ejabberd fails incoming connections with "Failed to secure c2s connection: TLS failed: client renegotiations forbidden"
Bug #1840902 reported by
Robie Basak
This bug report is a duplicate of:
Bug #1832933: upgrade to libssl1.1 1.1.1-1ubuntu2.1~18.04.2 breaks ejabbrd.
Edit
Remove
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| ejabberd (Ubuntu) |
New
|
Undecided
|
Unassigned | ||
| Bionic |
New
|
Critical
|
Unassigned | ||
| openssl (Ubuntu) |
Invalid
|
Undecided
|
Unassigned | ||
| Bionic |
Invalid
|
Critical
|
Unassigned | ||
Bug Description
ejabberd 18.01-2 on Bionic.
Bad: openssl/libssl1.1 1.1.1-1ubuntu2.
Good: openssl/libssl1.1 1.1.0g-2ubuntu4.3
This hit the Bionic security pocket yesterday, so everyone who uses unattended-upgrades for security only (which is the default) will have received this overnight.
Workaround: downgrade openssl/libssl1.1 to 1.1.0g-2ubuntu4.3 using old builds that are available from https:/
The error logged by ejabberd is:
2019-08-21 06:52:28.402 [warning] <0.539.
| Changed in ejabberd (Ubuntu Bionic): | |
| importance: | Undecided → Critical |
| Changed in openssl (Ubuntu Bionic): | |
| importance: | Undecided → Critical |
Revision history for this message
| Dimitri John Ledkov (xnox) wrote | #1 |
| Changed in openssl (Ubuntu): | |
| status: | New → Invalid |
| Changed in openssl (Ubuntu Bionic): | |
| status: | New → Invalid |
Revision history for this message
| Dimitri John Ledkov (xnox) wrote | #2 |
Revision history for this message
| Robie Basak (racb) wrote | #3 |
To post a comment you must log in.
I'm pretty sure this is a duplicate and was fixed before. Let me try to find the actual relevant package.
Possibly it may need a rebuild / publish in the security pocket, if it was only published in updates.