In some instances Prosody will not offer authentication mechanisms: - A problem loading the authentication module - The stream is not encrypted, and encryption is not possible (disabled, or BOSH) The stream should be closed with an error, rather than reaching a dead end (which most clients don't handle well).

A dead end which is supposed to mean that negotiation is completed. http://xmpp.org/rfcs/rfc6120.html#streams-negotiation-features > An empty <features/> element indicates that the stream negotiation is complete and that the initiating entity is cleared to send XML stanzas. In Prosody 0.10 after http://hg.prosody.im/0.10/rev/1f07c72112d2 it at least logs a warning; "No SASL mechanisms to offer".

• tag Milestone-0.10

Maybe a better approach would be to close the stream if it is unauthenticated or unbound and there are no features to offer. Ie not being specific to SASL mechanisms.

That sounds quite sane actually.

Fixed in 7eb166fa1f26

• owner Zash

• tag Status-Fixed

This change broke Dialback with Openfire due to it using sessions without the 'to' stream attribute on verification only streams, which get closed before dialback can proceed after this change. A workaround module is available in http://modules.prosody.im/mod_compat_dialback.html which depends on http://hg.prosody.im/0.10/rev/ccc452767ec6

A better error message would be nice. I'm trying to debug this and it's completely non-obvious what is going wrong and why.