Project

General

Profile

SSL handshake issue

Nirmal Kumar Raveendranath
Added 9 months ago

I have done setup of the tigase in my VM and also i tried testing through xmpp client(sleekxmpp) to register an account, it worked.
when i test it through tigase messenger I got the following error.

Can't establish encrypted connection
                                                                               javax.net.ssl.SSLHandshakeException: Handshake failed
                                                                                   at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:390)
                                                                                   at tigase.jaxmpp.j2se.connectors.socket.SocketConnector.proceedJCETLS(SocketConnector.java:686)
                                                                                   at tigase.jaxmpp.j2se.connectors.socket.SocketConnector.proceedTLS(SocketConnector.java:718)
                                                                                   at tigase.jaxmpp.j2se.connectors.socket.SocketConnector.onTLSStanza(SocketConnector.java:492)
                                                                                   at tigase.jaxmpp.j2se.connectors.socket.SocketConnector.processElement(SocketConnector.java:801)
                                                                                   at tigase.jaxmpp.j2se.connectors.socket.SocketConnector$5.processElement(SocketConnector.java:1010)
                                                                                   at tigase.jaxmpp.j2se.connectors.socket.Worker$1.nextElement(Worker.java:52)
                                                                                   at tigase.jaxmpp.j2se.connectors.socket.XMPPDomBuilderHandler.endElement(XMPPDomBuilderHandler.java:149)
                                                                                   at tigase.xml.SimpleParser.parse(SimpleParser.java:300)
                                                                                   at tigase.jaxmpp.j2se.connectors.socket.Worker.run(Worker.java:115)
                                                                                Caused by: javax.net.ssl.SSLProtocolException: SSL handshake aborted: ssl=0xb86c75a8: Failure in SSL library, usually a protocol error
                                                                               error:0407006A:rsa routines:RSA_padding_check_PKCS1_type_1:block type is not 01 (external/openssl/crypto/rsa/rsa_pk1.c:102 0xade72005:0x00000000)
                                                                               error:04067072:rsa routines:RSA_EAY_PUBLIC_DECRYPT:padding check failed (external/openssl/crypto/rsa/rsa_eay.c:721 0xade72005:0x00000000)
                                                                               error:1408D07B:SSL routines:SSL3_GET_KEY_EXCHANGE:bad signature (external/openssl/ssl/s3_clnt.c:2031 0xade72005:0x00000000)
                                                                                   at com.android.org.conscrypt.NativeCrypto.SSL_do_handshake(Native Method)
                                                                                   at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:318)
                                                                                    ... 9 more

I couldnt understand this error. Please help me out.


Replies (5)

Avatar?id=6098&size=32x32

Added by Bartosz Małkowski TigaseTeam 9 months ago

Sorry, but I don't get this error too.
It seems that server an client uses different padding scheme, but I have no idea why.

Added by Wojciech Kapcia TigaseTeam 9 months ago

@Nirmal - have you made any modifications to Tigase Messanger or jaxmpp library?

Added by Nirmal Kumar Raveendranath 9 months ago

I found the problem, it is with certification. the certification is not valid

Avatar?id=6098&size=32x32

Added by Bartosz Małkowski TigaseTeam 9 months ago

Hmmm… Still very interesting (or weird), because simply "invalid certificate" (outdated, or revoked) shouldn't cause such error.

Added by Wojciech Kapcia TigaseTeam 9 months ago

Nirmal Kumar Raveendranath wrote:

I found the problem, it is with certification. the certification is not valid

In what way it was not valid?

    (1-5/5)