Bug #6374
TLS autentication fail
| Status: | New | Start date: | 12/08/2015 | |
|---|---|---|---|---|
| Priority: | Normal | Due date: | ||
| Assignee: | - | % Done: | 0% | |
| Category: | - | |||
| Target version: | - | |||
| Component: |
Description
Only when using ChatSecure, authentication over TLS fails. Bellow are the relevant of debug.
Server info
# prosodyctl about Prosody 0.9.8 # Lua environment Lua version: Lua 5.1 # Lua module versions lfs: LuaFileSystem 1.6.2 lxp: LuaExpat 1.3.0 pposix: 0.3.6 socket: LuaSocket 3.0-rc1 ssl: 0.5.PR
Prosody SSL config
ssl = {
key = "[hidden]";
certificate = "[hidden]";
dhparam = "[hidden]";
ciphers = "HIGH+kEECDH:!HIGH+kEDH:HIGH:!CAMELLIA:!PSK:!SRP:!3DES:!aNULL";
options = {
"no_sslv2",
"no_sslv3",
"no_ticket",
"no_compression",
"cipher_server_preference",
"single_dh_use",
"single_ecdh_use"
};
}
ChatSecure login attempt (FAIL)
Dec 08 10:40:07 socket debug server.lua: accepted new client connection from [hidden]:34198 to 5222
Dec 08 10:40:07 c2s18bb2f0 info Client connected
Dec 08 10:40:07 c2s18bb2f0 debug Client sent opening <stream:stream> to [hidden]
Dec 08 10:40:07 c2s18bb2f0 debug Sent reply <stream:stream> to client
Dec 08 10:40:07 c2s18bb2f0 debug Received[c2s_unauthed]: <starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'>
Dec 08 10:40:07 socket debug server.lua: we need to do tls, but delaying until send buffer empty
Dec 08 10:40:07 c2s18bb2f0 debug TLS negotiation started for c2s_unauthed...
Dec 08 10:40:07 socket debug server.lua: attempting to start tls on tcp{client}: 0x18b7a78
Dec 08 10:40:08 socket debug server.lua: ssl handshake done
Dec 08 10:40:08 c2s18bb2f0 debug Client sent opening <stream:stream> to [hidden]
Dec 08 10:40:08 c2s18bb2f0 debug Sent reply <stream:stream> to client
Dec 08 10:40:08 c2s18bb2f0 debug Received[c2s_unauthed]: <auth mechanism='PLAIN' xmlns='urn:ietf:params:xml:ns:xmpp-sasl'>
Dec 08 10:40:08 [hidden]:auth_dovecot debug sending "AUTH 2 PLAIN service=xmpp resp=[hiddenpasswordhash]"
Dec 08 10:40:13 [hidden]:auth_dovecot debug received "FAIL 2 user=[hiddenuser]@[hiddendomain]"
Dec 08 10:40:13 [hidden]:saslauth debug sasl reply: <failure xmlns='urn:ietf:params:xml:ns:xmpp-sasl'><not-authorized/><text>Unable to authorize you with the authentication credentials you've sent.</text></failure>
Pidgin login attempt (Success)
Dec 08 10:41:26 socket debug server.lua: accepted new client connection from [hidden]:49736 to 5222
Dec 08 10:41:26 c2s1773420 info Client connected
Dec 08 10:41:26 c2s1773420 debug Client sent opening <stream:stream> to [hidden]
Dec 08 10:41:26 c2s1773420 debug Sent reply <stream:stream> to client
Dec 08 10:41:27 c2s1773420 debug Received[c2s_unauthed]: <starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'>
Dec 08 10:41:27 socket debug server.lua: we need to do tls, but delaying until send buffer empty
Dec 08 10:41:27 c2s1773420 debug TLS negotiation started for c2s_unauthed...
Dec 08 10:41:27 socket debug server.lua: attempting to start tls on tcp{client}: 0x1859758
Dec 08 10:41:28 socket debug server.lua: ssl handshake done
Dec 08 10:41:29 c2s1773420 debug Client sent opening <stream:stream> to [hidden]
Dec 08 10:41:29 c2s1773420 debug Sent reply <stream:stream> to client
Dec 08 10:41:30 c2s1773420 debug Received[c2s_unauthed]: <auth mechanism='PLAIN' http://www.google.com/talk/protocol/authclient-uses-full-bind-result='true' xmlns='urn:ietf:params:xml:ns:xmpp-sasl'>
Dec 08 10:41:30 [hidden]:auth_dovecot debug sending "AUTH 3 PLAIN service=xmpp resp=[hiddenpasswordhash]"
Dec 08 10:41:31 [hidden]:auth_dovecot debug received "OK 3 user=[hidden]@[hiddendomain] home=/var/mail/vmail
Dec 08 10:41:31 c2s1773420 info Authenticated as [hiddenuser]@[hiddendomain]
Dec 08 10:41:31 [hidden]:saslauth debug sasl reply: <success xmlns='urn:ietf:params:xml:ns:xmpp-sasl'></success>
Also, when
"no_tlsv1"is present in
prosody.cfg.lua, ChatSecure logins fails with
Client disconnected: ssl handshake failed