Bug#747675: Missing fallback handling when session layer connections (e.g. SSL) fail

Sat, 10 May 2014 15:27:30 -0700 

Package: ejabberd
Version: 2.1.11-1
Severity: important
Tags: upstream

When a server-to-server (s2s) SSL connection cannot be established there is no
fallback or backoff configurable that would try to use e.g. other parameters
like different set of offered cipher suites or even would try without
encryption - if encryption has been configured to be optional for (outgoing)
s2s connections.

Furthermore ejabberd fails to report the cause of the s2s connection failure in
a reasonable way thus only an unspecific "remote-host-not-found" is returned to
the user even though the plaintext part of a STARTTLS session could successfully
be performed.

Thus ejabberd should ensure that proper fallback is performed when encrypted
connections to yet unknown hosts fail and ensure reasonable diagnostics are
returned in the logfile to debug such issues.

Kind regards,
Benny Baumann

P.S.: By courtesy of #747453

-- System Information:
Debian Release: jessie/sid
  APT prefers testing
  APT policy: (900, 'testing'), (800, 'stable'), (750, 'experimental'), (700, 
'unstable'), (500, 'oldstable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.13-1-amd64 (SMP w/8 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages ejabberd depends on:
ii  adduser                        3.113+nmu3
ii  debconf [debconf-2.0]          1.5.53
ii  erlang-asn1                    1:17.0-dfsg-1
ii  erlang-base [erlang-abi-15.b]  1:17.0-dfsg-1
ii  erlang-crypto                  1:17.0-dfsg-1
ii  erlang-inets                   1:17.0-dfsg-1
ii  erlang-mnesia                  1:17.0-dfsg-1
ii  erlang-odbc                    1:17.0-dfsg-1
ii  erlang-public-key              1:17.0-dfsg-1
ii  erlang-ssl                     1:17.0-dfsg-1
ii  erlang-syntax-tools            1:17.0-dfsg-1
ii  libc6                          2.18-5
ii  libexpat1                      2.1.0-4
ii  libpam0g                       1.1.8-3
ii  libssl1.0.0                    1.0.1g-3
ii  openssl                        1.0.1g-3
ii  ucf                            3.0028
ii  zlib1g                         1:1.2.8.dfsg-1

ejabberd recommends no packages.

Versions of packages ejabberd suggests:
ii  imagemagick          8:6.7.7.10+dfsg-1
ii  libunix-syslog-perl  1.1-2+b3

-- debconf information excluded


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Reply via email to