XMPP Service Operators - 2023-09-18

  1. emus

    jabber.de seems to be back 👍 thanks for all the efforts

  2. Licaon_Kter

    But for good this time?

  3. MattJ

    Last update was that they upgraded to Postgres, so I hope so

  4. Guus

    Am I right to see that domain icebound.dev is (only) offering _non DirectTLS_ on port 5270 of host xmpp.icebound.dev?

  5. Guus

    I kind of expected 5270 to be used for directTLS / xmpps

  6. MattJ

    The SRV records say it should be starttls, not directtls

  7. MattJ

    So if that's what you're seeing, it sounds correct

  8. Guus

    Something funny is going on with that server - or at least with the s2s from our new network stack. On my side, upon connecting to it, it appears that it does send an open stream, but no features. I'm tempted to say that this is our new implementation hitting some kind of edge case - but can someone using any other server than Openfire try to set up s2s with icebound.dev - see if that works?

  9. MattJ

    Prosody doesn't like it: "Server-to-server connection failed: Error during negotiation of encrypted connection: closed"

  10. Guus

    ah! So maybe it's not me.

  11. Guus

    https://connect.xmpp.net/ seem to be happy enough with xmpp_server - but maybe that doesn't do much more than a connectivity check?

  12. MattJ

    It doesn't do much more than that, indeed

  13. emus

    MattJ, Guus: Sorry, anything I should report to them?

  14. Guus

    emus: no, thanks. I can use this to debug the error flow in my local server.

  15. emus


  16. emus

    thought was regarding jabber.de

  17. Guus


  18. Zash

    Guus, icebound.dev seems to be happy with elliptic curve crypto

  19. Zash

    As in ECDHE-ECDSA-AES256-GCM-SHA384 in both directions, which needs an EC private key/cert

  20. moparisthebest

    Smells like somebody read a tutorial on how to harden your cipher list

  21. Licaon_Kter

    The 404 school of "security" hosting?

  22. Lightning Bjornsson

    hm in some cases bad ciphers are better than no ciphers

  23. Lightning Bjornsson

    if the complexity of a break is no better than bruteforce

  24. moparisthebest

    Well it's true that the most secure server is one no one can connect to

  25. moparisthebest

    It's just that's not so useful to chat with