SSL/TLS required by client but not supported by server

Amruta · March 4, 2016, 8:27am

I am trying to establish secure connection between Openfire and smack client and get the error org.jivesoftware.smack.SmackException$SecurityRequiredByClientException: SSL/TLS required by client but not supported by server

I am using Openfire 4.0.1 and have enabled 5223. Using smack on client side and connection configuration is as follows:

configBuilder.setSecurityMode(ConnectionConfiguration.SecurityMode.required);

configBuilder.setServiceName(service_name);

configBuilder.setHost(server);

configBuilder.setPort(5223);

setHttpsClient(); // Sets a SSL context

configBuilder.setCustomSSLContext(mSSLContext);

configBuilder.setSocketFactory(mSSLContext.getSocketFactory());

connection = new XMPPTCPConnection( configBuilder.build( ) );

connection.connect();

After initial exchange server sends stream:featuresPLAINANONYMOUSSCRAM-SHA-1CRAM-MD5</mec hanism>DIGEST-MD5zlib</stream:features>

which does not contain ‘starttls’.

wroot · March 4, 2016, 9:30pm

I’m not a developer and can’t comment on the code. Also don’t really know what this error means. But i think you don’t have to use 5223. It is a legacy obsolete port and shouldn’t be used. TLS should work on 5222 just fine.

Amruta · March 7, 2016, 12:08pm

When I connect to 5222, i get following error

Caused by: javax.net.ssl.SSLProtocolException: SSL handshake aborted: ssl=0x9c865200: Failure in SSL library, usually a protocol error

SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol (external/openssl/ssl/s23_clnt.c:790 0xaeef5245:0x00000000)

at com.android.org.conscrypt.NativeCrypto.SSL_do_handshake(Native Method)

at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.ja va:320)

Amruta · March 10, 2016, 12:44pm

I was trying to connect to 5222 but was getting above error immediately, but while connecting to 5223 there was some initial handshake and then an error was thrown. So I kept exploring the connection issue related to 5223. After a lot of research I found that smack needs TLS and that is supported only on 5222. In my code above i had to just remove the line

configBuilder.setSocketFactory(mSSLContext.getSocketFactory());

and set port to 5222 and it worked like charm!!