Majic Projects
Go to the previous open issue
Go to the previous issue (open or closed)
Please log in to bookmark issues
Closed Bug report MAR-62 Restrictive TLS configuration limits s2s connectivity for Prosody XMPP server
Go to the next issue (open or closed)
Go to the next open issue
icon_info.png This issue has been closed with status "Closed" and resolution "RESOLVED".
Issue basics
  • Type of issue
    Bug report
  • Category
    Not determined
  • Targetted for
  • Status
  • Progress
  • Priority
    Not determined
User pain
  • Type of bug
    Not triaged
  • Likelihood
    Not triaged
  • Effect
    Not triaged
Affected by this issue (1)
People involved
Times and dates
  • Posted at
  • Last updated
  • Estimated time
    2 hours
  • Time spent
    No time spent
    Click here to see time logged against this issue
Issue details
  • Resolution
  • Reproducability
  • Severity
    Not determined
Attachments (0)
There is nothing attached to this issue
Duplicate issues (0)
This issue does not have any duplicates

Due to the way Prosody TLS configuration has been hardened, it will often happen for outgoing and incoming s2s connections to fail - depending on how recent the remote server accessing/being accessed is old.

This is a big problem that could cause a lot of interoperability issues.

Unfortunately, until version 0.10 comes out, it is not possible to implement distinct protocol/cipher configuration per-c2s or per-s2s - it has to be done for both.

The only solution for now is to disable hardening altogether, and update documentation. Documentation should clearly reflect the fact that TLS has not been hardened, why it has not been hardened, and point to the fact that once Prosody 0.10 is out, it should be possible to harden it appropriately.

Steps to reproduce this issue
  1. Set-up XMPP server via xmpp_server Ansible role.

  2. Connect to the XMPP server via client.

  3. Try to add a contact from a somewhat older server.

Comments ()
There are no comments