Bug #6374

TLS autentication fail

Added by Anonymous about 2 years ago.

Status:NewStart date:12/08/2015
Priority:NormalDue date:
Assignee:-% Done:

0%

Category:-
Target version:-
Component:

Description

Only when using ChatSecure, authentication over TLS fails. Bellow are the relevant of debug.

Server info

# prosodyctl about
Prosody 0.9.8

# Lua environment
Lua version:                    Lua 5.1

# Lua module versions
lfs:            LuaFileSystem 1.6.2
lxp:            LuaExpat 1.3.0
pposix:         0.3.6
socket:         LuaSocket 3.0-rc1
ssl:            0.5.PR

Prosody SSL config

ssl = {
        key = "[hidden]";
        certificate = "[hidden]";
        dhparam = "[hidden]";
        ciphers = "HIGH+kEECDH:!HIGH+kEDH:HIGH:!CAMELLIA:!PSK:!SRP:!3DES:!aNULL";
        options = {
                "no_sslv2",
                "no_sslv3",
                "no_ticket",
                "no_compression",
                "cipher_server_preference",
                "single_dh_use",
                "single_ecdh_use" 
        };
}

ChatSecure login attempt (FAIL)

Dec 08 10:40:07 socket  debug   server.lua: accepted new client connection from [hidden]:34198 to 5222
Dec 08 10:40:07 c2s18bb2f0      info    Client connected
Dec 08 10:40:07 c2s18bb2f0      debug   Client sent opening <stream:stream> to [hidden]
Dec 08 10:40:07 c2s18bb2f0      debug   Sent reply <stream:stream> to client
Dec 08 10:40:07 c2s18bb2f0      debug   Received[c2s_unauthed]: <starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'>
Dec 08 10:40:07 socket  debug   server.lua: we need to do tls, but delaying until send buffer empty
Dec 08 10:40:07 c2s18bb2f0      debug   TLS negotiation started for c2s_unauthed...
Dec 08 10:40:07 socket  debug   server.lua: attempting to start tls on tcp{client}: 0x18b7a78
Dec 08 10:40:08 socket  debug   server.lua: ssl handshake done
Dec 08 10:40:08 c2s18bb2f0      debug   Client sent opening <stream:stream> to [hidden]
Dec 08 10:40:08 c2s18bb2f0      debug   Sent reply <stream:stream> to client
Dec 08 10:40:08 c2s18bb2f0      debug   Received[c2s_unauthed]: <auth mechanism='PLAIN' xmlns='urn:ietf:params:xml:ns:xmpp-sasl'>
Dec 08 10:40:08 [hidden]:auth_dovecot    debug   sending "AUTH   2       PLAIN   service=xmpp    resp=[hiddenpasswordhash]" 
Dec 08 10:40:13 [hidden]:auth_dovecot    debug   received "FAIL  2       user=[hiddenuser]@[hiddendomain]" 
Dec 08 10:40:13 [hidden]:saslauth        debug   sasl reply: <failure xmlns='urn:ietf:params:xml:ns:xmpp-sasl'><not-authorized/><text>Unable to authorize you with the authentication credentials you&apos;ve sent.</text></failure>

Pidgin login attempt (Success)

Dec 08 10:41:26 socket  debug   server.lua: accepted new client connection from [hidden]:49736 to 5222
Dec 08 10:41:26 c2s1773420      info    Client connected
Dec 08 10:41:26 c2s1773420      debug   Client sent opening <stream:stream> to [hidden]
Dec 08 10:41:26 c2s1773420      debug   Sent reply <stream:stream> to client
Dec 08 10:41:27 c2s1773420      debug   Received[c2s_unauthed]: <starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'>
Dec 08 10:41:27 socket  debug   server.lua: we need to do tls, but delaying until send buffer empty
Dec 08 10:41:27 c2s1773420      debug   TLS negotiation started for c2s_unauthed...
Dec 08 10:41:27 socket  debug   server.lua: attempting to start tls on tcp{client}: 0x1859758
Dec 08 10:41:28 socket  debug   server.lua: ssl handshake done
Dec 08 10:41:29 c2s1773420      debug   Client sent opening <stream:stream> to [hidden]
Dec 08 10:41:29 c2s1773420      debug   Sent reply <stream:stream> to client
Dec 08 10:41:30 c2s1773420      debug   Received[c2s_unauthed]: <auth mechanism='PLAIN' http://www.google.com/talk/protocol/authclient-uses-full-bind-result='true' xmlns='urn:ietf:params:xml:ns:xmpp-sasl'>
Dec 08 10:41:30 [hidden]:auth_dovecot    debug   sending "AUTH   3       PLAIN   service=xmpp    resp=[hiddenpasswordhash]" 
Dec 08 10:41:31 [hidden]:auth_dovecot    debug   received "OK    3       user=[hidden]@[hiddendomain]       home=/var/mail/vmail
Dec 08 10:41:31 c2s1773420      info    Authenticated as [hiddenuser]@[hiddendomain]
Dec 08 10:41:31 [hidden]:saslauth        debug   sasl reply: <success xmlns='urn:ietf:params:xml:ns:xmpp-sasl'></success>

Also, when

"no_tlsv1"
is present in
prosody.cfg.lua
, ChatSecure logins fails with
Client disconnected: ssl handshake failed

Also available in: Atom PDF