#943 ArchLinux Prosody 0.10 cannot talk with Debian 9 Ejabberd

Reporter kseistrup
Owner Nobody
Created
Updated
Stars ★ (1)  
Tags
  • Status-New
  • Priority-Medium
  • Type-Defect
  1. kseistrup on

    I'm here from #879 (comment 11): What steps will reproduce the problem? 1. Add account on an ArchLinux community/prosody 1:0.10 installation 2. Add account on a Debian 9 (stretch) ejabberd instance (v16.09) 3. Have the two accounts chat over a TLS-encrypted s2s session What is the expected output? What do you see instead? Expected: The two accounts can chat, as before Debian upgraded to stretch. Seen: At best, with some tweaks, the Prosody instance can initiate an s2sout connection, thus letting the prosody end send messages to the ejabberd end. But the s2sin connection fails. What version of the product are you using? On what operating system? Plain Prosody install from ArchLinux: Prosody hg:2fd20f372cb1 # Prosody directories Data directory: /var/lib/prosody Config directory: /etc/prosody Source directory: /usr/lib/prosody Plugin directories: /usr/lib/prosody/modules/ # Lua environment Lua version: Lua 5.1 Lua module search paths: /usr/lib/prosody/?.lua /usr/share/luajit-2.0.5/?.lua /usr/local/share/lua/5.1/?.lua /usr/local/share/lua/5.1/?/init.lua /usr/share/lua/5.1/?.lua /usr/share/lua/5.1/?/init.lua Lua C module search paths: /usr/lib/prosody/?.so /usr/local/lib/lua/5.1/?.so /usr/lib/lua/5.1/?.so /usr/local/lib/lua/5.1/loadall.so LuaRocks: Not installed # Lua module versions lfs: LuaFileSystem 1.6.3 libevent: 2.0.22-stable luaevent: 0.4.4 lxp: LuaExpat 1.3.0 socket: LuaSocket 3.0-rc1 ssl: 0.6 Please provide any additional information below. Here's a few lines from the ejabberd end. I'm sorry, it's all we've got: 2017-06-19 19:00:54.426 [debug] <0.554.0>@ejabberd_receiver:handle_info:194 TLS error = SSL_do_handshake failed: error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure 2017-06-19 19:00:54.426 [info] <0.549.0>@ejabberd_s2s_out:wait_for_stream:386 Closing s2s connection: koldfront.dk -> enotty.dk (close in wait_for_stream) Ejabberd is using curve prime256v1 while prosody is using secp384r1. After the ejabberd admin patched his ejabberd to try curves {NID_X9_62_prime256v1, NID_secp384r1}, we can talk again: https://koldfront.dk/archive/2017/06/20-210822.html I hope somebody else can provide more info.

New comment