lovetoxcould be argued that this does not count for the initial stream opening
flowisn't it between elements
flowbecause there is no preceeding element?
lovetoxyeah, its the response to my stream opening
flowand it's the very first stream opening?
lovetoxyes
lovetoxsee my paste
Kev"Gajim aborts, because in stream initiation it expects the streamheader on the first recv()"
That's certainly not valid, there's no guarantee that you'll receive the whole header at once.
KevEven without whitespace oddities.
flowbut anyhow I wouldn't be so pedantic in this case and simply take care of the whitespace
lovetoxyeah of course, its just weird, there is really no need to send only a whitespace
flowand, as Kev correctly points out, you have to be able to reassemble the XML open tag (or later elements) from multiple recv calls
flowyep, I am curious to hear the backstory behind that whitespace
lovetoxyeah thats no problem, if there is actually an open tag
lovetoxprobably misconfigured stuff somewhere, but anyway i have to deal with it :/
KevWithout checking the specs, I remember something about whitespace not being valid at the top level, but I might misremember.
lovetoxKev, no should be valid at top level
lovetoxjust not in tls and sasl negotiation
KevI'm certainly not in a position to argue with that :)
lovetoxi just read the section flow posted ^^
KevI missed that. It's still early :)
Danielhas joined
Danielhas left
Danielhas joined
Alexin the very old days some clients sent a whitespace after upgrade to tls, because some SSL libs were not upgrading to tls without a flush
lovetoxok the backstory is a nginx that runs on 5222 and only support directls and expects SNI hostname set
lovetoxand if you connect plain there, it just sends you endless whitespace because it cant route the traffic to the xmpp server
lovetoxhow needs srv set so a server only support directtls?
lovetoxonly setting xmpps-client?
Zashand _xmpp-client in srv 0 0 0 .
Zashprobably
asterixhas left
Alexthe spec sais that xmpps is the preference
asterixhas joined
Alex```
STARTTLS MUST NOT be used over direct TLS connections.
```
skyfarhas left
zinidlovetox, there is no way to support directtls only I guess, because a client will fallback to A address with starttls anyways
lovetoxhm just not answering on port 5222 is a start i guess
lovetoxonly answer on 5223 which should be a direct tls port
zinidyes, this will work as long as a client supports directtls and _xmpps-client records
Alexyes, many clients still don't support them
Alexlet's force them to upgrade 😜
lovetoxobviously this is not a generic public open server
Link Mauvezinid, you shouldn’t fallback if your SRV points to . like Zash said.
zinidah
asterixhas left
asterixhas joined
lovetoxyeah Gajim also doesnt do a fallback
lovetoxonly fallback is xmpps to xmpp
lovetoxand if no srv entrys are available whatsoever