freebsd 10.2 jabberd2 version(2.3.6) I'm using mysql to hold the usernames and passwords. I have verified that they are in the database by doing a select *. The usernames in the mysql database are in plain text.
I am setting up jabberd2 for a private messaging service, and thus don't want users registering themselves, hence I used mysql because that allows me to maintain all the accounts by logging into the server. PEM file is self signed. I have not loaded s2s since I don't want to link this to other XMPP servers. I am not using port 5223 since I need no backwards compatibility. I want to use TLS via starttls. I am using profanity to test the jabberd2 server being logged into the server rather than over the internet. [Profanity is a XMPP client that doesn't need a gui.] Relevant portions of c2s.xml: <id realm="MYDOMAIN>COM" permfile="/usr/local/etc/jabberd/jabber.pem" ciphers="TLSv1.2, TLSv1.0" require-starttls='true' register-enable='false' password-change='false' >MYDOMAIN.COM</id> <!-- <ssl-port>5223</ssl-port> --> <!-- Authentication/registration database configuration --> <authreg> <!-- Dynamic authreg modules path --> <path>/usr/local/lib/jabberd</path> <!-- Backend module to use --> <module>mysql</module> <!-- Available authentication mechanisms --> <mechanisms> <!-- These are the traditional Jabber authentication mechanisms. Comment out any that you don't want to be offered to clients. Note that if the auth/reg module does not support one of these mechanisms, then it will not be offered regardless of whether or not it is enabled here. --> <!-- <traditional> <plain/> <digest/> </traditional> --> <!-- SASL authentication mechanisms. Comment out any that you don't want to be offered to clients. Again, if the auth/reg module does not support one of these mechanisms, then it will not be offered. --> <sasl> <!-- <plain/> --> <!-- <digest-md5/> --> <!-- <anonymous/> <gssapi/> --> </sasl> </mechanisms> <!-- Additional mechanisms that are also available when the connection is encrypted. Ie. when START-TLS had been negotiated, or user connected on SSL-wrapped port. --> <ssl-mechanisms> <!-- it's advisable that you disable plain in the above <mechanisms/> section --> <traditional> <plain/> </traditional> <sasl> <plain/> <external/> </sasl> </ssl-mechanisms> what follows is the debug output once the program has initialized. That is, I ran jabberd -D and let the program settle, then tried to log in. I could supply more, but I'm trying to keep it relevant to the login session. The file is sanitized of private data, which should be obvious where applicable. I also wrapped the long lines. ------------------------------------------------- C2S : sx (sx.c:115) freeing 5 env plugins C2S : Mon May 2 01:08:12 2016 [notice] [7] [MYIP, port=43659] connect C2S : Mon May 2 01:08:12 2016 c2s.c:563 accept action on fd 7 C2S : sx (sx.c:65) allocated new sx for 7 C2S : sx (server.c:260) doing server init for sx 7 C2S : sx (server.c:272) waiting for stream header C2S : sx (server.c:275) tag 7 event 0 data 0x0 C2S : Mon May 2 01:08:12 2016 c2s.c:37 want read C2S : Mon May 2 01:08:12 2016 c2s.c:515 read action on fd 7 C2S : sx (io.c:206) 7 ready for reading C2S : sx (io.c:212) tag 7 event 2 data 0x2e03940 C2S : Mon May 2 01:08:12 2016 c2s.c:47 reading from 7 C2S : Mon May 2 01:08:12 2016 c2s.c:106 read 156 bytes C2S : sx (io.c:231) passed 156 read bytes C2S : sx (chain.c:93) calling io read chain C2S : sx (io.c:255) decoded read data (156 bytes): <?xml version="1.0"?> <stream:stream to="MYDOMAIN.COM" xml:lang="en" version="1.0" xmlns="jabber:client" xmlns:stream="http://etherx.jabber.org/streams"> C2S : sx (server.c:126) stream request: to MYDOMAIN.COM from (null) version 1.0 C2S : sx (server.c:141) 7 state change from 0 to 1 C2S : sx (server.c:159) stream id is LONGRANDOM C2S : Mon May 2 01:08:12 2016 ack.c:34 hacking ack namespace decl onto stream header C2S : sx (server.c:202) prepared stream response: <?xml version='1.0'?> <stream:stream xmlns:stream='http://etherx.jabber.org/streams' xmlns='jabber:client' from='MYDOMAIN.COM' version='1.0' id='LONGRANDOM' xmlns:ack='http://www.xmpp.org/extensions/xep-0198.html#ns'> C2S : sx (io.c:271) tag 7 event 1 data 0x0 C2S : Mon May 2 01:08:12 2016 c2s.c:42 want write C2S : Mon May 2 01:08:12 2016 c2s.c:529 write action on fd 7 C2S : sx (io.c:343) 7 ready for writing C2S : sx (io.c:301) encoding 250 bytes for writing: <?xml version='1.0'?> <stream:stream xmlns:stream='http://etherx.jabber.org/streams' xmlns='jabber:client' from='MYDOMAIN.COM' version='1.0' id='LONGRANDOM' xmlns:ack='http://www.xmpp.org/extensions/xep-0198.html#ns'> C2S : sx (chain.c:79) calling io write chain C2S : sx (io.c:364) handing app 250 bytes to write C2S : sx (io.c:365) tag 7 event 3 data 0x2e03970 C2S : Mon May 2 01:08:12 2016 c2s.c:113 writing to 7 C2S : Mon May 2 01:08:12 2016 c2s.c:117 250 bytes written C2S : sx (server.c:29) stream established C2S : sx (server.c:39) 7 state change from 1 to 3 C2S : sx (server.c:40) tag 7 event 4 data 0x0 C2S : sx (server.c:45) building features nad C2S : sx (address.c:34) adding address feature C2S : sx (sasl.c:260) ssl not established yet but the app requires it, not offering mechanisms C2S : Mon May 2 01:08:12 2016 bind.c:38 not auth'd, offering auth and register C2S : sx (io.c:398) tag 7 event 0 data 0x0 C2S : Mon May 2 01:08:12 2016 c2s.c:37 want read C2S : Mon May 2 01:08:12 2016 c2s.c:529 write action on fd 7 C2S : sx (io.c:343) 7 ready for writing C2S : sx (io.c:301) encoding 267 bytes for writing: <stream:features xmlns:stream='http://etherx.jabber.org/streams'><address xmlns='http://affinix.com/jabber/address'>MYIP</address><auth xmlns='http://jabber.org/features/iq-auth'/><register xmlns='http://jabber.org/features/iq-register'/></stream:features> C2S : sx (chain.c:79) calling io write chain C2S : sx (io.c:364) handing app 267 bytes to write C2S : sx (io.c:365) tag 7 event 3 data 0x2e03970 C2S : Mon May 2 01:08:12 2016 c2s.c:113 writing to 7 C2S : Mon May 2 01:08:12 2016 c2s.c:117 267 bytes written C2S : sx (io.c:398) tag 7 event 0 data 0x0 C2S : Mon May 2 01:08:12 2016 c2s.c:37 want read C2S : Mon May 2 01:08:12 2016 c2s.c:515 read action on fd 7 C2S : Mon May 2 01:08:12 2016 [notice] [7] got pre STARTTLS packet, dropping C2S : sx (io.c:206) 7 ready for reading C2S : sx (io.c:212) tag 7 event 2 data 