XSF Discussion - 2021-05-02

  1. sidereal0

    For testing XMPP server/client capabilities and security there's xmpp.net and compliance.conversations.im/server are there other websites for checking XMPP capabilities, compatibilities and securities?

  2. moparisthebest

    sidereal0: https://badxmpp.eu/

  3. sidereal0

    thank you!

  4. L29Ah

    ‰ hsendxmpp -v -u l29ah -j tls1.badxmpp.eu 'l29ah@bitcheese.net' <<< test Opening stream... Performing SRV lookup... No SRV result returned. No SRV records, using fallback process. Connecting to Successfully connected to Acquired handle. Setting NoBuffering mode on handle. Starting stream... Out: <stream:stream version="1.0" to="tls1.badxmpp.eu" xmlns="jabber:client" xmlns:stream="http://etherx.jabber.org/streams"> in: <?xml version='1.0'?><stream:stream xmlns='jabber:client' xmlns:stream='http://etherx.jabber.org/streams' id='73fee99a-e72e-4d11-a69b-28ae0390ac0f' version='1.0' from='tls1.badxmpp.eu' xml:lang='en'><stream:error><host-unknown xmlns='urn:ietf:params:xml:ns:xmpp-streams'/><text xmlns='urn:ietf:params:xml:ns:xmpp-streams'>This server does not serve tls1.badxmpp.eu</text></stream:error></stream:stream>

  5. L29Ah

    i wonder if that's expected behavior

  6. L29Ah

    also fail-tls.badxmpp.eu lacks a SRV record

  7. sidereal0

    that site looks difficult to use

  8. Zash

    It was made by a server developer for testing servers firstly.

  9. Zash

    L29Ah, as it says on the page, there's no c2s tests yet, so that doesn't work

  10. L29Ah

    ah thanks

  11. sidereal0

    I get a headache looking at it. It seems useful for those running their own server to check that their configuration or setup works well.

  12. Zash

    It's not really for testing your own server, it's for testing implementations

  13. sidereal0

    server software, like prosody?

  14. Zash

    yes. or any client, once that's set up

  15. Zash

    Like https://badssl.com/

  16. sidereal0

    It linked there

  17. sidereal0

    Oh I see now. I didn't catch on the first time I saw the link that that one was obviously for SSL, which the XMPP one is based off of

  18. Zash

    Yeah. Having something intentionally broken is useful to see how your own software reacts.

  19. sidereal0

    Like a calibration point

  20. sidereal0

    A control.

  21. Zash

    Better than waiting for your friends servers' cert to expire to see what the errors look like etc.

  22. sidereal0

    It makes sense. It's really for those running servers

  23. emus

    My toot for XMPP Office hours: https://fosstodon.org/web/statuses/106167554706690845 If there are any volunteers with Twitter access and to put that into a tweet that would be great! ❤️