fcmxmppserverv2 icon indicating copy to clipboard operation
fcmxmppserverv2 copied to clipboard

Published 20 hours ago verified publisher icon carlosCharz

TLS initialization

Open eadrwlo opened this issue 6 years ago • 3 comments

Hi. Do you know how handshake a secure connection? I get this error when I tried do set config.setSecurityMode(SecurityMode.required); Exception in thread "main" org.jivesoftware.smack.SmackException$SecurityRequiredByClientException: SSL/TLS required by client but not supported by server

I know that Firebase do not support STARTTLS extension. So how to do it in the other way?

eadrwlo avatar Sep 10 '18 22:09 eadrwlo

Hi @eadrwlo I had the same pending task. I found out the same thing that firebase do not support STARTTLS extension. I currently have: config.setSecurityMode(SecurityMode.ifpossible);

I am sorry I cannot help you with that because I am still looking for the solution.

carlosCharz avatar Sep 11 '18 02:09 carlosCharz

So, Do you know, how it is possible our connection are not refused if we do not meet the below criteria(from FCM docs)??

The connection has two important requirements:

  • You must initiate a Transport Layer Security (TLS) connection. Note that FCM doesn't currently support the STARTTLS extension.

eadrwlo avatar Sep 11 '18 06:09 eadrwlo

I just noticed that if I connect to port 5235 (Production) packet goes over TLS. In other case If I use port 5236 (testing) packet are seen in TCP format. I have monitored it in the Wireshark. Moreover paramater SecurityMode.disabled or SecurityMode.ifpossible do not have any impact on this. Only if this param is set to SecurityMode.required I get this Exception (described in first post) and then probably server try to perform this STARTTLS procedure which is not supported. I suppose config.setSocketFactory(SSLSocketFactory.getDefault()); with the secure port 5235 do the job and handshake TLS is performed after XMPP initial stanzas exchange.

eadrwlo avatar Sep 11 '18 06:09 eadrwlo