The ejabberd server I'm configuring has the following configuration for certfiles and for the port 5222. Gajim, Psi and Pidgin can connect fine. Conversations cannot. There's some stream error.
ejabberd's log shows
2021-07-15 16:15:01.459 [info] <0.381.0>@ejabberd_listener:accept:273 (<0.649.0>) Accepted connection 88.88.88.72:65069 -> 192.168.7.5:5222```
For Gajim, besides a line like the one above, it has two more when opening the connection:
2021-07-15 16:16:10.465 [info] <0.651.0>@ejabberd_c2s:process_auth_result:268 (tls|<0.651.0>) Accepted c2s SCRAM-SHA-256 authentication for test1@myserver by mnesia backend from 88.88.88.72
2021-07-15 16:16:10.550 [info] <0.651.0>@ejabberd_c2s:bind:442 (tls|<0.651.0>) Opened c2s session for test1@myserver/gajim.W2AAA7JO
Part of the ejabberd's config file is:
certfiles:
- "/usr/local/etc/ejabberd/certs/myserver.pem"
- "/usr/local/etc/ejabberd/certs/myserver.key"
listen:
-
port: 5222
ip: "192.168.7.5"
module: ejabberd_c2s
max_stanza_size: 262144
shaper: c2s_shaper
access: c2s
tls: true
starttls: true
starttls_required: true
protocol_options:
- "no_sslv2"
- "no_sslv3"
- "no_tlsv1"
- "no_tlsv1_1"
ciphers: "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256"
dhfile:
"/usr/local/etc/ejabberd/certs/c2s_dh2048.pem"
I've also tried commenting out the ciphers
and no_ssl*
, no_tls*
but to no avail.
The ejabberd server is running not at the gateway but in a LAN location with port forwarding enabled.
What is wrong between Conversations and ejabberd?
Those options are mutually exclusive.
starttls
is usually set at port 5222, andtls
at port 5223.And looking at the tls option documentation:
So, you enabled
tls
on port 5222, which is a bad idea... together withstarttls
, which is another bad idea.Simply, set
tls
to false or remove that line.