Encryption and Tigase running on new JDK

During a setup of a test environment on the Tigase XMPP Server runing on JDK7 a client could not connect to the server using TLS/SSL encryption.

After investigation I discovered that the JDK7 supports TLS 1.1 and TLS 1.2, a client was using a recent version of the OpenSSL library (version 1.0.1 from Ubuntu 12.04). Knowing that I tried to connect using a command line utility from OpenSSL to connect to a secured port on the Tigase XMPP Server:

openssl s_client -debug -showcerts -connect xmpp.server.com:5223

- another connection failure. After testing connection using a command line ultility from GnuTLS (which was successful), I knew that there was an issue with the recent version of OpenSSL library.

Apparently even that OpenSSL can be convinced to work with proper parameters:

openssl s_client -debug -showcerts -ssl3 -connect xmpp.server.com:5223

As of now there are three possible workarounds:

  1. Disable encryption between the client and the server
  2. Use clients which with different encryption libraties
  3. Use older Java releases on the Tigase server
Article type: