Package: ejabberd Version: 2.1.11-1 Severity: important Tags: upstream When a server-to-server (s2s) SSL connection cannot be established there is no fallback or backoff configurable that would try to use e.g. other parameters like different set of offered cipher suites or even would try without encryption - if encryption has been configured to be optional for (outgoing) s2s connections.
Furthermore ejabberd fails to report the cause of the s2s connection failure in a reasonable way thus only an unspecific "remote-host-not-found" is returned to the user even though the plaintext part of a STARTTLS session could successfully be performed. Thus ejabberd should ensure that proper fallback is performed when encrypted connections to yet unknown hosts fail and ensure reasonable diagnostics are returned in the logfile to debug such issues. Kind regards, Benny Baumann P.S.: By courtesy of #747453 -- System Information: Debian Release: jessie/sid APT prefers testing APT policy: (900, 'testing'), (800, 'stable'), (750, 'experimental'), (700, 'unstable'), (500, 'oldstable') Architecture: amd64 (x86_64) Kernel: Linux 3.13-1-amd64 (SMP w/8 CPU cores) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages ejabberd depends on: ii adduser 3.113+nmu3 ii debconf [debconf-2.0] 1.5.53 ii erlang-asn1 1:17.0-dfsg-1 ii erlang-base [erlang-abi-15.b] 1:17.0-dfsg-1 ii erlang-crypto 1:17.0-dfsg-1 ii erlang-inets 1:17.0-dfsg-1 ii erlang-mnesia 1:17.0-dfsg-1 ii erlang-odbc 1:17.0-dfsg-1 ii erlang-public-key 1:17.0-dfsg-1 ii erlang-ssl 1:17.0-dfsg-1 ii erlang-syntax-tools 1:17.0-dfsg-1 ii libc6 2.18-5 ii libexpat1 2.1.0-4 ii libpam0g 1.1.8-3 ii libssl1.0.0 1.0.1g-3 ii openssl 1.0.1g-3 ii ucf 3.0028 ii zlib1g 1:1.2.8.dfsg-1 ejabberd recommends no packages. Versions of packages ejabberd suggests: ii imagemagick 8:6.7.7.10+dfsg-1 ii libunix-syslog-perl 1.1-2+b3 -- debconf information excluded -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org