cmis someone else getting the "insecure connection" dialogue in windows with 16.1? under linux everything works perfectly.
Darlancm, in Gajim?
DarlanOh, yes.
cmyes
cmbut only under windows
Darlancm, what is the TLD of the XMPP server you use?
DarlanTLD = Top Level Domain
cmits a private xmpp server
cmusing tls 1.2
Link Mauvecm, is your certificate correctly configured?
cmyes. but it is self signed. works fine under linux.
Link MauveHave you tried with another profile?
cmi could try another user
Link MauveBecause self-signed cerficates should always give you that warning, if you don’t explicitely accept it.
cmi got the warning under linux. and did accept it there explictly. but under windows i get only "insecure connection", where it says it would try to auth in plain text
cmwithout any crypto
Link MauveoO
Link MauveAre you on Windows XP perhaps?
cmso my guess was, that for some reasons the windows version can not talk tls1.2
cmwin7
Link MauveAFAIK this one shouldn’t have such issue.
cmim not sure how to troubleshoot
cmoh, i could check out server logs
Link MauveYeah.
Link MauveLook at debug logs if they aren’t enabled already.
Link MauveAlso, maybe launch gajim with -v.
cmbut still strange. since jitsi and pidgin are working fine
Link MauveIt will log more things to stdout.
Link MauveThey may use a different TLS stack than Gajim’s, dunno.
cmi wonder, if "plaintext" auth should be even possible. tls should be required
Link MauveThat’s my opinion as well.
cmd
cmwould the output of the xml console be helpful to understanding the issue?
Link MauveNot really, but post it anyway so we can see if the server is actually offering STARTTLS.
Link MauveMy guess is it does, since Pidgin and Jitsi have no problem.
cmdoes that mean sth like "start tls and then send passwort plaintext"
Link MauveNo, that’s it supports both STARTTLS and PLAIN over unencrypted. :x
Link MauveAh, Ejabberd…
Link MauveYou should look at disabling that offer for PLAIN.
Link MauveReally, nobody should ever propose any auth over unencrypted. :/
cmi already added 'starttls_required', but i also deactivated tlsv1.1 for testing purposes, but im observer this says it is enabled :D
cmIM Observer still says
cmso wtf? :D
Link MauveWell, it doesn’t seem required here.
cmso basically, ejabberd makes its own interpretaton of the configs :)
Link Mauve:/
cmthats just wrong :D
cmwell, but the main question is, why does gajim choose plain, if the server sais plain and tls is available
Link MauveLaunch it with -v, and look at hints about it not upgrading to STARTTLS.
cmgajim.exe -v doenst do anything under windows
cmor is it gajim /x
cmnope
Link MauveI have no idea how to do that on Windows. :/
Link MauveTry launching it from a Python console?
0xAFFEcm: there is %appdata%\Gajim and there you find gajim.exe.log and gajim.log
cmfound this:
cm Error while TLS handshake:
Traceback (most recent call last):
File "c:\python27\lib\site-packages\nbxmpp\tls_nb.py", line 456, in _startSSL_pyOpenSSL
SysCallError: (10057, 'Socket is not connected')
cmand alot more. i dont want to spam it here. but looks like the tls handshake failed for some reason
cman OpenSSL.SSL.Error exception is caught
cmit seems that it first tries tls, which failes for reasons i cannot understand from the logs, then it tries the obsolete ssl on 5223, which fails for obvious reason and then offers me plaintext auth.
Link MauveMakes sense.
Link MauveBut this traceback shouldn’t happen.
Link MauveIt’s at the “tcpsock._sslObj.do_handshake()” step.
Link MauveThanks for investigating this, now I guess it’s Asterix’ turn to fix it.
cmso its a bug?
Link MauveProbably, yeah.
Link MauveI can’t think of any workaround, or additional debug you could do, sorry.