so, i checked my configuration, but i am stuck, no ideas anymore what is missing or wrong.
that's the software i am using. jabberd2 from unstable and openssl from testing (debian) # dpkg --list jabberd2 openssl Desired=Unknown/Install/Remove/Purge/Hold | Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend |/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad) ||/ Name Version Architecture Description +++-==============================-====================-====================-================================================================== ii jabberd2 2.3.3-2 amd64 Jabber instant messenger server ii openssl 1.0.2a-1 amd64 Secure Sockets Layer toolkit - cryptographic utility only c2s.xml and sm.xml are changed, the rest of the configuration is unchanged. # diff c2s.xml.dpkg-dist c2s.xml 141c141,144 < <id register-enable='mu'>localhost.localdomain</id> --- > <id realm='' > pemfile='/etc/ssl/private/xmpp.guuk.eu.pem' > require-starttls='yes' > >guuk.eu</id> 373c376 < <module>sqlite</module> --- > <module>pam</module> # diff sm.xml.dpkg-dist sm.xml 79c79 < <id>localhost.localdomain</id> --- > <id>guuk.eu</id> 93c93 < <driver>sqlite</driver> --- > <driver>fs</driver> here is concatenation of my PEM file # cat /etc/ssl/certs/xmpp.guuk.eu.crt /etc/ssl/private/xmpp.guuk.eu.key /etc/ssl/certs/sub.class2.server.ca.pem /etc/ssl/certs/ca.pem > /etc/ssl/private/xmpp.guuk.eu.pem the log file of c2s, as you can see, yaxim is able to connect the server using TLS # tail -f /var/log/jabberd2/c2s.log Sat May 9 10:48:23 2015 [notice] starting up Sat May 9 10:48:23 2015 [info] process id is 12710, written to /var/run/jabberd2/c2s.pid Sat May 9 10:48:23 2015 [notice] modules search path: /usr/lib/x86_64-linux-gnu/jabberd2 Sat May 9 10:48:23 2015 [info] loading 'pam' authreg module Sat May 9 10:48:23 2015 [notice] initialized auth module 'pam' Sat May 9 10:48:23 2015 [notice] [guuk.eu] configured; realm=, registration disabled, using PEM:/etc/ssl/private/xmpp.guuk.eu.pem Sat May 9 10:48:23 2015 [notice] attempting connection to router at 127.0.0.1, port=5347 Sat May 9 10:48:23 2015 [notice] connection to router established Sat May 9 10:48:23 2015 [notice] [0.0.0.0, port=5222] listening for connections Sat May 9 10:48:23 2015 [notice] ready for connections Sat May 9 10:48:38 2015 [notice]  [192.168.178.7, port=50074] connect Sat May 9 10:48:39 2015 [notice]  PLAIN authentication succeeded: m...@guuk.eu 192.168.178.7:50074 TLS Sat May 9 10:48:39 2015 [notice]  bound: jid=m...@guuk.eu/yaxim.492DDC63 and here is the openssl command which gets stuck after the CONNECTED message. # openssl s_client -CApath /etc/ssl/certs -starttls xmpp -connect xmpp.guuk.eu:5222 CONNECTED(00000003) ^C i am lost :) any ideas? thanks in advance and greetings -mog