Projects tigase _server server-core Issues #900
Can't sign in to PSI account. PSI says "Broken security layer" (#900)
Open
Ildar Zaripov opened 7 years ago
Due Date
2017-11-05

I am running Tigase XMPP Server in AWS EC2 and PostgreSQL in AWS RDS. Server starts successfully and there is no error message in tigase-console.log file. As XMPP client, I use PSI.

I faced with problem: I can create an account in PSI, but I can't "become available" and start messaging. PSI just shows error window with message "Broken security layer", when I try to sign in.

Could you help me with this issue?

I didn't change/replace any file from server/certs directory.

Here is the part of config.tdsl file:

dataSource {
    default () {
        'pool-size' = '10'
        uri = 'jdbc:postgresql://mydbinstance.***.rds.amazonaws.com:5432/tigasedb?user=tigase_user&password=tigase123'
    }
}
userRepository {
    default () {}
}
authRepository {
    default () {
        'auth-repo-pool-size' = 10
        cls = 'tigase.db.jdbc.TigaseCustomAuth'
    }
}
c2s (class: tigase.server.xmppclient.ClientConnectionManager) {
    clientCertCA = '/home/ubuntu/server/certs/localhost.pem'
    clientCertRequired = false
    seeOtherHost {}
}
'certificate-container' {

}
'sess-man' (class: tigase.server.xmppsession.SessionManager) {
    amp () {
        message () {}
        msgoffline () {}
    }
    message (active: false) {}
    
   .....

    msgoffline (active: false) {} 
    'sasl-provider' () {
        'callback-handler-factory' (class: tigase.auth.CallbackHandlerFactory) {}
        customSaslServerFactory (class: tigase.auth.mechanisms.TigaseSaslServerFactory) {}
        'mechanism-selector' (class: tigase.auth.DefaultMechanismSelector) {}
        tigaseSaslServerFactory (active: false) {}
    }
}

2017-11-02 (4).png Host OS and Guest OS communication screenshot.png

Andrzej Wójcik (Tigase) commented 7 years ago

I've similar issues some time ago, but it was related to old version of OpenSSL library on the computer on which Psi was running. From what I've found older versions of OpenSSL have some issues while connecting to Java-based servers which support only TLS 1.0 and higher. Tigase XMPP Server by default in newer versions supports only TLS 1.0 or higher, due to the fact that older SSL protocols are insecure.

Ildar Zaripov commented 7 years ago

Thank you!

Yes, it seems there was something wrong with PSI. I also tested Pidgin, and Pidgin doesn't fail.

Finally, I've managed to exchange messages between 2 clients using PSI+

issue 1 of 1
Type
Bug
Priority
Blocker
Assignee
RedmineID
6301
Issue Votes (0)
Watchers (0)
Reference
tigase/_server/server-core#900
Please wait...
Page is in error, reload to recover