Project

General

Profile

How to enable/disable SSL/TLS

J B
Added almost 3 years ago

Hi,

Based on https://projects.tigase.org/boards/15/topics/2049

I have now downgraded my JDK to 7. Even with JDK8 I was able to make things work between my node rest server and TIgase5.2.3 by providing .pem certificate file. However both with JDK7 and JDK8 I am having trouble making my iOS client work with tigase. I have included .cer file in my iOS project from xcode and it has SSL pinning (i have tried enabling and disabling pinning as well - but did not help). So - I wanted to temporarily disable SSL/TLS on tigase server. Is there a setting in init.properties to keep toggling and testing. Eventually I would have to make this work secure but for now - I am stuck in devel environment and would like to make progress.

Here is the tigase trace from log file - which seems to indicate that tigase is enforcing SSL:

javax.net.ssl.SSLException: Received close_notify during handshake
    at sun.security.ssl.Alerts.getSSLException(Alerts.java:208)
    at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1666)
    at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1634)
    at sun.security.ssl.SSLEngineImpl.recvAlert(SSLEngineImpl.java:1776)
    at sun.security.ssl.SSLEngineImpl.readRecord(SSLEngineImpl.java:1083)
    at sun.security.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:907)
    at sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:781)
    at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:624)
    at tigase.io.TLSWrapper.unwrap(TLSWrapper.java:352)
    at tigase.io.TLSIO.decodeData(TLSIO.java:458)
    at tigase.io.TLSIO.read(TLSIO.java:268)
    at tigase.net.IOService.readData(IOService.java:1013)
    at tigase.xmpp.XMPPIOService.processSocketData(XMPPIOService.java:650)
    at tigase.net.IOService.call(IOService.java:265)
    at tigase.net.IOService.call(IOService.java:104)
    at java.util.concurrent.FutureTask.run(FutureTask.java:266)
    at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
    at java.util.concurrent.FutureTask.run(FutureTask.java:266)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
    at java.lang.Thread.run(Thread.java:745)

Replies (1)

Added by Wojciech Kapcia TigaseTeam almost 3 years ago

You can disable StartTLS plugin:

--sm-plugins=-starttls

But I strongly recommend to update Tigase server to the latest stable version.

    (1-1/1)