Project

General

Profile

TLS hangs

Justin Karneges
Added over 5 years ago

The TLS negotiation appears to hang after the server sends to the client. I am using Tigase 5.2.0 Beta3 with a default config, and tested with both sleekxmpp and Psi. I tried configuring tigase with a cert and also letting tigase just generate a cert on its own. Either way, nothing happens after . This problem does not occur if I connect to tigase.org's XMPP server instead of my own, so I wonder if tigase.org runs a different version or if there is something different about the environment (JVM/library versions?).


Replies (5)

Added by Andrzej Wójcik IoT 1 CloudTigaseTeam over 5 years ago

There was issue with TLS and was related to JDK7/openssl and as I remember it was fixed before beta3 was released but fix was not active by default, see http://www.tigase.org/content/tls-jdk-nss-bug-workaround-active.

On tigase.org we are using one of our nightly builds which contains this fix activated by default as we decided to fully support JDK7 in 5.2.0 branch

Added by Justin Karneges over 5 years ago

Wow. Thanks, this fix worked.

Added by Justin Karneges over 5 years ago

One thing I also noticed is that the first TLS handshake of a server launch always fails. Easy to reproduce:

1) start tigase (and wait a little while to ensure tigase is ready for connections)

2) connect

3) tls fails (psi simply disconnects after , and sleek reports an invalid cert (possibly bogus reason))

4) connect again

5) success! repeat step 4

This is only a minor bug since it seems to only affect the first connection the server receives, and there is also plenty of time during server startup where connections will fail for other reasons (like tigase not yet being ready). Still, it is quite an odd bug since it occurs no matter how long you wait after startup.

Avatar?id=6023&size=32x32

Added by Artur Hefczyc TigaseTeam over 5 years ago

Justin, I know about it, I was unable to fix it for years. I have no idea why this happens. Maybe some SSL stuff is not properly initialized inside Java at this point? Perhaps Andrzej has an idea or he can think of a solution.

Added by Andrzej Wójcik IoT 1 CloudTigaseTeam over 5 years ago

I also tried to find out what causes this behavior but I was unable to track it down. As Artur wrote, it look like there is some issue with initialization of SSL in Java.

    (1-5/5)