Prosody 0.9.3 + Miranda IM SSL problem
212 views
Skip to first unread message
iw3...@gmail.com
Mar 11, 2014, 7:48:00 AM3/11/14
to prosod...@googlegroups.com
I had a prosody 0.8.3 and use it with Miranda IM (latest version) with TLS connection.
I updated to prosody 0.9.3 and I'm not able to use TLS with Miranda.
The debug log tell: server.lua: ssl handshake error: no shared cipher
Inspecting connection using Wireshark I see that Miranda ask for this lish of ciphers:
Cipher Suite: TLS_RSA_WITH_RC4_128_MD5 (0x0004)
Cipher Suite: TLS_RSA_WITH_RC4_128_SHA (0x0005)
Cipher Suite: TLS_RSA_WITH_3DES_EDE_CBC_SHA (0x000a)
Cipher Suite: TLS_RSA_WITH_DES_CBC_SHA (0x0009)
Cipher Suite: TLS_RSA_EXPORT1024_WITH_RC4_56_SHA (0x0064)
Cipher Suite: TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA (0x0062)
Cipher Suite: TLS_RSA_EXPORT_WITH_RC4_40_MD5 (0x0003)
Cipher Suite: TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 (0x0006)
Cipher Suite: TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA (0x0013)
Cipher Suite: TLS_DHE_DSS_WITH_DES_CBC_SHA (0x0012)
Cipher Suite: TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA (0x0063)
I'va also change prosody cipher config to:
ciphers = "ALL";
but this not solve.
Anyone could hel me?
I updated to prosody 0.9.3 and I'm not able to use TLS with Miranda.
The debug log tell: server.lua: ssl handshake error: no shared cipher
Inspecting connection using Wireshark I see that Miranda ask for this lish of ciphers:
Cipher Suite: TLS_RSA_WITH_RC4_128_MD5 (0x0004)
Cipher Suite: TLS_RSA_WITH_RC4_128_SHA (0x0005)
Cipher Suite: TLS_RSA_WITH_3DES_EDE_CBC_SHA (0x000a)
Cipher Suite: TLS_RSA_WITH_DES_CBC_SHA (0x0009)
Cipher Suite: TLS_RSA_EXPORT1024_WITH_RC4_56_SHA (0x0064)
Cipher Suite: TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA (0x0062)
Cipher Suite: TLS_RSA_EXPORT_WITH_RC4_40_MD5 (0x0003)
Cipher Suite: TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 (0x0006)
Cipher Suite: TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA (0x0013)
Cipher Suite: TLS_DHE_DSS_WITH_DES_CBC_SHA (0x0012)
Cipher Suite: TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA (0x0063)
I'va also change prosody cipher config to:
ciphers = "ALL";
but this not solve.
Anyone could hel me?
iw3...@gmail.com
Mar 12, 2014, 4:25:11 AM3/12/14
to prosod...@googlegroups.com
I downgrade to 0.8.2 but the problem persist.
The difference is linux distro: prevous was Ubuntu 10.04, now 12.04.
Are there some global configurations about OpenSSL to check?
The difference is linux distro: prevous was Ubuntu 10.04, now 12.04.
Are there some global configurations about OpenSSL to check?
Thijs Alkemade
Mar 12, 2014, 5:50:09 AM3/12/14
to prosod...@googlegroups.com
broken one, and even that one isn’t great (only 112 bits of security and very
slow). I’m betting this is on Windows XP, being the only OS out there that’s
still used without AES support. I would strongly suggest either updating your
OS or switching to a client that includes its own TLS library.
Anyway, you should be able to add this cipher to your cipher list. Don't use
"ALL", you'll get a lot of broken ones. A better solution would be:
ciphers = "HIGH+kEDH:HIGH+kEECDH:HIGH:!PSK:!SRP:!aNULL"
Make sure this setting is inside the relevant "ssl" block.
Thijs
iw3...@gmail.com
Mar 12, 2014, 9:50:43 AM3/12/14
to prosod...@googlegroups.com
Hi! Thanks for reply.
Your suggestion about ciphers string don't solve the problem.
Error is always: socket debug ssl handshake error: no shared cipher
Unfortunately I can't chage IM client (Miranda) and s.o. (XP).
The traffic is in itranet area, so I don't worry about poor encription.
The strange thing is that prosody 0.8.2 on ubuntu 10.04 worked for years. Now prosody 0.8.2 on ubuntu 12.04
don't work. So I think that problem is on some s.o. setting. The prosody config file and prosody version is the same....
Reply all
Reply to author
Forward
0 new messages