#1663 Client disconnected: ssl handshake error: unsupported protocol

Reporter opiums
Owner Nobody
Created
Updated
Stars ★ (1)
Tags
  • Status-NeedInfo
  • Priority-Medium
  • Type-Enhancement
  1. opiums on

    I upgraded the server from 0.10 (build 500) to 0.11.2 and now I can not connect to it from the old client that works on tls 1.0, can anyone help me with this? I specified in the configuration protocol = "tlsv1 +"; and below, but I get the same error. debug.err: Jun 03 22:53:05 socket debug server.lua: accepted new client connection from 90.188.90.85:65062 to 5222 Jun 03 22:53:05 c2s216db98 info Client connected Jun 03 22:53:05 c2s216db98 debug Client sent opening <stream:stream> to opiums.eu Jun 03 22:53:05 c2s216db98 debug Sending[c2s_unauthed]: <?xml version='1.0'?> Jun 03 22:53:05 c2s216db98 debug Sending[c2s_unauthed]: <stream:stream version='1.0' from='opiums.eu' xml:lang='en' id='1198c330-d30a-4bc3-b46b-030337152101' xmlns:stream='http://etherx.jabber.org/streams' xmlns='jabber:client'> Jun 03 22:53:05 c2s216db98 debug Sent reply <stream:stream> to client Jun 03 22:53:05 c2s216db98 debug Not offering authentication on insecure connection Jun 03 22:53:05 c2s216db98 debug Sending[c2s_unauthed]: <stream:features> Jun 03 22:53:05 runnerLqk9F5XO debug creating new coroutine Jun 03 22:53:05 c2s216db98 debug Received[c2s_unauthed]: <starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'> Jun 03 22:53:05 c2s216db98 debug Sending[c2s_unauthed]: <proceed xmlns='urn:ietf:params:xml:ns:xmpp-tls'> Jun 03 22:53:05 socket debug server.lua: we need to do tls, but delaying until send buffer empty Jun 03 22:53:05 c2s216db98 debug TLS negotiation started for c2s_unauthed... Jun 03 22:53:05 socket debug server.lua: attempting to start tls on tcp{client}: 0x21f3150 Jun 03 22:53:05 socket debug server.lua: ssl handshake error: unsupported protocol Jun 03 22:53:05 c2s216db98 info Client disconnected: ssl handshake error: unsupported protocol Jun 03 22:53:05 c2s216db98 debug Destroying session for (unknown) ((unknown)@opiums.eu): ssl handshake error: unsupported protocol Jun 03 22:53:05 socket debug server.lua: closed client handler and removed socket from list

  2. Zash on

    Best would of course be to update the client to support TLS 1.2+. One possible explanation for this, if the connection really is TLS 1.0, is that Debian ships configuration that sets the minimum protocol to TLS 1.2 since buster / Debian 10. See https://www.debian.org/releases/buster/amd64/release-notes/ch-information.html#openssl-defaults Does this resolve the issue?

    Changes
    • tags Status-NeedInfo

New comment

Not published. Used for spam prevention and optional update notifications.