XMPP Service Operators - 2023-09-18

jabber.de seems to be back 👍 thanks for all the efforts

But for good this time?

Last update was that they upgraded to Postgres, so I hope so

Am I right to see that domain icebound.dev is (only) offering _non DirectTLS_ on port 5270 of host xmpp.icebound.dev?

I kind of expected 5270 to be used for directTLS / xmpps

The SRV records say it should be starttls, not directtls

So if that's what you're seeing, it sounds correct

Something funny is going on with that server - or at least with the s2s from our new network stack. On my side, upon connecting to it, it appears that it does send an open stream, but no features. I'm tempted to say that this is our new implementation hitting some kind of edge case - but can someone using any other server than Openfire try to set up s2s with icebound.dev - see if that works?

Prosody doesn't like it: "Server-to-server connection failed: Error during negotiation of encrypted connection: closed"

ah! So maybe it's not me.

https://connect.xmpp.net/ seem to be happy enough with xmpp_server - but maybe that doesn't do much more than a connectivity check?

It doesn't do much more than that, indeed

MattJ, Guus: Sorry, anything I should report to them?

emus: no, thanks. I can use this to debug the error flow in my local server.

ok

thought was regarding jabber.de

Nope

Guus, icebound.dev seems to be happy with elliptic curve crypto

As in ECDHE-ECDSA-AES256-GCM-SHA384 in both directions, which needs an EC private key/cert

Smells like somebody read a tutorial on how to harden your cipher list

The 404 school of "security" hosting?

hm in some cases bad ciphers are better than no ciphers

if the complexity of a break is no better than bruteforce

Well it's true that the most secure server is one no one can connect to

It's just that's not so useful to chat with