Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Connect » XMPP and TLSv1/SSLv2/SSLv3 (XMPP stops working when TLSv1/SSLv2/SSLv3 disabled)
  •  
user901

Messages: 2
Karma: -1
Send a private message to this user
Hello,

I've found a bug in 8.4.2 version. If one disable TLSv1/SSLv2/SSLv3 in mailserver.cfg the XMPP server will stop functioning.

log:
[06/04/2015 14:03:55] FINE Connecting to WEBMAIL API on 127.0.0.1:4040 (com.kerio.im.connect.WebmailApi.login)
[06/04/2015 14:03:56] INFO Initializing external component failed (com.kerio.im.service.task.StartServer$LazyExtServiceLoader.event): org.jabsorb.client.ClientError: javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
	at com.kerio.lib.json.api.client.KJsonRpcSession.sendAndReceive(KJsonRpcSession.java:218)
	at com.kerio.im.connect.ApiClient$KJsonRpcSessionPrivate.sendAndReceive(ApiClient.java:79)
	at com.kerio.lib.json.api.client.KJsonRpcClient.processJsonRequest(KJsonRpcClient.java:156)
	at com.kerio.lib.json.api.client.KJsonRpcClient.invokeImpl(KJsonRpcClient.java:142)
	at com.kerio.lib.json.api.client.KJsonRpcClient.invoke(KJsonRpcClient.java:94)
	at $Proxy0.login(Unknown Source)
	at com.kerio.im.connect.WebmailApi.login(WebmailApi.java:111)
	at com.kerio.im.connect.ExtServiceImpl.<init>(ExtServiceImpl.java:51)
	at com.kerio.im.connect.ExtServiceFactoryImpl.getService(ExtServiceFactoryImpl.java:24)
	at com.kerio.im.service.task.StartServer$LazyExtServiceLoader.event(StartServer.java:83)
	at com.kerio.im.service.task.StartServer$LazyExtServiceLoader.event(StartServer.java:68)
	at com.kerio.im.core.Bus.publish(Bus.java:34)
	at com.kerio.im.core.remote.RemoteControl.messageReceived(RemoteControl.java:51)
	at com.kerio.im.tigase.ConnectComponent.processPacket(ConnectComponent.java:129)
	at tigase.server.AbstractMessageReceiver$QueueListener.run(AbstractMessageReceiver.java:1350)
Caused by: javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
	at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown Source)
	at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
	at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source)
	at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source)
	at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source)
	at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source)
	at sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(Unknown Source)
	at com.kerio.lib.json.api.client.KJsonRpcSession.sendAndReceive(KJsonRpcSession.java:185)
	... 14 more
Caused by: java.io.EOFException: SSL peer shut down incorrectly
	at com.sun.net.ssl.internal.ssl.InputRecord.read(Unknown Source)
	... 22 more

[06/04/2015 14:03:56] WARNING Initializing external component failed, reason: javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake (com.kerio.im.service.task.StartServer$LazyExtServiceLoader.event)
[06/04/2015 14:03:56] WARNING Performing IM service shutdown (com.kerio.im.core.Shutdown$ShutdownTask.run)


Enabling TLSv1 solves the problem but PCI DSS Compliance test will fail.
  •  
Pavel Dobry (Kerio)

Messages: 5245
Karma: 251
Send a private message to this user
Bugs can be reported here: http://www.kerio.com/support/technical-support
Please include also details about your server configuration. This issue is related to operating system and Java version.
Previous Topic: copying lines from log files
Next Topic: UTTERLY bemused by SSL certs (CAcert.org)
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Thu Jul 20 22:39:06 CEST 2017

Total time taken to generate the page: 0.00362 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.