XMPP Service Operators - 2024-02-29


  1. Was up

    Wyd

  2. Was up

    Hi

  3. Licaon_Kter

    Was up: yo

  4. Was up

    Link up

  5. sch

    emus, I have made a bookmarks manager bot. It is working, but there are some features to tune for ad-hoc.

  6. sch

    A series of updates is expected. Do you want to add it to the newsletter?

  7. Licaon_Kter

    sch: yeah, spam all the channels but not the right one, xmpp:commteam@muc.xmpp.org?join

  8. sch

    Licaon_Kter, I apologies. I was looking for emus. I guess I should contact him by his JID.

  9. jonas’

    you should indeed.

  10. lavrentiy

    Is it safe to disable tls1.2?

  11. Licaon_Kter

    lavrentiy: depends on your users clients, are those up to date?

  12. lavrentiy

    Does eg. The library used by conversations allow 1.3 to work on pre android 10?

  13. MattJ

    lavrentiy, 'prosodyctl shell c2s show' will list what TLS version your currently connected clients are using

  14. lavrentiy

    MattJ: oh neat! Ty

  15. MattJ

    If you think all your clients are/will be TLS 1.3 you can set tls_profile = "modern" and Prosody will automatically limit to TLS 1.3 and the recommended ciphers at https://wiki.mozilla.org/Security/Server_Side_TLS#Modern_compatibility

  16. lavrentiy

    > Closing inbound s2s connection lu.net.eu.org: TLS failed: SSL_do_handshake failed: error:0A0000C1:SSL routines::no shared cipher seems not just clients are concern :(

  17. MattJ

    Ah yes

  18. lavrentiy

    > [info] Closing inbound s2s connection xabber.org: TLS failed: SSL_do_handshake failed: error:0A0000C1:SSL routines::no shared cipher > [info] Closing inbound s2s connection anonym.im: TLS failed: SSL_do_handshake failed: error:0A0000C1:SSL routines::no shared cipher seems lots of servers don't support tls1.3

  19. lavrentiy

    why is this?

  20. MSavoritias (fae,ve)

    software and systems out there are more outdated than we want to believe

  21. MSavoritias (fae,ve)

    one of the reasons stuff evolves slow. you dont want to know the age of some servers doing important things :P

  22. snikket dot deeeeee

    You can set it to modern and also set s2s_ssl = { protocol = "tlsv1_2+"; ciphers="ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305"; } So that s2s can stay on TLS1.2

  23. kapad

    is not the right place, but i think some people here can transmit my message to where it should... reading https://xmpp.org/extensions/xep-0092.html, at section `4. Determining Support` -> `Example 3` , the iq query miss the `type` attribute, so that leads to an error like, ``` <error type="modify"> <bad-request xmlns="urn:ietf:params:xml:ns:xmpp-stanzas"/> <text xmlns="urn:ietf:params:xml:ns:xmpp-stanzas" xml:lang="en">Missing attribute 'type' in tag &lt;iq/&gt; qualified by namespace 'jabber:client'</text> </error> ```

  24. Licaon_Kter

    kapad: find jdev channel or mailing list?

  25. kapad

    jdev, yes

  26. kapad

    think i posted there, no good at mailing lists... ?

  27. kapad

    u think to posted there, no good at mailing lists... ?

  28. kapad admins there, is also admins here...

  29. kapad Licaon_Kter: ok, i post it there, the topic shows that is... the right place. !

  30. Licaon_Kter

    kapad: good luck :)

  31. kapad

    ...,..., but i think i'm done.