don't listen on port 5223

6 posts / 0 new
Last post
Anonymous
don't listen on port 5223

tigase listens on port 5223, even though it appears to not provide any service on the port. tcp connections are accepted but then closed immediately.

i'm concerned this may cause problems with clients that probe against port 5223. i'd prefer a normal connection refused rather than this weird accept + close.

Port 5223 is used for SSL connection. Behaviour you describe might be related to SSL certificate misconfiguration. The connection is opened, then the server tries to activate SSL, this fails and the connection is closed.
Please check Tigase logs to confirm that.

justin

-----
2010-05-01 16:53:58 PEMSSLContextContainer.loadFromPEMFile() INFO: Reading private key & certificate chain; alias: 'default', password: ''
2010-05-01 16:53:58 PEMSSLContextContainer.getSSLContext() SEVERE: Error on creating SSLContext for host defaultjava.security.KeyStoreException: Cannot store non-PrivateKeys
-----

SSL is working using starttls and port 5222. I have a valid cert for our domain using the correct file format in the certs dir. Based on the above log, I have copied our "domain.com.pem" file to "default.pem", and now port 5223 works correctly and accepts logins. Thanks for the hint.

However, I should have been more clear in my original post. I would like to have port 5223 disabled, since it is legacy and I don't want to encourage it. Is there a way to disable it in tigase?

Have a look at the guide for the init.properties file and search for '--cmpname-ports' property description.
This should allow you to specify what exact ports should be used by selected component.

justin

two questions:

1) is this a list of ports that all do the same thing (based on component type)? or will the component do different things based on known port values? for example, if I specify "--c2s-ports=5220,5221,5222,5223,5224", is port 5223 recognized and handled specially by the c2s component as the legacy ssl service? or would the c2s component just run the standard xmpp-client service on all specified ports, and there is actually a different component that services the legacy ssl service?

2) what is the name of the component that handles legacy ssl connections?

ad. 1. If you use this property for any component then, it means automatically the component does not use SSL ports at all. All port numbers refer to standard xmpp service (plain or TLS - not SSL) only. So this effectively disables legacy SSL support for this component.
ad. 2. Legacy c2s connections are handled by c2s component, legacy s2s connections are handled by s2s component, etc...