ejabberd fails incoming connections with "Failed to secure c2s connection: TLS failed: client renegotiations forbidden"
Bug #1840902 reported by
Robie Basak
This bug report is a duplicate of:
Bug #1832933: upgrade to libssl1.1 1.1.1-1ubuntu2.1~18.04.2 breaks ejabbrd.
Edit
Remove
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
ejabberd (Ubuntu) |
New
|
Undecided
|
Unassigned | ||
Bionic |
New
|
Critical
|
Unassigned | ||
openssl (Ubuntu) |
Invalid
|
Undecided
|
Unassigned | ||
Bionic |
Invalid
|
Critical
|
Unassigned |
Bug Description
ejabberd 18.01-2 on Bionic.
Bad: openssl/libssl1.1 1.1.1-1ubuntu2.
Good: openssl/libssl1.1 1.1.0g-2ubuntu4.3
This hit the Bionic security pocket yesterday, so everyone who uses unattended-upgrades for security only (which is the default) will have received this overnight.
Workaround: downgrade openssl/libssl1.1 to 1.1.0g-2ubuntu4.3 using old builds that are available from https:/
The error logged by ejabberd is:
2019-08-21 06:52:28.402 [warning] <0.539.
Changed in ejabberd (Ubuntu Bionic): | |
importance: | Undecided → Critical |
Changed in openssl (Ubuntu Bionic): | |
importance: | Undecided → Critical |
To post a comment you must log in.
I'm pretty sure this is a duplicate and was fixed before. Let me try to find the actual relevant package.
Possibly it may need a rebuild / publish in the security pocket, if it was only published in updates.