moparisthebest: (moving from other room) mellium if there is no SRV probes for possible direct TLS ports first, and tried 443 as one of those. So if anything at the A listens on 443 but isn't the XMPP server it hangs and never gets to the starttls port
moparisthebest
singpolyma: hehe so xmpp-proxy tries 443 as the default port too but has actual correct srv fallback behavior which can handle connecting to https :( that sounds like a bug
moparisthebest
Srv fallback is terrible and tricky and a lot of things get it wrong imho
singpolyma
I feel like if there's no SRV the by the spec behaviour is to not use direct TLS, but yeah, failing when there is a webserver confused me a lot
Dele Olajidehas joined
me9has left
inkyhas joined
Dele Olajidehas left
atomicwatchhas joined
atomicwatchhas left
Dele Olajidehas joined
Dele Olajidehas left
Dele Olajidehas joined
pulkomandyhas left
moparisthebest
It's wrong, a mitm attacker on the route before that server can redirect you to https and the cert will match, maybe the next record's path isn't controlled by that mitm
moparisthebest
No user ever wants to not connect to their server if connection is possible, therefore all srv records should be tried always (unless you get past auth, like it responds bad password for example)
marc0shas left
marc0shas joined
singpolymahas left
singpolymahas joined
singpolyma
It this case there's no SRV records at all
atomicwatchhas joined
atomicwatchhas left
atomicwatchhas joined
atomicwatchhas left
moparisthebest
Right but same thing really
moparisthebest
No user ever wants the application to hang forever either
moparisthebest
I treat no srv records the same as 3 srv records, first being starttls at the default port, second directtls at 443, third quic at 443
atomicwatchhas joined
atomicwatchhas left
moparisthebest
ie, increasing levels of desperation 😅
Menel
I would throw in direct tls on 5223 before quick
Menel
By observation of real implementation
Menel
O would even say it is more common then on port 443
nikhas joined
Vaulorhas left
marc0shas left
marc0shas joined
Vaulorhas joined
atomicwatchhas joined
atomicwatchhas left
moparisthebest
Interesting, probably makes sense
antranigvhas left
inkyhas left
heartyhas left
MattJ
Also worth including 5223 if only due to https://support.apple.com/en-gb/HT203609
inkyhas joined
heartyhas joined
singpolymahas left
atomicwatchhas joined
atomicwatchhas left
atomicwatchhas joined
atomicwatchhas left
singpolymahas joined
heartyhas left
moparisthebest
Ha didn't know that either
jgarthas left
PeterWhas joined
antranigvhas joined
PeterWhas left
PapaTutuWawahas left
Schimon_has joined
Patigahas left
Patigahas joined
Samhas joined
PapaTutuWawahas joined
paulhas left
PapaTutuWawahas left
atomicwatchhas joined
atomicwatchhas left
thomaslewishas joined
jgarthas joined
nicolahas joined
Ingolfhas joined
pulkomandyhas joined
nikhas left
singpolymahas left
singpolymahas joined
atomicwatchhas joined
atomicwatchhas left
nikhas joined
marc0shas left
marc0shas joined
thomaslewishas left
Patigahas left
PeterWhas joined
Vaulorhas left
Vaulorhas joined
paulhas joined
snowhas joined
marc0shas left
marc0shas joined
Ingolfhas left
Laurahas left
lennarthas left
lennarthas joined
Vaulorhas left
Ingolfhas joined
Dele Olajidehas left
snowhas left
snowhas joined
singpolymahas left
singpolymahas joined
Laurahas joined
PeterWhas left
Laurahas left
Laurahas joined
Vaulorhas joined
heartyhas joined
Laurahas left
Laurahas joined
marc0shas left
adxhas left
marc0shas joined
marc0shas left
marc0shas joined
ralphm
Yup, XMPP is everywhere. They even use Idavoll inside MacOS Server: https://ralphm.net/blog/2010/01/14/apple_uses_idavoll
norayrhas joined
jgarthas left
kapadhas joined
PeterWhas joined
moparisthebest
I knew they used XMPP just not port 5223
techmetx11has left
techmetx11has joined
moparisthebest
Was 5223 in some pre-ietf spec?
moparisthebest
I can imagine 1999 ietf going "starttls all the things!!!!"
marc0shas left
marc0shas joined
PeterWhas left
Zash
SSL on an alternate port was a thing before Jabber went trough IETF afaik
Zash
which was 2002-2004 or so?
Yagizаhas left
Zash
rfc3920 being published in 2004, so something like that
Zash
ah yeah, did this research once already: https://news.ycombinator.com/item?id=22207250
singpolymahas left
singpolymahas joined
nikhas left
adxhas joined
moparisthebest
Nice
snowhas left
marc0shas left
marc0shas joined
atomicwatchhas joined
atomicwatchhas left
atomicwatchhas joined
atomicwatchhas left
atomicwatchhas joined
atomicwatchhas left
atomicwatchhas joined
atomicwatchhas left
atomicwatchhas joined
atomicwatchhas left
marc0shas left
marc0shas joined
atomicwatchhas joined
atomicwatchhas left
atomicwatchhas joined
atomicwatchhas left
atomicwatchhas joined
atomicwatchhas left
atomicwatchhas joined
atomicwatchhas left
marc0shas left
marc0shas joined
atomicwatchhas joined
atomicwatchhas left
atomicwatchhas joined
atomicwatchhas left
atomicwatchhas joined
atomicwatchhas left
atomicwatchhas joined
atomicwatchhas left
atomicwatchhas joined
atomicwatchhas left
atomicwatchhas joined
atomicwatchhas left
paulhas left
adxhas left
atomicwatchhas joined
atomicwatchhas left
atomicwatchhas joined
atomicwatchhas left
atomicwatchhas joined
atomicwatchhas left
atomicwatchhas joined
atomicwatchhas left
atomicwatchhas joined
atomicwatchhas left
kapadhas left
atomicwatchhas joined
atomicwatchhas left
atomicwatchhas joined
atomicwatchhas left
atomicwatchhas joined
atomicwatchhas left
atomicwatchhas joined
atomicwatchhas left
atomicwatchhas joined
atomicwatchhas left
atomicwatchhas joined
atomicwatchhas left
atomicwatchhas joined
atomicwatchhas left
atomicwatchhas joined
atomicwatchhas left
atomicwatchhas joined
atomicwatchhas left
atomicwatchhas joined
atomicwatchhas left
atomicwatchhas joined
atomicwatchhas left
atomicwatchhas joined
atomicwatchhas left
atomicwatchhas joined
atomicwatchhas left
atomicwatchhas joined
atomicwatchhas left
atomicwatchhas joined
Patigahas joined
adxhas joined
singpolymahas left
singpolymahas joined
kapadhas joined
snowhas joined
marchas left
marchas joined
_roothas left
_roothas joined
_roothas left
kujiuhas left
kujiuhas joined
paulhas joined
_roothas joined
marc0shas left
marc0shas joined
wurstsalat
I invite you to add more software with xmpp context here https://xmpp.org/uses/ :)