I've just updated my debbian to version 10 and along with it also updated prosody to latest version.
Now my clients (using Miranda) can't connect and the log states "Client disconnected: ssl handshake error: unsupported protocol"
I've imported the SSL certificates using let's encrypt import command in the documentation.
It isn't clear if I should have the SSL cert also in the config like I had in previous version, but I tried with and without it and still same error.
Isaac
on
I've managed to do something, I changed the SSL protocol to TLSV1 and now it seems to do allow connections (All other options didn't work) , but all the users appear to be offline, to some I can send a message and to some I can't , and in the log I have many "Client disconnected: connection closed"
Zash
on
Hi, thanks for the report.
This isn't a Prosody issue.
Debian 10 increased the minimum security level as described in the release notes:
https://www.debian.org/releases/buster/amd64/release-notes/ch-information.en.html#openssl-defaults
This includes disabling TLS 1.0 and TLS 1.1, which aren't considered as secure anymore. This has already been rolled out by all browsers and many security related libraries and tools.
Forcing the version to TLS 1.0 as you describe will break connectivity with everything modern, including many servers that are running on Debian. The recommended solution is to upgrade the client. A workaround is described in the Debian release notes linked above.
Changes
tags Status-Invalid
Isaac
on
Thank you for your answer, I understand now it's not supported, but since I have 30 computers with Miranda IM v0.10.32.0 installed I really prefer if I could still use it for now, it's not really high priority for me for the security to be 1.2.
I will try changing debian settings and see if it fixed the connectivity issues, if I do decide to replace all the clients, do you know if https://www.miranda-ng.org/en/ supports the new security?
Zash
on
This is not a support forum for Miranda, sorry. Check their docs.
Also, TLS 1.2 was published the same month as the very first commit of Prosody, in 2008.
Isaac
on
I've changed the openssl settings to None, Default and I still get the strange behavior of being able to connect but only 1-2 users out of 30 are shows as online, although I can send them messages and they see as if they are online on the miranda client.
And the log has bunch of "Client disconnected: connection closed"
I've just updated my debbian to version 10 and along with it also updated prosody to latest version. Now my clients (using Miranda) can't connect and the log states "Client disconnected: ssl handshake error: unsupported protocol" I've imported the SSL certificates using let's encrypt import command in the documentation. It isn't clear if I should have the SSL cert also in the config like I had in previous version, but I tried with and without it and still same error.
I've managed to do something, I changed the SSL protocol to TLSV1 and now it seems to do allow connections (All other options didn't work) , but all the users appear to be offline, to some I can send a message and to some I can't , and in the log I have many "Client disconnected: connection closed"
Hi, thanks for the report. This isn't a Prosody issue. Debian 10 increased the minimum security level as described in the release notes: https://www.debian.org/releases/buster/amd64/release-notes/ch-information.en.html#openssl-defaults This includes disabling TLS 1.0 and TLS 1.1, which aren't considered as secure anymore. This has already been rolled out by all browsers and many security related libraries and tools. Forcing the version to TLS 1.0 as you describe will break connectivity with everything modern, including many servers that are running on Debian. The recommended solution is to upgrade the client. A workaround is described in the Debian release notes linked above.
ChangesThank you for your answer, I understand now it's not supported, but since I have 30 computers with Miranda IM v0.10.32.0 installed I really prefer if I could still use it for now, it's not really high priority for me for the security to be 1.2. I will try changing debian settings and see if it fixed the connectivity issues, if I do decide to replace all the clients, do you know if https://www.miranda-ng.org/en/ supports the new security?
This is not a support forum for Miranda, sorry. Check their docs. Also, TLS 1.2 was published the same month as the very first commit of Prosody, in 2008.
I've changed the openssl settings to None, Default and I still get the strange behavior of being able to connect but only 1-2 users out of 30 are shows as online, although I can send them messages and they see as if they are online on the miranda client. And the log has bunch of "Client disconnected: connection closed"