Project

General

Profile

How can I configure, in order to allow the strophejs through the WSS connection tigase-server?

xianhai zheng
Added about 2 years ago

Hello!

I use the strohpejs, ws://hostname:5290 through the tigase-v7.1.0 can be connected to the normal, but I can not be replaced by wss://hostname:5291, and my configuration is as follows:

ws2s/connections/ports[i]=5290,5291

ws2s/connections/5291/socket=ssl

ws2s/connections/5291/type=accept

the log is as follows:

...

2016-12-14 19:04:26.148 [scheduler_pool-5-thread-1-c2s] ConnectionManager$1.run() FINE: Reconnecting service for component: c2s, to remote host: localhost on port: 5222

2016-12-14 19:04:26.149 [scheduler_pool-5-thread-1-c2s] ConnectionManager$1.run() FINE: Reconnecting service for component: c2s, to remote host: localhost on port: 5223

2016-12-14 19:04:26.151 [scheduler_pool-4-thread-1-bosh] ConnectionManager$1.run() FINE: Reconnecting service for component: bosh, to remote host: localhost on port: 5280

2016-12-14 19:04:26.151 [scheduler_pool-15-thread-1-ws2s] ConnectionManager$1.run() FINE: Reconnecting service for component: ws2s, to remote host: localhost on port: 5291

2016-12-14 19:04:26.151 [scheduler_pool-15-thread-2-ws2s] ConnectionManager$1.run() FINE: Reconnecting service for component: ws2s, to remote host: localhost on port: 5290

2016-12-14 19:04:26.199 [scheduler_pool-11-thread-1-s2s] ConnectionManager$1.run() FINE: Reconnecting service for component: s2s, to remote host: localhost on port: 5269

2016-12-14 19:04:26.755 [ConnectionOpenThread] ConnectionManager$ConnectionListenerImpl.accept() FINEST: Accept called for service: null@null, port_props: {type=accept, socket=ssl, ifc=[Ljava.lang.String;@3aacf32a, remote-host=localhost, required=false, port-no=5291}

2016-12-14 19:04:26.852 [ConnectionOpenThread] TLSWrapper.() CONFIG: Supported protocols: (+)SSLv2Hello,(-)SSLv3,(+)TLSv1,(+)TLSv1.1,(+)TLSv1.2

2016-12-14 19:04:26.855 [ConnectionOpenThread] TLSWrapper.() CONFIG: Supported ciphers: (+)TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,(+)TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,(+)TLS_RSA_WITH_AES_128_CBC_SHA256,(+)TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256,(+)TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256,(+)TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,(+)TLS_DHE_DSS_WITH_AES_128_CBC_SHA256,(+)TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,(+)TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,(+)TLS_RSA_WITH_AES_128_CBC_SHA,(+)TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,(+)TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,(+)TLS_DHE_RSA_WITH_AES_128_CBC_SHA,(+)TLS_DHE_DSS_WITH_AES_128_CBC_SHA,(+)TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,(+)TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,(+)TLS_RSA_WITH_AES_128_GCM_SHA256,(+)TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,(+)TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256,(+)TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,(+)TLS_DHE_DSS_WITH_AES_128_GCM_SHA256,(+)TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,(+)TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,(+)SSL_RSA_WITH_3DES_EDE_CBC_SHA,(+)TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,(+)TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA,(+)SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA,(+)SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA,(+)TLS_EMPTY_RENEGOTIATION_INFO_SCSV,(-)TLS_DH_anon_WITH_AES_128_GCM_SHA256,(-)TLS_DH_anon_WITH_AES_128_CBC_SHA256,(-)TLS_ECDH_anon_WITH_AES_128_CBC_SHA,(-)TLS_DH_anon_WITH_AES_128_CBC_SHA,(-)TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA,(-)SSL_DH_anon_WITH_3DES_EDE_CBC_SHA,(-)SSL_RSA_WITH_DES_CBC_SHA,(-)SSL_DHE_RSA_WITH_DES_CBC_SHA,(-)SSL_DHE_DSS_WITH_DES_CBC_SHA,(-)SSL_DH_anon_WITH_DES_CBC_SHA,(-)SSL_RSA_EXPORT_WITH_DES40_CBC_SHA,(-)SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA,(-)SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA,(-)SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA,(-)TLS_RSA_WITH_NULL_SHA256,(-)TLS_ECDHE_ECDSA_WITH_NULL_SHA,(-)TLS_ECDHE_RSA_WITH_NULL_SHA,(-)SSL_RSA_WITH_NULL_SHA,(-)TLS_ECDH_ECDSA_WITH_NULL_SHA,(-)TLS_ECDH_RSA_WITH_NULL_SHA,(-)TLS_ECDH_anon_WITH_NULL_SHA,(-)SSL_RSA_WITH_NULL_MD5,(-)TLS_KRB5_WITH_3DES_EDE_CBC_SHA,(-)TLS_KRB5_WITH_3DES_EDE_CBC_MD5,(-)TLS_KRB5_WITH_DES_CBC_SHA,(-)TLS_KRB5_WITH_DES_CBC_MD5,(-)TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA,(-)TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5

