Gnu TLS/XMPP issues.

Peter Saint-Andre stpeter at
Tue Apr 8 23:01:50 EDT 2008

Jeremy Lawler wrote:

>  Sorry, you guys saw the log you see is much later.  

My apologies, I didn't read the previous log carefully.

> The problem was
>  originally occurring with the standard 5222/standard TLS.  I only
>  enabled "Old style" ssl support during debugging.
>  The results are the same either way.

Do you know which SASL mechanism was in use? There are many known
interoperability problems with DIGEST-MD5 (in fact, the IETF has taken
the unusual step of deprecating it even before they have developed a
replacement), but SASL PLAIN over TLS should work.

>  Also, if I turn crypto off, everything works flawlessly.

Clearly, that is sub-optimal. :)

>  I'm glad to hear it's not GnuTLS.  However, I don't even know where to
>  start from here.

Have you posted to the djabberd list about this? Also, have you tested
with any other XMPP servers, such as ejabberd, jabberd 1.x, jabberd 2.x,
Openfire, or Tigase? I have not seen problems with Pidgin or Adium
logins at the service (running ejabberd 1.1.3), which I help
to administer, nor have I heard about problems with other services
running on the open Internet. Therefore I suspect that the problem may
lie with djabberd.


Peter Saint-Andre

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 7338 bytes
Desc: S/MIME Cryptographic Signature
URL: <>

More information about the Devel mailing list