0x2e03970 C2S : Mon May 2 01:08:12 2016 c2s.c:47 reading from 7 C2S : Mon May 2 01:08:12 2016 c2s.c:106 read 176 bytes C2S : sx (io.c:231) passed 176 read bytes C2S : sx (chain.c:93) calling io read chain C2S : sx (io.c:255) decoded read data (176 bytes): <iq id="_xmpp_auth1" type="set"><query xmlns="jabber:iq:auth"><username>SOMEUSER</username><password>PASSWORD</password> <resource>profanity</resource></query></iq> C2S : sx (io.c:96) completed nad: <iq xmlns='jabber:client' type='set' id='_xmpp_auth1'><query xmlns='jabber:iq:auth'><username>SOMEUSER</username><password>PASSWORD</password> <resource>profanity</resource></query></iq> C2S : sx (chain.c:119) calling nad read chain C2S : sx (io.c:167) tag 7 event 6 data 0x2dd6da0 C2S : Mon May 2 01:08:12 2016 c2s.c:392 pre STARTTLS packet, dropping C2S : sx (error.c:79) prepared error: <stream:error xmlns:stream='http://etherx.jabber.org/streams'> <policy-violation xmlns='urn:ietf:params:xml:ns:xmpp-streams'/> <text xmlns='urn:ietf:params:xml:ns:xmpp-streams'> STARTTLS is required for this stream</text></stream:error> C2S : sx (error.c:100) tag 7 event 1 data 0x0 C2S : Mon May 2 01:08:12 2016 c2s.c:42 want write C2S : Mon May 2 01:08:12 2016 c2s.c:529 write action on fd 7 C2S : sx (io.c:343) 7 ready for writing C2S : sx (io.c:301) encoding 233 bytes for writing: <stream:error xmlns:stream='http://etherx.jabber.org/streams'><policy-violation xmlns='urn:ietf:params:xml:ns:xmpp-streams'/><text xmlns='urn:ietf:params:xml:ns:xmpp-streams'> STARTTLS is required for this stream</text></stream:error> C2S : sx (chain.c:79) calling io write chain C2S : sx (io.c:364) handing app 233 bytes to write C2S : sx (io.c:365) tag 7 event 3 data 0x2e03be0 C2S : Mon May 2 01:08:12 2016 c2s.c:113 writing to 7 C2S : Mon May 2 01:08:12 2016 c2s.c:117 233 bytes written C2S : sx (io.c:398) tag 7 event 0 data 0x0 C2S : Mon May 2 01:08:12 2016 c2s.c:37 want read C2S : Mon May 2 01:08:28 2016 c2s.c:515 read action on fd 7 C2S : sx (io.c:206) 7 ready for reading C2S : sx (io.c:212) tag 7 event 2 data 0x2e03a90 C2S : Mon May 2 01:08:28 2016 c2s.c:47 reading from 7 C2S : Mon May 2 01:08:28 2016 c2s.c:106 read 16 bytes C2S : sx (io.c:231) passed 16 read bytes C2S : sx (chain.c:93) calling io read chain C2S : sx (io.c:255) decoded read data (16 bytes): </stream:stream> C2S : sx (io.c:189) 7 state change from 3 to 5 C2S : sx (io.c:271) tag 7 event 1 data 0x0 C2S : Mon May 2 01:08:28 2016 c2s.c:42 want write C2S : Mon May 2 01:08:28 2016 c2s.c:529 write action on fd 7 C2S : sx (io.c:343) 7 ready for writing C2S : sx (io.c:301) encoding 16 bytes for writing: </stream:stream> C2S : sx (chain.c:79) calling io write chain C2S : sx (io.c:364) handing app 16 bytes to write C2S : sx (io.c:365) tag 7 event 3 data 0x2e03be0 C2S : Mon May 2 01:08:28 2016 c2s.c:113 writing to 7 C2S : Mon May 2 01:08:28 2016 c2s.c:117 16 bytes written C2S : Mon May 2 01:08:28 2016 [notice] [7] [MYIP, port=43659] disconnect jid=unbound, packets: 1, bytes: 348 C2S : sx (io.c:390) 7 state change from 5 to 6 C2S : sx (io.c:391) tag 7 event 7 data 0x0 C2S : Mon May 2 01:08:28 2016 c2s.c:534 close action on fd 7 C2S : sx (sx.c:82) freeing sx for 7