Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: ejabberd 14.07
    • Fix Version/s: ejabberd 14.12
    • Component/s: Crypto, s2s
    • Labels:
    • Environment:
      Debian GNU/Linux 7.7 (wheezy)
      OpenSSL 1.0.1e 11 Feb 2013

      Description

      On occasion (seems to be non-deterministic) when I restart ejabberd it fails to respect my s2s_ciphers list. I have checked and there are no errors in the list or ciphers that OpenSSL does not support. When this happens if I scan my server for s2s ciphers (using openssl s_client or xmpp.net) I can verify that the cipher list it is using is the list from my regular `ciphers` line (NOT the default list).

      Restarting ejabberd does not always fix the issue. Occasionally it happens, and occasionally when I restart it's fixed and the s2s_ciphers line is respected again. I can not find a way to force the issue to appear.

        Activity

        Hide
        holger Holger Weiß added a comment -

        Confirmed. I could probably provide a patch this evening.

        Show
        holger Holger Weiß added a comment - Confirmed. I could probably provide a patch this evening.
        Hide
        SamWhited Sam Whited added a comment -

        Fantastic; I'll look for your patch and rebuild then. Thanks!

        Show
        SamWhited Sam Whited added a comment - Fantastic; I'll look for your patch and rebuild then. Thanks!
        Hide
        holger Holger Weiß added a comment -
        Show
        holger Holger Weiß added a comment - There we go: https://github.com/processone/tls/pull/8

          People

          • Votes:
            1 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development