Il 13/02/2013 19:00, Dave Cridland ha scritto:
On 13 Feb 2013 16:38, "Marco Cirillo" <[email protected] <mailto:[email protected]>> wrote:> Just figured I would let you know, >> I'm experiencing very slow s2s communication establishments torward jabber.org <http://jabber.org>, it doesn't seem due to latency or other congestion factors.Well, that's curious.I'd note that your certificate appears to have a CN=*.lightwitch.org <http://lightwitch.org>, but my server at least rejects the subdomains, so I suspect there's sRVName and/or xmppAddress SANs which don't cover these. M-Link (correctly) ignores commonName RDNs if SANs exist. That said, lightwitch.org <http://lightwitch.org> itself should be working fine; and appears to be from my server at least.M-Link doesn't reuse a connection opened for verification, which'd explain the two reverse connections, so it'll open a connection for verification then a reverse path.As for why it's taking so long, it could be almost anything - usually I'd expect this to be something along the lines of an unreachable highest pref server - could be that it's trying and failing to reach your IPv6 address, possibly? I note that from my network, latency to the IPv6 address is twice that of IPv4 currently (both quite high).Dave.
Thanks for the response,The server listens on both v4 and v6, the latency on the ipv6 address is bound to be higher as it's still using a tunnelled connection, although it's reacheable from my end.
So, no idea on the above...For what regards the cert, it does have a wildcard as both the CN and SAN, plus lightwitch.org as SAN. So I'm puzzled as well why it fails, on lightwitch.org at least.
Marco.
smime.p7s
Description: Firma crittografica S/MIME