2016-12-14 19:04:26.855 [ConnectionOpenThread] TLSWrapper.() CONFIG: Hardened mode is disabled

2016-12-14 19:04:26.855 [ConnectionOpenThread] TLSWrapper.() CONFIG: Enabled protocols: default

2016-12-14 19:04:26.855 [ConnectionOpenThread] TLSWrapper.() CONFIG: Enabled ciphers: default

2016-12-14 19:04:26.857 [ConnectionOpenThread] ConnectionManager.serviceStarted() FINER: ws2s Connection started: null, type: accept, Socket: TLS: nullSocket[addr=/192.168.2.58,port=51771,localport=5291], jid: null

2016-12-14 19:04:26.870 [ConnectionOpenThread] SocketThread.() WARNING: 17 socketReadThreads started.

2016-12-14 19:04:26.881 [ConnectionOpenThread] SocketThread.() WARNING: 17 socketWriteThreads started.

2016-12-14 19:04:26.885 [pool-16-thread-1] IOUtil.() CONFIG: using direct byte buffers with size 8,192 per buffer

2016-12-14 19:04:26.927 [pool-16-thread-2] ClientConnectionManager.sendTlsHandshakeCompletedToSessionManager() FINEST: Handshake complete. No session-id. Command not sent.

2016-12-14 19:04:26.931 [pool-16-thread-3] ConnectionManager.serviceStopped() FINER: ws2s Connection stopped: ws2s@zxh/192.168.2.58_5291_192.168.2.58_51771, type: accept, Socket: TLS: ws2s@zxh/192.168.2.58_5291_192.168.2.58_51771 Socket[unconnected], jid: null

2016-12-14 19:04:26.931 [pool-16-thread-3] ClientConnectionManager.xmppStreamClosed() FINER: Stream closed: ws2s@zxh/192.168.2.58_5291_192.168.2.58_51771

2016-12-14 19:16:51.530 [ConnectionOpenThread] ConnectionManager$ConnectionListenerImpl.accept() FINEST: Accept called for service: null@null, port_props: {type=accept, socket=ssl, ifc=[Ljava.lang.String;@3aacf32a, remote-host=localhost, required=false, port-no=5291}

2016-12-14 19:16:51.533 [ConnectionOpenThread] ConnectionManager.serviceStarted() FINER: ws2s Connection started: null, type: accept, Socket: TLS: nullSocket[addr=/192.168.2.58,port=52710,localport=5291], jid: null

2016-12-14 19:16:51.568 [pool-16-thread-5] ClientConnectionManager.sendTlsHandshakeCompletedToSessionManager() FINEST: Handshake complete. No session-id. Command not sent.

2016-12-14 19:16:51.576 [pool-16-thread-6] ConnectionManager.serviceStopped() FINER: ws2s Connection stopped: ws2s@zxh/192.168.2.58_5291_192.168.2.58_52710, type: accept, Socket: TLS: ws2s@zxh/192.168.2.58_5291_192.168.2.58_52710 Socket[unconnected], jid: null

2016-12-14 19:16:51.576 [pool-16-thread-6] ClientConnectionManager.xmppStreamClosed() FINER: Stream closed: ws2s@zxh/192.168.2.58_5291_192.168.2.58_52710

...


Replies (3)

Added by Andrzej Wójcik IoT 1 CloudTigaseTeam about 2 years ago

Your configuration related to WebSocket and SSL is correct. In logs it is visible that incoming WSS connection was:

  • accepted by server

  • SSL was started

  • connection was stopped (most likely by client)

There is no clear indication that something is wrong on Tigase XMPP Server side, but as you mentioned use of strohpejs, I assume that you are using web browser to establish connection to Tigase XMPP Server using WSS. In this case it is a little tricky as you need to have a valid SSL certificate issued for domain in your WSS URL - (in this case it is hostname@). And this certificate needs to be installed in Tigase XMPP Server as a "default" SSL certificate or SSL certificate for domain matching passed hostname. In other case web browsers silently drop @insecure WSS connections without any meaningful errors.

Added by xianhai zheng about 2 years ago

I use a self signed certificate, I put the root certificate (CA) as default.pem, and then signed a client.pem with the root default.pem, but still not

Added by Andrzej Wójcik IoT 1 CloudTigaseTeam about 2 years ago

Is this CA added to list of accepted CA issuers in a browser? If not this will not work as well, as your certificate signed with custom CA will still be invalid for a web browser.

    (1-3/3)