Author Topic: Jabber SSL problem with jabber.ccc.de  (Read 14470 times)

0 Members and 1 Guest are viewing this topic.

Offline Chol

  • Newbie
  • *
  • Posts: 18
Jabber SSL problem with jabber.ccc.de
« Reply #15 on: 12 11 2015, 18:13:29 »
According to http://blog.edgecloud.com/post/19519955133/ssl-certificate-chain-order-matters the own (= jabber server) certificate should be the first one, followed by its signer.

If I check the chain of my server:
Code: [Select]
$ openssl s_client -connect jabber.ccc.de:5222 </dev/null -starttls xmpp
---
Certificate chain
 0 s:/C=DE/ST=Hamburg/L=Hamburg/O=Chaos Computer Club e.V./CN=jabber.ccc.de
   i:/O=Root CA/OU=http://www.cacert.org/CN=CA Cert Signing Authority/emailAddress=support@cacert.org
 1 s:/O=Root CA/OU=http://www.cacert.org/CN=CA Cert Signing Authority/emailAddress=support@cacert.org
   i:/O=Root CA/OU=http://www.cacert.org/CN=CA Cert Signing Authority/emailAddress=support@cacert.org
---
Everything looks correct to me. First one with id 0 is the jabber server certificate, second with id 1 is the signer (= root ca).
 

Offline ghazan

Jabber SSL problem with jabber.ccc.de
« Reply #16 on: 12 11 2015, 18:23:20 »
no, intermediate certificate must go first (either it's missing)
that's what sslshopper says

at least you will get this error until sslshopper won't go green
 

Offline Chol

  • Newbie
  • *
  • Posts: 18
Jabber SSL problem with jabber.ccc.de
« Reply #17 on: 12 11 2015, 18:49:56 »
There is no intermediate certificate required, as the server certificate is direcly signed by the root CA. For example https://www.sslshopper.com/ssl-checker.html#hostname=verisign.org does the same.
I think the red arrow for jabber.ccc.de only indicates that the CAcert root certificate is not contained in standard web browsers / operating systems.
Pidgin for example seems to package some root certificates with their app for that reason: https://hg.pidgin.im/pidgin/main/file/b788e0305cc0/share/ca-certs
 

Offline ghazan

Jabber SSL problem with jabber.ccc.de
« Reply #18 on: 12 11 2015, 18:56:53 »
Chol,
have you tried to update root certificates on your machine?
 

Offline Chol

  • Newbie
  • *
  • Posts: 18
Jabber SSL problem with jabber.ccc.de
« Reply #19 on: 12 11 2015, 19:21:17 »
First I opened certmgr.msc and compared my installed CAcert root certificate with the certificate from the server response. They match.
Then I deleted the CAcert root certificate and also the OpenSSL.dll from Miranda plugins. Same error as initially. Then I re-added OpenSSL.dll (CAcert root certificate still missing) and Miranda works. So the installed certificates do not seem to matter.
 

Offline ghazan

Jabber SSL problem with jabber.ccc.de
« Reply #20 on: 12 11 2015, 20:58:19 »
under Windows 8 & 10 Miranda works ok with this site without any problems
so the problem is evidently in the old SSL provider in Windows 7
and I don't know what precisely is the problem, I only know that sites marked as red at sslshopper usually cause problems with the old SSL libraries
 

Offline unitwobble

  • Newbie
  • *
  • Posts: 22
Jabber SSL problem with jabber.ccc.de
« Reply #21 on: 12 11 2015, 21:47:33 »
Do you have any source for that information? I do not see fulgan.com listed anywhere on openssl.org

Page used to be at : https://www.openssl.org/community/binaries.html (Google cache still holds old page)
Now it is : https://wiki.openssl.org/index.php/Binaries
 

Offline AnrDaemon

Jabber SSL problem with jabber.ccc.de
« Reply #22 on: 14 11 2015, 06:46:11 »
Do you perhaps have SSL2 enabled in Internet Explorer settings? (Just a wild shot.)
 

Offline Chol

  • Newbie
  • *
  • Posts: 18
Jabber SSL problem with jabber.ccc.de
« Reply #23 on: 14 11 2015, 11:02:24 »
No, SSL2 and SSL3 are not checked.

