gajim: failed to secure c2s connection: TLS failed:client renegotiations forbidden

[OneOfOne]

Environment

• ejabberd version: 18.06
• Erlang version: Erlang (SMP,ASYNC_THREADS,HIPE) (BEAM) emulator version 10.0.8
• OS: Linux (Arch)
• Installed from: distro package

Errors from error.log/crash.log

/var/log/ejabberd/ejabberd.log:

2018-09-21 19:39:28.115 [warning] <0.608.0>@ejabberd_c2s:process_terminated:289 (tls|<0.608.0>) Failed to secure c2s connection: TLS failed:client renegotiations forbidden

Bug description

Gajim can't connect and I get that error every time it tries to connect.

Other clients work fine.

[licaon-kter]

Gajim version 1.0.2 or newer right? What OpenSSL version?

[zinid]

Duplicate of #2607 ?

[OneOfOne]

Gajim: 1.0.3+4feac6311d8b
GTK+ Version: 3.24.1
PyGObject Version: 3.30.1
python-nbxmpp Version: 0.6.7
OpenSSL 1.1.1  11 Sep 2018

[OneOfOne]

@zinid no, I'm using letsencrypt.

[zinid]

OpenSSL 1.1.1

This ^^^
It's believed to be fixed in master and will appear in 18.09 (supposedly next week).

no, I'm using letsencrypt

TL;DR: this is related to TLSv1.3

[zinid]

@prefiks feel free to close the issue if you think it's already fixed.

[OneOfOne]

Is there a workaround I can use for now?

[zinid]

@OneOfOne you can compile ejabberd from master branch.

[zinid]

Or maybe just compiling fast_tls from master is enough.

[zinid]

@OneOfOne by the way, this is also a problem of Arch packages: current version of ejabberd doesn't work with openssl1.1.1, but the package manager ignores this. Worth reporting to the Arch bugtracker.

[OneOfOne]

Compiling fast_tls from master didn't work

[vermeeren]

For me compiling fast_tls from current master and copying the build dirs ebin and priv into /usr/lib/fast_tls-1.0.23, replacing the version from Arch ejabberd package, resolved the issue.

[arendtio]

@OneOfOne @melvinvermeeren Arch released 18.09 earlier this week, but I still see the errors mentioned above. Does the update improve/solve the situation for you? (btw. don't try to downgrade OpenSSL as it will break pacman)

[vermeeren]

@arendtio The upgrade to 18.09 seems to include the recent fast_tls improvements since the issue did not start occurring again after upgrade.

Current versions on server are ejabberd 18.09-1, openssl 1.1.1-1, openssl-1.0 1.0.2.p-1, the last is for GitLab/ruby2.3 so shouldn't be relevant. Daemon has been running since 2018-10-02 and everything is working fine.

In ejabberd.yml I have, besides valid cert setup and DH file, the following:

define_macro:
  'TLS_OPTIONS':
    - "no_sslv2"
    - "no_sslv3"
    - "no_tlsv1"
    - "cipher_server_preference"
    - "no_compression"

For every listen component I have protocol_options: 'TLS_OPTIONS'. In addition to this I also set c2s_protocol_options and s2s_protocol_options to the same value, though I believe some of these are sort-of deprecated.

[arendtio]

@melvinvermeeren Thanks for the detailed description, but it seems my setup not so different (same ejabberd and OpenSSL version and I tried your config options), and yet some clients still have problems connecting. Do you mind if I am asking how you tried to trigger the issue on your server? The Arch version of Gajim doesn't seem to have the problem anymore (at least for me), but I have a few users with other clients.

One of the clients which trigger the issue on my server is Conversations Legacy. Also, some older versions of the 2.0 branch of Conversations seem to have problems too.

[vermeeren]

@arendtio I have not tested the current setup with anything besides Gajim on Arch Linux, in my case I host a very small XMPP node for personal use and a few friends.

