<!--
This is a comment.
Please fill in the required fields below.
The comments provide instructions on how to do so.
Note: You do not need to remove comments.
-->
## Basic information
- TDE version: R14.1.0 <!-- such as R14.0.12 - see tde-config -v -->
- Distribution: openSUSE Tumbleweed <!-- such as Debian Bullseye - see lsb_release -sd -->
- Hardware: amd64 <!-- amd64 / i386 / ppc64el / armhf / ... -->
<!--
Use SL/* labels to set the severity level.
Please do not set a milestone.
-->
## Description
Does not connect to an openfire xmpp server with the jabber protocol, when it is set up to use SSL.
When no SSL is used, it connects fine.
The error message which appears is:
"There was an error authenticating with the server: Login failed with unknown reason."
The server is currently supporting TLS v1.3 and v1.2, with STARTTLS encryption required.
## Steps to reproduce
1. Create a new account with Jabber protocol.
2. Uncheck "Allow plain-text password authentication".
3. Go online.
4. Error occurs.
Hi @vjalmr,
what applications are you using?
If you use Kopete, the option to use SSL should be left off, as per description text. If you do, it works fine. If you enable that checkbox, you get exactly the error you described.
Hi @vjalmr,
what applications are you using?
If you use Kopete, the option to use SSL should be left off, as per description text. If you do, it works fine. If you enable that checkbox, you get exactly the error you described.
The SSL option is left off. I have uploaded some images of my settings.
If I connect with another client, it works just fine.
If I disable encryption on the server, it works fine in Kopete - but that kind of defeats the purpose.
The SSL option is left off. I have uploaded some images of my settings.
If I connect with another client, it works just fine.
If I disable encryption on the server, it works fine in Kopete - but that kind of defeats the purpose.
Old protocol and old servers required connection on a separate port for use SSL. The new protocol uses one port and the client uses StartTLS after connecting to turn on encryption. It is currently likely that all servers require the client to use StartTLS, so always force encryption.
The SSL switch is in case of using an old protocol and it is therefore not desirable to turn it on. Therefore, there is a description at the switch with an explanation of why not turn this switch on.
Old protocol and old servers required connection on a separate port for use SSL. The new protocol uses one port and the client uses StartTLS after connecting to turn on encryption. It is currently likely that all servers require the client to use StartTLS, so always force encryption.
The SSL switch is in case of using an old protocol and it is therefore not desirable to turn it on. Therefore, there is a description at the switch with an explanation of why not turn this switch on.
I cannot use old style SSL encryption as it is disabled on the server.
The server uses standard port 5222 with STARTTLS with required encryption. It uses a certified SSL certificate for this, and supports TLS v1.3 and 1.2.
If I was to turn on the "Use old style SSL encryption protocol", I get the error: "SSL support could not be initialized for account xxx@xxx.com. This is most likely because the TQCA TLS plugin is not installed on your system."
But this should be irrelevant, as this service is disabled on the server.
> How about `Use old style SSL encryption protocol`?
I cannot use old style SSL encryption as it is disabled on the server.
The server uses standard port 5222 with STARTTLS with required encryption. It uses a certified SSL certificate for this, and supports TLS v1.3 and 1.2.
If I was to turn on the "Use old style SSL encryption protocol", I get the error: "SSL support could not be initialized for account xxx@xxx.com. This is most likely because the TQCA TLS plugin is not installed on your system."
But this should be irrelevant, as this service is disabled on the server.
I cannot use old style SSL encryption as it is disabled on the server.
I read this story and I think you misunderstood it. They are talking about changing the switch label.
Essentially it was said to leave this switch off
> > How about `Use old style SSL encryption protocol`?
>
> I cannot use old style SSL encryption as it is disabled on the server.
>
I read this story and I think you misunderstood it. They are talking about changing the switch label.
Essentially it was said to leave this switch off
PR #55 changed the text and tooltip on that checkbox. IMO this issue can now be close. @SlavekB@vjalmr do you agree with that?
I do not agree. Changing the tooltip does not change the fact that connecting to a STARTTLS server on port 5222 with required encryption gives the error.
The SSL checkbox was never checked.
The only reason why I am mentioning SSL, is that the server has a certified SSL certificate.
> PR #55 changed the text and tooltip on that checkbox. IMO this issue can now be close.
> @SlavekB @vjalmr do you agree with that?
I do not agree. Changing the tooltip does not change the fact that connecting to a STARTTLS server on port 5222 with required encryption gives the error.
The SSL checkbox was never checked.
The only reason why I am mentioning SSL, is that the server has a certified SSL certificate.
connecting to a STARTTLS server on port 5222 with required encryption gives the error.
Ah, I had not understood clearly where the problem was. Is there a specific server we can use for testing?
> connecting to a STARTTLS server on port 5222 with required encryption gives the error.
Ah, I had not understood clearly where the problem was. Is there a specific server we can use for testing?
Let me know if there is anything I can do to assist.
> > connecting to a STARTTLS server on port 5222 with required encryption gives the error.
>
> Ah, I had not understood clearly where the problem was. Is there a specific server we can use for testing?
I have created a user:
tde-guest@romphousing.com
pass: guest
Let me know if there is anything I can do to assist.
I tried to connect with the above user/server using Kopete and trying various setup, but all failed (although I get asked about the server certificate, so some communication gets established).
I then decided to try connecting using gajim, but again I can't connect either (see screenshot)
Am I missing something/doing something not right?
