[Operators] Openfire 3.6.4 (jabber.iitsp.com) vs. jabber.org

Nigel Kukard nkukard at lbsd.net
Mon Jul 5 04:59:43 CDT 2010

>> [org.jivesoftware.openfire.net.SocketReadingMode.negotiateTLS(SocketReadingMode.java:77)]
>> Error while negotiating TLS:
>> org.jivesoftware.openfire.net.SocketConnection at 130fdeb socket:
>> Socket[addr=/,port=50577,localport=5269] session:
>> org.jivesoftware.openfire.session.LocalIncomingServerSession at 14edfc3
>> status: 1 address: jabber.iitsp.com/c9246456 id: c9246456
>> "Unexpected end of handshake" is soooooooooooooo helpful !!! *rolls
>> eyes*
> Lost connection during the handshake, with no TLS Alert sent, causing
> an unexpected termination of the TLS layer.
> It's about as much as can be said, really, so I don't think there's
> any reason to roll your eyes here. (Unless you happen to want to know
> which message it failed at, but that's unlikely to help either).

If it was C, I would be hacking the code and adding debugging to see
where the connection is terminating ... etc.

> The reason why the TLS session was closed on the other end will
> hopefully be in jabber.org's logs. I note that you're probably running
> in UTC - always helpful to specify the timezone of the logs.

Yep, UTC.

> Looking at what my server says when I try to connect to yours - my
> server being the same (mostly) as jabber.org's - I get:
> 7/ 5 10:21:01 xmppd    24937 (root    ) I-MBOX-Info new originator
> connection to jabber.iitsp.com host jabber.iitsp.com
> 7/ 5 10:21:01 xmppd    24937 (root    ) E-MBOX-Error TLS:
> 139645883713208:error:140770FC:SSL
> routines:SSL23_GET_SERVER_HELLO:unknown protocol:s23_clnt.c:683:
> 7/ 5 10:21:02 xmppd    24937 (root    ) D-MBOX-Auth closed originating
> s2s connection to domain jabber.iitsp.com []
> (*connection closed*)
> The unknown protocol is quite interesting.
> I think it's responding with a TLS subversion M-Link doesn't support.
> I'll chase this up with our nice TLS people and find out why.

Thanks man. Nothing has changed on our side at all, same code, md5's
exactly with a backup 1yr ago. Very odd it should break suddenly.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 262 bytes
Desc: OpenPGP digital signature
URL: <http://mail.jabber.org/pipermail/operators/attachments/20100705/8d655d98/attachment.pgp>

More information about the Operators mailing list