What might be related is that, also on Arch Linux, Firefox cannot connect to the ejabberd web interface at all. For example https://mel.vin:5443/ gives a:

Secure Connection Failed

An error occurred during a connection to mel.vin:5443.

    The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
    Please contact the website owners to inform them of this problem.

With other browsers (Falkon, w3m) and tools like curl it does work properly, just like within Gajim (tried HTTPUpload). However, it could be there is a bug in ejabberd or fast_tls that in this case triggers on Firefox but in fact might be the same bug your older clients are experiencing, unless of course there is a bug in Firefox.

[arendtio]

At least I am not the only one with that Firefox Issue ;-) Currently, I am trying to clean up my config maybe that helps.

[zinid]

There is a commit in fast_tls repo which fixes your issue. You have to build fast_tls master branch manually and update. Or ask the maintainer of ejabberd in ArchLinux to do it.

[vermeeren]

@zinid applied this fix on my server, thanks.

[arendtio]

@zinid I can confirm the commit you mention seems to fix the client renegotiations forbidden warnings and some more clients seem to be able to connect again (looks like Conversations 2.x branch via Google Play). But there is another type of warnings I see a lot:

2018-10-06 16:57:18.489 [warning] <0.568.0>@ejabberd_c2s:process_terminated:280 (tls|<0.568.0>) Failed to secure c2s connection: TLS failed: SSL_do_handshake failed: error:14209175:SSL routines:tls_early_post_process_client_hello:inappropriate fallback

They seem to be triggered by connection attempts from Conversations Legacy clients. Those clients still cannot connect. Any ideas?

[alexara]

They seem to be triggered by connection attempts from Conversations Legacy clients. Those clients still cannot connect. Any ideas?

https://github.com/siacs/Conversations/commit/b6c5000d0146225d1b73726192df604623171cc5

Version 1.23.11
Fixed connection problems with TLS1.3 servers

[arendtio]

Thanks @alexara 👍 in fact, I was using f-droid which did not install the newest version :-/ , but with the newest version from the Play Store, Conversations Legacy can connect now too.

Is there a way to configure the server so that it can handle broken/outdated clients until most clients have been upgraded to compatible versions (like disabling TLS 1.3 for the time being, or even better something that lets modern clients still use TLS1.3)?

[zinid]

like disabling TLS 1.3 for the time being

Of course you can disable TLS 1.3: use no_tlsv1_3 protocol option.

[arendtio]

@zinid nice, that worked. I didn't expect it to, as it is not listed in the file which is linked in the documentation. From my perspective it looks like all clients can connect again 🥇

Let me sum up what I did for the workaround:

1. Replace the Arch version with the git version of fast_tls:

pacman -S rebar
git clone https://github.com/processone/fast_tls.git
cd fast_tls/
./configure
make
rsync -av priv/ /usr/lib/fast_tls-1.0.25/priv/
rsync -av ebin/ /usr/lib/fast_tls-1.0.25/ebin/
systemctl restart ejabberd

2. Configure ejabberd to not use TLS 1.3 for clients (protocol_options):

  -
    port: 5222
    ip: "::"
    module: ejabberd_c2s
    max_stanza_size: 262144
    shaper: c2s_shaper
    access: c2s
    starttls_required: true
    protocol_options:
      - "no_sslv2"
      - "no_tlsv1_3"

Thank you all for helping me through this. I hope this is useful for @OneOfOne too.

[zinid]

I think we can close this. There is enough info here to fix 18.09 and with the new release the issue will be resolved automatically.

[mbirth]

Same problem started to happen for me after I upgraded from Ubuntu 18.04 "bionic" to 18.10 "cosmic". Setting no_tlsv1_3 helped.

[mbirth]

HTTP uploads also didn't work from Conversations. Had to set no_tlsv1_3 for the https port as well.

[arendtio]

@mbirth Thanks for mentioning it. I was wondering the last few days why I got multiple reports of failed image transfers which worked just fine after client updates.

[lock]

This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.