By the way, since I enabled the OpenSSL plugin, Jabber works fine but Facebook does not work any more. It stalls in "Connecting" state. So I either can use Jabber or Facebook, but not both at the same time. :(
Here is my Facebook log with OpenSSL enabled:

Code: [Select]
[12:00:34 185C] [Facebook_1] *** GetMyAvatar
[12:00:34 185C] [Facebook_1] === Beginning SetStatus process
[12:00:34 1934] [Facebook_1] [14.11.2015] Using Facebook Protocol RM 0.2.11.4
[12:00:34 1934] [Facebook_1] *** Beginning SignOn process
[12:00:34 1934] [Facebook_1] *** Negotiating connection with Facebook
[12:00:34 1934] [Facebook_1]  >> Entering login()
[12:00:34 1934] [Facebook_1] @@@ Sending request to 'https://mbasic.facebook.com/profile.php?v=info'
[12:00:34 1934] [Facebook_1] Connection request to mbasic.facebook.com:443 (Flags 11)....
[12:00:35 1934] [Facebook_1] (000000000E970CC8) Connecting to server mbasic.facebook.com:443....
[12:00:35 1934] [Facebook_1] (000000000E970CC8) Connecting to ip [2a03:2880:f01c:20e:face:b00c:0:2]:443 ....
[12:00:35 1934] [Facebook_1] (972) Connected to mbasic.facebook.com:443
[12:00:35 1934] [Facebook_1] (972 mbasic.facebook.com) Starting SSL negotiation
[12:00:42 1934] [Facebook_1] (972 mbasic.facebook.com) SSL negotiation successful
[12:00:42 1934] [Facebook_1] @@@ Got response with code 302
[12:00:42 1934] [Facebook_1] @@@ Sending request to 'https://login.facebook.com/login.php?login_attempt=1'
[12:00:42 1934] [Facebook_1] Connection request to login.facebook.com:443 (Flags 11)....
[12:00:42 1934] [Facebook_1] (000000000E9CCC88) Connecting to server login.facebook.com:443....
[12:00:42 1934] [Facebook_1] (000000000E9CCC88) Connecting to ip [2a03:2880:f01c:20e:face:b00c:0:2]:443 ....
[12:00:42 1934] [Facebook_1] (828) Connected to login.facebook.com:443
[12:00:42 1934] [Facebook_1] (828 login.facebook.com) Starting SSL negotiation
[12:00:46 1934] [Facebook_1] (828 login.facebook.com) SSL negotiation successful
[12:00:46 1934] [Facebook_1] (000000000E9CCC88:828) Connection closed internal
[12:00:46 1934] [Facebook_1] (000000000E9CCC88:4294967295) Connection closed
[12:00:46 1934] [Facebook_1] @@@ Got response with code 302
[12:00:46 1934] [Facebook_1]     Got self user id: 123456789
[12:00:46 1934] [Facebook_1]  << Quitting login()
[12:00:46 1934] [Facebook_1]  >> Entering home()
[12:00:46 1934] [Facebook_1] @@@ Sending request to 'https://mbasic.facebook.com/editprofile.php?edit=current_city&type=basic'
[12:00:47 1934] [Facebook_1] @@@ Got response with code 200
[12:00:47 1934] [Facebook_1]     Got self dtsg
[12:00:47 1934] [Facebook_1] @@@ Sending request to 'https://mbasic.facebook.com/profile.php?v=info'
 

Offline Maniaxx

  • Newbie
  • *
  • Posts: 7
  • Country: de
Jabber SSL problem with jabber.ccc.de
« Reply #24 on: 14 11 2015, 19:55:04 »
I have the same problem on Win7-x86 (thanks for the workaround with OpenSSL plugin).
Just posting in case i can be of any help. I'm not using facebook plugin though.
« Last Edit: 14 11 2015, 19:56:38 by Maniaxx »
 

Offline AnrDaemon

Jabber SSL problem with jabber.ccc.de
« Reply #25 on: 15 11 2015, 06:02:35 »
No, SSL2 and SSL3 are not checked.
Can you please try enabling SSL3 ?
 

Offline Chol

  • Newbie
  • *
  • Posts: 18
Jabber SSL problem with jabber.ccc.de
« Reply #26 on: 15 11 2015, 08:47:26 »
Can you please try enabling SSL3 ?
The server does not support SSLv3, so that would lead to nothing.