[jitsi-users] Jisi Win7 refuses TLS handshake / cipher suite


#1

Hi there, I like to use Jitsi / SIP communicator to do XMPP video chats,
but struggled that the windows client is unable to login to my server.
While pidgin and Jitsi linux work fine, I don't get the Jitsi on Win7 to
successful login to my private XMPP server. The server is a prosody with
a A-class SSL setup
(https://xmpp.net/result.php?domain=plattform32.de&type=client).

The logfile mentions esp:

09:10:19.916 SCHWERWIEGEND: [64]

org.jivesoftware.smack.PacketReader.notifyConnectionError() Closes the
connection temporary javax.net.ssl.SSLHandshakeException: Received
fatal alert: handshake_failure
(full log available here: http://paste.plattform32.de/view/d94c2a80)

So it seems that the TLS handshake runs in trouble because we there
seems to be no overlaps in the cipher suites of Jitsi client and my server?
Do you see any way to modify the TLS/SSL on clientside on Win7 and the
shipped JRE?

regards,
Matthias


#2

Sorry for pushing this topic, but I'm wondering if nobody has similar
issues on Jitsi windows configuration?
Is it still true, that the setups for different OS ship with different
cipher suites?
(https://blog.thijsalkema.de/me/blog//blog/2013/09/02/the-state-of-tls-on-xmpp-3/)

Matthias

···

Am 21.12.2015 um 09:18 schrieb Matthias Meisser:

Hi there, I like to use Jitsi / SIP communicator to do XMPP video chats,
but struggled that the windows client is unable to login to my server.
While pidgin and Jitsi linux work fine, I don't get the Jitsi on Win7 to
successful login to my private XMPP server. The server is a prosody with
a A-class SSL setup
(https://xmpp.net/result.php?domain=plattform32.de&type=client).

The logfile mentions esp:

09:10:19.916 SCHWERWIEGEND: [64]

org.jivesoftware.smack.PacketReader.notifyConnectionError() Closes the
connection temporary javax.net.ssl.SSLHandshakeException: Received
fatal alert: handshake_failure
(full log available here: http://paste.plattform32.de/view/d94c2a80)

So it seems that the TLS handshake runs in trouble because we there
seems to be no overlaps in the cipher suites of Jitsi client and my server?
Do you see any way to modify the TLS/SSL on clientside on Win7 and the
shipped JRE?

regards,
Matthias

_______________________________________________
users mailing list
users@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/users


#3

I have Win7 Prof 64bit and the nightly unstable build line, with the
sipped JRE, and I dont see this issue...

Can you create a test account on your server then I can try to connect
via TLS...

BR Florian

···

Am 23.12.2015 um 20:59 schrieb Matthias Meisser:

Sorry for pushing this topic, but I'm wondering if nobody has similar
issues on Jitsi windows configuration?
Is it still true, that the setups for different OS ship with different
cipher suites?
(https://blog.thijsalkema.de/me/blog//blog/2013/09/02/the-state-of-tls-on-xmpp-3/)

Matthias

Am 21.12.2015 um 09:18 schrieb Matthias Meisser:
http://lists.jitsi.org/mailman/listinfo/users


#4

Jitsi on Windows would use whatever the default settings of the embedded Java 8 are, same goes for OSX. Linux might be different as the distros might reorder/change settings of what OpenJDK uses by default.

After a quick glimpse to the xmpp cert check website, I'd guess that the chosen/enabled ECDHE suites on the server are too strong for Java 8.

Ingo

Freundliche Grüsse,
Ingo Bauersachs

-- sent from my mobile

···

On 24.12.2015, at 09:01, Matthias Meisser <mame-lists@plattform32.de> wrote:

Sorry for pushing this topic, but I'm wondering if nobody has similar
issues on Jitsi windows configuration?
Is it still true, that the setups for different OS ship with different
cipher suites?
(https://blog.thijsalkema.de/me/blog//blog/2013/09/02/the-state-of-tls-on-xmpp-3/)

Matthias

Am 21.12.2015 um 09:18 schrieb Matthias Meisser:
Hi there, I like to use Jitsi / SIP communicator to do XMPP video chats,
but struggled that the windows client is unable to login to my server.
While pidgin and Jitsi linux work fine, I don't get the Jitsi on Win7 to
successful login to my private XMPP server. The server is a prosody with
a A-class SSL setup
(https://xmpp.net/result.php?domain=plattform32.de&type=client).

The logfile mentions esp:

09:10:19.916 SCHWERWIEGEND: [64]

org.jivesoftware.smack.PacketReader.notifyConnectionError() Closes the
connection temporary javax.net.ssl.SSLHandshakeException: Received
fatal alert: handshake_failure
(full log available here: http://paste.plattform32.de/view/d94c2a80)

So it seems that the TLS handshake runs in trouble because we there
seems to be no overlaps in the cipher suites of Jitsi client and my server?
Do you see any way to modify the TLS/SSL on clientside on Win7 and the
shipped JRE?

regards,
Matthias

_______________________________________________
users mailing list
users@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/users

_______________________________________________
users mailing list
users@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/users