[Operators] Security Test Day reminder - 4 Jan 2014

Valérian Saliou valerian at valeriansaliou.name
Sat Jan 4 14:25:04 UTC 2014


Okay, makes sense Marco.

Now, let’s hope the network will be reactive enough to keep up the pace, and will conform to the new mandatory contraints.

Here I see that I have about 135 in / 136 out S2S sessions, which seems growing back to the usual/normal number that we had before (minus about 10 servers, in which we can count Gmail.com, Cisco.com and so on), looks pretty good overall.

-- 

Valérian Saliou

Jappix & FrenchTouch Web Agency founder.
Waaave co-founder.
Famecoin infrastructure manager.

More about me on my personal page.

On Jan 4, 2014, at 2:55 PM, Marco Cirillo <maranda at lightwitch.org> wrote:

> Il 04/01/2014 14:39, Valérian Saliou ha scritto:
>> Metronome as I noticed; Marco stated it’s related to an unproper StartTLS stack being running.
>> 
>> We’re running Metronome ourselves on Jappix.com, so this might also be due to a stricter policy from Metronome, Marco?
>> 
>> -- 
>> 
>> Valérian Saliou
>> 
>> Jappix & FrenchTouch Web Agency founder.
>> Waaave co-founder.
>> Famecoin infrastructure manager.
>> 
>> More about me on my personal page.
>> 
> 
> No.
> 
> Metronome wise, it's because the server (movim.eu) isn't properly configured. But I found the same behaviour happening from servers running Prosody, ejabberd, OpenFire and beside the latter I think both Prosody and ejabberd latest versions have consistently working tls.
> 
> Also, there could be only 2 things on which it is stricter (latest tip, 3.2.26):
> 1) is that it checks if the stream version is at least 1.0 if not it will close down the stream with unsupported-version which I thought being saner since those servers (GTalk on head) aren't tls capable s2s wise.
> 2) is that it asserts if a remote server requires starttls and if it isn't capable of because mod_tls isn't loaded/configured or not functioning correctly and mod_dialback is enabled it'll throw a proper log warning and close down the stream to that host.
> 
> That's all.
> 
> -- 
> Marco Cirillo
> LW.Org/LW.Org IM Owner & Head Developer
> Metronome IM Project Mantainer/Developer
> Jappix Mantainer/Developer
> http://lightwitch.org

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.jabber.org/pipermail/operators/attachments/20140104/cee9f028/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4203 bytes
Desc: not available
URL: <http://mail.jabber.org/pipermail/operators/attachments/20140104/cee9f028/attachment.bin>


More information about the Operators mailing list