request).

Here’s output from debug log:
http://pastebin.com/B9xCLdc0 (should be permanent pastebin, I can re-paste it here it necessary).
Please note, that domains, users and IPs in the log have been replaced with <> tokens (, and so on).

My environment:
Gentoo x86
OpenFire 3.6.4 (installed using emerge from Gentoo repositories)

Remote environment:
Debian Lenny stable
ejabberd 2.1.5-2~bpo50+1 (from backports)

Here’s link to ejabberd bug:

Any help would be appreciated, thanks.

When I tried to add an user from , the logs showed following.

Error log:

2010.11.25 18:14:31 [org.jivesoftware.openfire.session.LocalOutgoingServerSession.createOutgoingSes sion(LocalOutgoingServerSession.java:360)] Error creating secured outgoing session to remote server: (DNS lookup: :5269)
javax.net.ssl.SSLProtocolException: no more data allowed for version 1 certificate

Debug log:



Turning off the TLS support for s2s connections on my side did help (the remote server has kind of large userbase, so it can’t be restarted easily), we’re exploring this matter further. There seems to be a problem with remote server’s SSL certificate.


we’ve futher analyzed the problem and found out that there was a problem with remote server using ejabberd. The admin created SSL certificate with some extensions which were not compliant with version 1 - the version should have actually been 3.

Regenerating those certificates solved the issue.

See more details in original bugreport for ejabberd at https://support.process-one.net/browse/EJAB-1355