I have setup an ejabberd on one of our servers and have tried to connect to this server using IM+ on my mobile. The ejabberd is configured to require TLS encryption of login infomation (starttls_require).
IM+ fails to connect to this server when configured with 'Port: 5222, Use SSL: Disabled'.
Using tcpdump I found the following conversation:
- Code: Select all
<?xml version="1.0"?>
<stream:stream xmlns:stream="http://etherx.jabber.org/streams" xmlns="jabber:client" to="jabber.example.org">
<?xml version='1.0'?>
<stream:stream xmlns='jabber:client' xmlns:stream='http://etherx.jabber.org/streams' id='2197909860' from='jabber.example.org' xml:lang='en'>
<stream:error>
<policy-violation xmlns='urn:ietf:params:xml:ns:xmpp-streams'/>
<text xml:lang='' xmlns='urn:ietf:params:xml:ns:xmpp-streams'>Use of STARTTLS required</text>
</stream:error>
</stream:stream>
<iq type="get" id="IM+Preauth">
<query xmlns="jabber:iq:auth">
<username>cluk</username>
</query>
</iq>
Afterwards the conversation stops, a few seconds later IM+ shows 'Connection failed' and tries to reconnect.
If ejabberd is configured without starttls_require, IM+ can connect but the credentials are sent as cleartext.
Does IM+ really support STARTTLS? How should it be configured?
Thanks for your help,
Christoph