[jitsi-users] jit.si federation


#1

Hello

So, I investigated the federation troubles a bit:

Some client and/or servers use elliptic curve cryptography which we didn't
support due to a bug in OpenJDK [1]. I applied the workaround suggested
there and now at least the logs are almost quiet. I also created an account
at comm.unicate.me and was able to authorize my jit.si account.

Openfire still complains from time to time about invalid packets received in
dialback responses (see the attachment). I'd say this is because ejabberd
tries to establish a TLS connection to deliver the dialback results. Bug
OF-443 (the SSL port number, how ironic) seems to be related [2].
I'm not sure whether Openfire chockes on this or just warns and some higher
level processes the result anyway. If anyone has a clue about dialback
validation in combination with STARTTLS, please step out.

I can't diagnose any further on jit.si without restarting the server a
couple of times more, and I apologize for the two restarts this evening.

Summarizing, I don't think we have something wrong in our configuration
(anymore). If it works for you now, it was the OpenJDK bug, if it still
doesn't work, I'm starting to blame either Openfire or ejabberd.

Regards,
Ingo

[1] https://bugs.launchpad.net/ubuntu/+source/openjdk-6/+bug/1006776
[2] http://issues.igniterealtime.org/browse/OF-443

fed-logs.txt (3.4 KB)


#2

Hey Ingo,

Did a few tests with a server that wasn't properly federating before
and it now works. Your changes seem to have done the job! Very nice
catch!

Thanks!
Emil

···

On Fri, Jul 19, 2013 at 11:03 PM, Ingo Bauersachs <ingo@jitsi.org> wrote:

Hello

So, I investigated the federation troubles a bit:

Some client and/or servers use elliptic curve cryptography which we didn't
support due to a bug in OpenJDK [1]. I applied the workaround suggested
there and now at least the logs are almost quiet. I also created an account
at comm.unicate.me and was able to authorize my jit.si account.

Openfire still complains from time to time about invalid packets received in
dialback responses (see the attachment). I'd say this is because ejabberd
tries to establish a TLS connection to deliver the dialback results. Bug
OF-443 (the SSL port number, how ironic) seems to be related [2].
I'm not sure whether Openfire chockes on this or just warns and some higher
level processes the result anyway. If anyone has a clue about dialback
validation in combination with STARTTLS, please step out.

I can't diagnose any further on jit.si without restarting the server a
couple of times more, and I apologize for the two restarts this evening.

Summarizing, I don't think we have something wrong in our configuration
(anymore). If it works for you now, it was the OpenJDK bug, if it still
doesn't work, I'm starting to blame either Openfire or ejabberd.

Regards,
Ingo

[1] https://bugs.launchpad.net/ubuntu/+source/openjdk-6/+bug/1006776
[2] http://issues.igniterealtime.org/browse/OF-443

_______________________________________________
users mailing list
users@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/users

--
Emil Ivov, Ph.D. 67000 Strasbourg,
Project Lead France
Jitsi
emcho@jitsi.org PHONE: +33.1.77.62.43.30
https://jitsi.org FAX: +33.1.77.62.47.31


#3

Thank you very much, it works now, you have fixed it :smiley:

Also apologies about all the anger i might have caused.
- --
Yannik V�lker


#4

No problems on my end anymore!

Fantastic! Thank you so much! :slight_smile:

···

On 07/19/2013 at 11:05 PM, "Ingo Bauersachs" <ingo@jitsi.org> wrote:

Hello

So, I investigated the federation troubles a bit:

Some client and/or servers use elliptic curve cryptography which
we didn't
support due to a bug in OpenJDK [1]. I applied the workaround
suggested
there and now at least the logs are almost quiet. I also created
an account
at comm.unicate.me and was able to authorize my jit.si account.

Openfire still complains from time to time about invalid packets
received in
dialback responses (see the attachment). I'd say this is because
ejabberd
tries to establish a TLS connection to deliver the dialback
results. Bug
OF-443 (the SSL port number, how ironic) seems to be related [2].
I'm not sure whether Openfire chockes on this or just warns and
some higher
level processes the result anyway. If anyone has a clue about
dialback
validation in combination with STARTTLS, please step out.

I can't diagnose any further on jit.si without restarting the
server a
couple of times more, and I apologize for the two restarts this
evening.

Summarizing, I don't think we have something wrong in our
configuration
(anymore). If it works for you now, it was the OpenJDK bug, if it
still
doesn't work, I'm starting to blame either Openfire or ejabberd.

Regards,
Ingo

[1] https://bugs.launchpad.net/ubuntu/+source/openjdk-
6/+bug/1006776
[2] http://issues.igniterealtime.org/browse/OF-443