Project

General

Profile

SSL handshake issue

Nirmal Kumar Raveendranath
Added 11 months ago

I have done setup of the tigase in my VM and also i tried testing through xmpp client(sleekxmpp) to register an account, it worked.
when i test it through tigase messenger I got the following error.

Can't establish encrypted connection
                                                                               javax.net.ssl.SSLHandshakeException: Handshake failed
                                                                                   at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:390)
                                                                                   at tigase.jaxmpp.j2se.connectors.socket.SocketConnector.proceedJCETLS(SocketConnector.java:686)
                                                                                   at tigase.jaxmpp.j2se.connectors.socket.SocketConnector.proceedTLS(SocketConnector.java:718)
                                                                                   at tigase.jaxmpp.j2se.connectors.socket.SocketConnector.onTLSStanza(SocketConnector.java:492)
                                                                                   at tigase.jaxmpp.j2se.connectors.socket.SocketConnector.processElement(SocketConnector.java:801)
                                                                                   at tigase.jaxmpp.j2se.connectors.socket.SocketConnector$5.processElement(SocketConnector.java:1010)
                                                                                   at tigase.jaxmpp.j2se.connectors.socket.Worker$1.nextElement(Worker.java:52)
                                                                                   at tigase.jaxmpp.j2se.connectors.socket.XMPPDomBuilderHandler.endElement(XMPPDomBuilderHandler.java:149)
                                                                                   at tigase.xml.SimpleParser.parse(SimpleParser.java:300)
                                                                                   at tigase.jaxmpp.j2se.connectors.socket.Worker.run(Worker.java:115)
                                                                                Caused by: javax.net.ssl.SSLProtocolException: SSL handshake aborted: ssl=0xb86c75a8: Failure in SSL library, usually a protocol error
                                                                               error:0407006A:rsa routines:RSA_padding_check_PKCS1_type_1:block type is not 01 (external/openssl/crypto/rsa/rsa_pk1.c:102 0xade72005:0x00000000)
                                                                               error:04067072:rsa routines:RSA_EAY_PUBLIC_DECRYPT:padding check failed (external/openssl/crypto/rsa/rsa_eay.c:721 0xade72005:0x00000000)
                                                                               error:1408D07B:SSL routines:SSL3_GET_KEY_EXCHANGE:bad signature (external/openssl/ssl/s3_clnt.c:2031 0xade72005:0x00000000)
                                                                                   at com.android.org.conscrypt.NativeCrypto.SSL_do_handshake(Native Method)
                                                                                   at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:318)
                                                                                    ... 9 more

I couldnt understand this error. Please help me out.


Replies (5)

Avatar?id=6098&size=32x32

Added by Bartosz Małkowski TigaseTeam 11 months ago

Sorry, but I don't get this error too.
It seems that server an client uses different padding scheme, but I have no idea why.

Added by Wojciech Kapcia TigaseTeam 11 months ago

@Nirmal - have you made any modifications to Tigase Messanger or jaxmpp library?

Added by Nirmal Kumar Raveendranath 11 months ago

I found the problem, it is with certification. the certification is not valid

Avatar?id=6098&size=32x32

Added by Bartosz Małkowski TigaseTeam 11 months ago

Hmmm… Still very interesting (or weird), because simply "invalid certificate" (outdated, or revoked) shouldn't cause such error.

Added by Wojciech Kapcia TigaseTeam 11 months ago

Nirmal Kumar Raveendranath wrote:

I found the problem, it is with certification. the certification is not valid

In what way it was not valid?

    (1-5/5)