[jadmin] SSL authentication problem

Alejandro Cabrera Obed acabrera at sintys.gov.ar
Thu Jul 5 09:00:09 CDT 2007 

Dear Tomasz, thanks for your help....I'll tell you what you ask me for.
But before that, I repeat my Openldap server is configured at port 389
WITHOUT any encryption method at all (slapd listen for clear-text
connections only):


Tomasz Sterna wrote:
> Dnia 04-07-2007, śro o godzinie 10:12 -0300, Alejandro Cabrera Obed
> napisał(a):
>   
>> Dear all, I have jabberd2 with MySQL storage and Openldap
>> authentication (port 389, withouth encryption). Also I use PSI
>> clients.
>>     
>
> Could you share your exact jabberd2 version.
> There are many changes between 2.0 and 2.1 and things behave
> differently. Even in 2.1 there were a lot of changes.
>   
I have Jabberd 2.1.5
>
>   
>> And also I could see this error in the jabber syslog: "error: SSL
>> handshake error (error:140760FC:SSL
>> routines:SSL23_GET_CLIENT_HELLO:unknown protocol)" 
>>     
>
> Could you show your <mechanisms/> and <ssl-mechanisms/> sections from
> c2s.xml?
> Please consult http://svn.xiaoka.com/jabberd2/trunk/etc/c2s.xml.dist.in
> for how they should look like.
>
>
>   
<mechanisms>
      <!-- These are the traditional Jabber authentication mechanisms.
           Comment out any that you don't want to be offered to clients.
           Note that if the auth/reg module does not support one of
           these mechanisms, then it will not be offered regardless of
           whether or not it is enabled here.

           Similarly, if <zerok/> is disabled, then zero-knowledge data
           will not be created when a user is registered. -->
      <traditional>
        <plain/>
        <digest/>
        <zerok/>
      </traditional>
      <!-- SASL authentication mechanisms. Comment out any that you
           don't want to be offered to clients. Again, if the auth/reg
           module does not support one of these mechanisms, then it will
           not be offered. -->
      <sasl>
        <plain/>
        <digest-md5/>
        <!--
        <anonymous/>
        -->
      </sasl>
</mechanisms>


 <ssl-mechanisms>
      <!-- it's advisable that you disable plain in the above
           <mechanisms/> section -->
      <traditional>
        <plain/>
      </traditional>
      <sasl>
        <plain/>
      </sasl>
</ssl-mechanisms>

Special thanks,

Alejandro

More information about the JAdmin mailing list