tls-scan icon indicating copy to clipboard operation
tls-scan copied to clipboard
verified publisher icon prbinu

StartTLS with XMPP does not work: Connection error

Open sebix opened this issue 1 year ago • 2 comments

It appears that the starttls for XMPP does not work:

./tls-scan --connect jabber.thehappy.de:5222 --starttls xmpp --cacert /etc/ssl/ca-bundle.pem 
[warn] Unable to parse nameserver address fe80::2283:f8ff:fe17:6760%wlp0s20f3
host: jabber.thehappy.de; ip: 195.201.240.90; error: Network; errormsg:                      Disconnected from the remote host
 pid: 182595 | ciphers: (0) |host-count: 1 |network-error: 0 |dns-errcount: 0 |remote-close-error: 1 |unknown-error: 0 |connect-error: 1 |timeout-error: 0 |tls-handshake: 0 |gross-tls-handshake: 0 |elapsed-time: 0.67609 secs

The connection to the service itself using plain openssl s_client works fine:

openssl s_client -connect jabber.thehappy.de:5222 --starttls xmpp

Same for jabber.ccc.de and other XMPP servers.

starttls with smtp also works.

Using the latest release 1.6.0

sebix avatar Mar 06 '25 21:03 sebix

thanks @sebix for reporting this issue. I will try to get this fixed when I find some free cycles in between.

prbinu avatar Mar 08 '25 21:03 prbinu

Thanks. I then used the tool testssl.sh which works with XMPP's STARTTLS

sebix avatar Mar 09 '25 07:03 sebix