I upgraded the server from 0.10 (build 500) to 0.11.2 and now I can not connect to it from the old client that works on tls 1.0, can anyone help me with this?
I specified in the configuration protocol = "tlsv1 +"; and below, but I get the same error.
debug.err:
Jun 03 22:53:05 socket debug server.lua: accepted new client connection from 90.188.90.85:65062 to 5222
Jun 03 22:53:05 c2s216db98 info Client connected
Jun 03 22:53:05 c2s216db98 debug Client sent opening <stream:stream> to opiums.eu
Jun 03 22:53:05 c2s216db98 debug Sending[c2s_unauthed]: <?xml version='1.0'?>
Jun 03 22:53:05 c2s216db98 debug Sending[c2s_unauthed]: <stream:stream version='1.0' from='opiums.eu' xml:lang='en' id='1198c330-d30a-4bc3-b46b-030337152101' xmlns:stream='http://etherx.jabber.org/streams' xmlns='jabber:client'>
Jun 03 22:53:05 c2s216db98 debug Sent reply <stream:stream> to client
Jun 03 22:53:05 c2s216db98 debug Not offering authentication on insecure connection
Jun 03 22:53:05 c2s216db98 debug Sending[c2s_unauthed]: <stream:features>
Jun 03 22:53:05 runnerLqk9F5XO debug creating new coroutine
Jun 03 22:53:05 c2s216db98 debug Received[c2s_unauthed]: <starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'>
Jun 03 22:53:05 c2s216db98 debug Sending[c2s_unauthed]: <proceed xmlns='urn:ietf:params:xml:ns:xmpp-tls'>
Jun 03 22:53:05 socket debug server.lua: we need to do tls, but delaying until send buffer empty
Jun 03 22:53:05 c2s216db98 debug TLS negotiation started for c2s_unauthed...
Jun 03 22:53:05 socket debug server.lua: attempting to start tls on tcp{client}: 0x21f3150
Jun 03 22:53:05 socket debug server.lua: ssl handshake error: unsupported protocol
Jun 03 22:53:05 c2s216db98 info Client disconnected: ssl handshake error: unsupported protocol
Jun 03 22:53:05 c2s216db98 debug Destroying session for (unknown) ((unknown)@opiums.eu): ssl handshake error: unsupported protocol
Jun 03 22:53:05 socket debug server.lua: closed client handler and removed socket from list
I upgraded the server from 0.10 (build 500) to 0.11.2 and now I can not connect to it from the old client that works on tls 1.0, can anyone help me with this? I specified in the configuration protocol = "tlsv1 +"; and below, but I get the same error. debug.err: Jun 03 22:53:05 socket debug server.lua: accepted new client connection from 90.188.90.85:65062 to 5222 Jun 03 22:53:05 c2s216db98 info Client connected Jun 03 22:53:05 c2s216db98 debug Client sent opening <stream:stream> to opiums.eu Jun 03 22:53:05 c2s216db98 debug Sending[c2s_unauthed]: <?xml version='1.0'?> Jun 03 22:53:05 c2s216db98 debug Sending[c2s_unauthed]: <stream:stream version='1.0' from='opiums.eu' xml:lang='en' id='1198c330-d30a-4bc3-b46b-030337152101' xmlns:stream='http://etherx.jabber.org/streams' xmlns='jabber:client'> Jun 03 22:53:05 c2s216db98 debug Sent reply <stream:stream> to client Jun 03 22:53:05 c2s216db98 debug Not offering authentication on insecure connection Jun 03 22:53:05 c2s216db98 debug Sending[c2s_unauthed]: <stream:features> Jun 03 22:53:05 runnerLqk9F5XO debug creating new coroutine Jun 03 22:53:05 c2s216db98 debug Received[c2s_unauthed]: <starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'> Jun 03 22:53:05 c2s216db98 debug Sending[c2s_unauthed]: <proceed xmlns='urn:ietf:params:xml:ns:xmpp-tls'> Jun 03 22:53:05 socket debug server.lua: we need to do tls, but delaying until send buffer empty Jun 03 22:53:05 c2s216db98 debug TLS negotiation started for c2s_unauthed... Jun 03 22:53:05 socket debug server.lua: attempting to start tls on tcp{client}: 0x21f3150 Jun 03 22:53:05 socket debug server.lua: ssl handshake error: unsupported protocol Jun 03 22:53:05 c2s216db98 info Client disconnected: ssl handshake error: unsupported protocol Jun 03 22:53:05 c2s216db98 debug Destroying session for (unknown) ((unknown)@opiums.eu): ssl handshake error: unsupported protocol Jun 03 22:53:05 socket debug server.lua: closed client handler and removed socket from list
Best would of course be to update the client to support TLS 1.2+. One possible explanation for this, if the connection really is TLS 1.0, is that Debian ships configuration that sets the minimum protocol to TLS 1.2 since buster / Debian 10. See https://www.debian.org/releases/buster/amd64/release-notes/ch-information.html#openssl-defaults Does this resolve the issue?
ChangesAssuming it is resolved.
Changes