I tried to connect with the above user/server using Kopete and trying various setup, but all failed (although I get asked about the server certificate, so some communication gets established).
I then decided to try connecting using gajim, but again I can't connect either (see screenshot)
Am I missing something/doing something not right?
I tried to connect with the above user/server using Kopete and trying various setup, but all failed (although I get asked about the server certificate, so some communication gets established).
I then decided to try connecting using gajim, but again I can't connect either (see screenshot)
Am I missing something/doing something not right?
This is strange. I can connect with gajim, pidgin, and several iOS apps.
I just connected with the test account with pidgin, no issues.
> I tried to connect with the above user/server using Kopete and trying various setup, but all failed (although I get asked about the server certificate, so some communication gets established).
> I then decided to try connecting using gajim, but again I can't connect either (see screenshot)
> Am I missing something/doing something not right?
This is strange. I can connect with gajim, pidgin, and several iOS apps.
I just connected with the test account with pidgin, no issues.
Tried pidgin too, I get "tde-guest@romphousing.com/ disconnected" and "Server closed the connection". Maybe you can share your settings in case I am using some different config?
Tried pidgin too, I get "tde-guest@romphousing.com/ disconnected" and "Server closed the connection". Maybe you can share your settings in case I am using some different config?
with tde-test, gajim and pigdin works fine. kopete does not, so definitely something to look at. The comment under the "override default server configuration" gives a strong indication of why the connection does not work in kopete.
with tde-test, gajim and pigdin works fine. kopete does not, so definitely something to look at. The comment under the "override default server configuration" gives a strong indication of why the connection does not work in kopete.
MicheleC
removed this from the R14.1.1 release milestone 9 months ago
Basic information
Description
Does not connect to an openfire xmpp server with the jabber protocol, when it is set up to use SSL.
When no SSL is used, it connects fine.
The error message which appears is:
"There was an error authenticating with the server: Login failed with unknown reason."
The server is currently supporting TLS v1.3 and v1.2, with STARTTLS encryption required.
Steps to reproduce
Hi @vjalmr,
what applications are you using?
If you use Kopete, the option to use SSL should be left off, as per description text. If you do, it works fine. If you enable that checkbox, you get exactly the error you described.
The SSL option is left off. I have uploaded some images of my settings.
If I connect with another client, it works just fine.
If I disable encryption on the server, it works fine in Kopete - but that kind of defeats the purpose.
Old protocol and old servers required connection on a separate port for use SSL. The new protocol uses one port and the client uses StartTLS after connecting to turn on encryption. It is currently likely that all servers require the client to use StartTLS, so always force encryption.
The SSL switch is in case of using an old protocol and it is therefore not desirable to turn it on. Therefore, there is a description at the switch with an explanation of why not turn this switch on.
@SlavekB: maybe it is time we change the description and add something like "old protocol only) in the checkbox text. What do you think?
Yes, it seems appropriate to change it so that it is not confusing. Perhaps the switch could be called: Use old protocol and SSL encryption
How about
Use old style SSL encryption protocol
?I cannot use old style SSL encryption as it is disabled on the server.
The server uses standard port 5222 with STARTTLS with required encryption. It uses a certified SSL certificate for this, and supports TLS v1.3 and 1.2.
If I was to turn on the "Use old style SSL encryption protocol", I get the error: "SSL support could not be initialized for account xxx@xxx.com. This is most likely because the TQCA TLS plugin is not installed on your system."
But this should be irrelevant, as this service is disabled on the server.
I read this story and I think you misunderstood it. They are talking about changing the switch label.
Essentially it was said to leave this switch off
MicheleC referenced this issue 9 months agoPR #55 changed the text and tooltip on that checkbox. IMO this issue can now be close.
@SlavekB @vjalmr do you agree with that?
I do not agree. Changing the tooltip does not change the fact that connecting to a STARTTLS server on port 5222 with required encryption gives the error.
The SSL checkbox was never checked.
The only reason why I am mentioning SSL, is that the server has a certified SSL certificate.
Ah, I had not understood clearly where the problem was. Is there a specific server we can use for testing?
I have created a user:
tde-guest@romphousing.com
pass: guest
Let me know if there is anything I can do to assist.
I tried to connect with the above user/server using Kopete and trying various setup, but all failed (although I get asked about the server certificate, so some communication gets established).
I then decided to try connecting using gajim, but again I can't connect either (see screenshot)
Am I missing something/doing something not right?
This is strange. I can connect with gajim, pidgin, and several iOS apps.
I just connected with the test account with pidgin, no issues.
Tried pidgin too, I get "tde-guest@romphousing.com/ disconnected" and "Server closed the connection". Maybe you can share your settings in case I am using some different config?
In Pidgin:
Basic
Protocol: XMPP
Username: tde-test
Domain: romphousing.com
Resource:
Password: guest
Advanced
Connection security: Require Encryption
Allow plaintext auth over unencrypted streams: unchecked
Connect port: 5222
Connect server:
File transfer proxies:
BOSH URL:
Proxy
Proxy type: User global proxy settings
ah! tde-test, not tde-guest (as per first post). Let me retest!
with tde-test, gajim and pigdin works fine. kopete does not, so definitely something to look at. The comment under the "override default server configuration" gives a strong indication of why the connection does not work in kopete.
Temporarily removing from R14.1.1 milestone, this may take a while to fix. But added to one of my todo lists.