Encryption and Tigase running on new JDK
During a setup of a test environment on the Tigase XMPP Server runing on JDK7 a client could not connect to the server using TLS/SSL encryption.
After investigation I discovered that the JDK7 supports TLS 1.1 and TLS 1.2, a client was using a recent version of the OpenSSL library (version 1.0.1 from Ubuntu 12.04). Knowing that I tried to connect using a command line utility from OpenSSL to connect to a secured port on the Tigase XMPP Server:
openssl s_client -debug -showcerts -connect xmpp.server.com:5223
- another connection failure. After testing connection using a command line ultility from GnuTLS (which was successful), I knew that there was an issue with the recent version of OpenSSL library.
Apparently even that OpenSSL can be convinced to work with proper parameters:
openssl s_client -debug -showcerts -ssl3 -connect xmpp.server.com:5223
As of now there are three possible workarounds:
- Disable encryption between the client and the server
- Use clients which with different encryption libraties
- Use older Java releases on the Tigase server