powered by Jive Software

SSL server port not starting

Hi,

I recently installed Jive 2.3.0 on a Fedora Core 4 system. Used to have 2.2.1 running on Fedora Core 3. I had setup the system to have the SSL server run on port 797 for or VPN users.

Here is the Server Settings from the 2.2.1 install:

Server Ports

1: IP:Port, Security: 127.0.0.1:5222, NORMAL

Domain Name(s): hostname

2: IP:Port, Security: 127.0.0.1:797, TLS (SSL)

Domain Name(s): hostname

And here is the Server Settings from the 2.3.0 install:

Server Ports

1: IP:Port, Security: 127.0.0.1:5222, NORMAL

Domain Name(s): hostname

I have enabled the SSL option, but it never gets listed under server ports.

I have confirmed the following 3 options match in Server Properties:

xmpp.socket.plain.port 5222

xmpp.socket.ssl.active true

xmpp.socket.ssl.port 797

I have also noticed that all the clients that connect to the 2.3.0 install are using SSL, but they are all connected on port 5222, as I have confirmed with netstat. The only way I was able to prevent this was to disable TLS Method under Security Settings -> Custom.

Any input would be great.

Thanks in advance,

Leigh C

Hey Leigh,

Could you check if there are some errors in the error log file?

Thanks,

– Gato

Gato,

I just reinstalled, and SSL worked fine on it’'s default port.

But, when I change it to use port 797, it says it is enabled, but does not show up as active.

I have tried other port numbers, and this only happens on ports under 1000.

We have been using port 797 as it was opened on the work firewall just for people who are out of office.

You guys may want to test this yourselves.

Thanks

Gato,

I checked the stderror.log file, and the top shows this:

Error starting SSL XMPP listener on port 797: Permission denied

Error starting SSL XMPP listener on port 999: Permission denied

Error starting SSL XMPP listener on port 80: Permission denied

I haven’'t noticed Redhat blocking any ports in Fedora Core 4. I never intstalled any firewalls and disabled SELinux. I have confirmed that iptables is blank.

Did you guys disable ports below 1000?

Thanks

I’‘m guessing you’‘re not running JM as root (which is good). Normally, programs run without root privileges cannot listen on any ports under 1024 for security reasons. So, if you really want to use a “privileged port” (Google that phrase), I’'d suggest you look into having xinetd handle the connection for you, then have it forward the connection to JM running on an unprivileged port.

Thanks Cliff,

We figured that out this morning… and I feel kinda dumb for not clicking into that…

So we decided to piggy back on another port.

Thanks