Encryption and Tigase running on new JDK


Artur Hefczyc TigaseTeam
Added almost 6 years ago

During a setup of a test environment on the Tigase XMPP Server runing on JDK7 a client could not connect to the server using TLS/SSL encryption. After investigation I discovered that the JDK7 supports TLS 1.1 and TLS 1.2, a client was using a recent version of the OpenSSL library (version 1.0.1 from Ubuntu 12.04). Knowing that I tried to connect using a command line utility from OpenSSL to connect to a secured port on the Tigase XMPP Server:

openssl s_client -debug -showcerts -connect

- another connection failure. After testing connection using a command line ultility from GnuTLS (which was successful), I knew that there was an issue with the recent version of OpenSSL library. Apparently even that OpenSSL can be convinced to work with proper parameters:

openssl s_client -debug -showcerts -ssl3 -connect

As of now there are three possible workarounds:

  1. Disable encryption between the client and the server
  2. Use clients which with different encryption libraties
  3. Use older Java releases on the Tigase server